rmp
25th March 2011, 08:54 PM
Hi
You may be interested in a real computer scam I've just had the dubious pleasure of experiencing.
My wife has had a few phonecalls from a representative of a company wanting to urgently fix our computer because it is infected. Here's the first clue something is wrong - no reputable computer company is ever going to phone you up in the evening to tell you your computer is stuffed. Ever. It just does not happen. An easy way to check is to ask to call back, take the guy's name. If the request is granted immediately chances are it'll be real, but it won't be. You won't be able to call them.
Fortunately, my wife was suitably suspicious and baulked at tying in the 'assoc' command on a Windows computer. The assoc command is by itself harmless, but I'm sure the next stage would have been a visit to a website or similar which downloaded an apparently harmless file, but one which could be executed by means of the assoc command. That would then be harmful.
Anyway, these fellows kept calling back but I was never around to find out what they were up to. Until tonight.
So I get handed the phone and there's a very staticy line with what sounds like an Indian on the other end. He tells me he's from what sounds like Plain Tails, Victoria. I couldn't make it out, and didn't want to press the point to avoid raising suspicion. Instead, I act all worried when he tells me he's calling because I've got an infected computer. I'm very curious to see what happens next, even though I have a pretty good idea. I also get told I'm a priority-VIP customer and all this is free. I'm pathetically grateful, and obviously those that know me realise that's not easy for me to act.
I was waiting for something else too, and it didn't take him long to say it. Yes, there was a reference to Microsoft. Doesn't matter which well-known organisation, it'll be Microsoft, IBM, National Computer Security Council of Australia (that doesn't even exist but it sounds impressive) ....something big, technical and reassuring to give you the comfort of knowing these guys are acting for a real company.
Anyway...on with the 'diagnosis'. We hit the Windows key to bring up the Run menu and type 'eventvwr'. This takes a while because I get it wrong even though I can see where he's going after the first three letters, setting the scene for later delays. I'm quite happy to start the Event Viewer - I have an initiate knowledge of Windows, used to be a certified engineer, programmer...you name it, so I know precisely what I'm doing. So up comes the Event Viewer, and it looks like this:
The engineer has me click on Application, scroll down and count the red and yellow warning/error messages. I get to 20 and dissolve into a fit of panic. My goodness me, so many errors! I am almost tearful at this point, mainly because I'm biting my tongue to induce pain. My faithful engineer tells me there is a major, major problem here and my computer could die at any time. It must be fixed now! I cry agreement and say how grateful I am to have this call. If he was a really cluely guy he'd have asked me what the Source was, seen it was MySQL and Apache and started to wonder how come an apparently dumb user is running open-source web software on an XP machine. But he didn't, and if he did I've had made up something innocuous, if I could fight back the tears.
Now in reality almost any Windows event log has various error messages, red or otherwise. This is all perfectly normal and nothing to worry about, or certainly it doesn't mean there is an urgent security threat. But I have to admire the ingenuity of using a real diagnostic app and panicking the user with the scary messages.
So we go back to the Run menu. Here he wants me to type in a web address. It's TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet (http://www.teamviewer.com). This I don't do. I'm not bothered about the website causing an error on my PC or infecting it as all my protection software is up to date and I have no intention of accepting anything that says "Please run me". I'm concerned that they will be monitoring every hit on that site and associate my IP address and other data with this call. Yes, the IP address is dynamic so it changes, but I'm not risking it. Instead, I cold-read the guy into telling me what's on the screen by pretending I can't see properly as my glasses slipped off and it's all a bit fuzzy, can he help me. He falls for it and together we get to the stage where I'm apparently downloading software.
Now as it turns out I decided to check out TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet (http://www.teamviewer.com) anyway, via an anonymous proxy (http://anonymouse.org) so they couldn't see who it was. As it happens TeamViewer is a perfectly good software house. Their website looks way too professional to be a scam - but that's not proof it isn't. Reviews of the software on the likes of Cnet are as close as it gets -> TeamViewer - Free software downloads and software reviews - CNET Download.com. So is a phonecall to their support line. I have contacted TeamViewer and told them their software is being used by scammers, and suggested some ways to prevent it. Please understand that TeamViewer are no more to blame for this than the makers of a crowbar used by a burglar.
So why are the scammers directing their victims to TeamViewer? Well, from their company site:
With TeamViewer you can remotely control any computer as if you were sitting right in front of it - even through firewalls.
All your partner has to do is start a small application, which does not even require installation or administrative rights.
There you go. They get you to download TeamViewer and hey presto, you've given them access to your PC. From there I speculate they comb your hard disk for all sorts of interesting data such as passwords, bank details, who knows. On the average PC hard disk there would be more than enough information to pull off a very convincing identity theft. Or they could just install a keylogger and rip off your Internet banking password and empty your account. If you're lucky they'd do that, if you aren't lucky they'd be smarter and just cream off a bit here and there, waiting for a windfall like a bonus, car sale proceeds or something and then swoop. Or maybe you've got a mortgage and you're ahead on the payments, could just arrange things so all the equity is converted back into one nice cash lump sum ripe for the picking. Scared yet? You should be, this is serious.
At this point I can't continue with the scam any further, so I tell him the game's up by explaining what's happened so far. I do this so they realise there's no point trying to con us further. It takes a while to sink it, but he gets it and becomes abusive, telling me he can hack into my computer any time. Of course, that's simply not true because if he could, he'd have done so without needing to resort to tricking me into installing something like TeamViewer. I point this out, he hurls some abuse (the most clearly he's spoken so far) and hangs up. On to the next target for them, and onto the police for me.
Where did they get our phone number? No idea, phone numbers are on so many lists any one of them could have been compromised. It doesn't matter. What matters is you understanding some simple computer security rules:
1. no computer company phones you up of an evening and wants to diagnose your computer.
2. always, always, take the time to check the bonafides of any support person
3. buy a shredder, and use it
4. just because someone asks for personal information such as name, address, DoB doesn't mean to say you need to supply it. When I bought a TV I was asked my address. Forget it, they don't need that for the sale. Your default reaction should be no.
5. your high-value passwords such as Internet banking should be unique to Internet banking. Never, ever the same one you use on say a web forum, or easily guessable. A good way to create a password is a phrase, eg '!iasgihaflr!' - hard to remember? No, it stands for '!I Am So Glad I Have A Friend Like Robert!'. Easy, and much harder to crack than 'patrol4wd1'.
6. Encrypt sensitive files. TrueCrypt is what I use. That way if the hard disk gets stolen it's going to be a little difficult to get into the contents.
7. If you dispose of a PC remove the hard disk and destroy it. Handing it to children will do the trick, then drill it, and burn it and drown it. Then take it apart. Generally, have some destructive fun. Simply formatting the disk doesn't work. It is possible that even after much abuse a data from a hard disk could still be recovered, but why would a scammer bother when there are so many more, easier, targets?
8. Never, ever run any software that your web browser downloads automatically. If you have specifically gone looking for it and knowingly initated the download, that's usually fine, but any time you end up on a site and there's strange messages offering to clean your computer, start a download or some such - close the browser window immediately.
9. anything that looks to good to be true, is. Just about every scam, computer or otherwise, offers something better than the average be it returns on investment or something for free. Or that hot chick/bloke suddenly taking an interest in you on Facebook, apparently remembering you from way back? And don't get me started on the 419 scam...check out 419 Eater - The largest scambaiting community on the planet! (http://www.419eater.com).
I hope you found that interesting.
You can read more about ID theft here:
10 Ways to Prevent Identity Theft (http://sbinfocanada.about.com/od/insurancelegalissues/a/identitytheft.htm)
and here:
Coping with Identity Theft: Reducing the Risk of Fraud | Privacy Rights Clearinghouse (http://www.privacyrights.org/fs/fs17-it.htm)
You may be interested in a real computer scam I've just had the dubious pleasure of experiencing.
My wife has had a few phonecalls from a representative of a company wanting to urgently fix our computer because it is infected. Here's the first clue something is wrong - no reputable computer company is ever going to phone you up in the evening to tell you your computer is stuffed. Ever. It just does not happen. An easy way to check is to ask to call back, take the guy's name. If the request is granted immediately chances are it'll be real, but it won't be. You won't be able to call them.
Fortunately, my wife was suitably suspicious and baulked at tying in the 'assoc' command on a Windows computer. The assoc command is by itself harmless, but I'm sure the next stage would have been a visit to a website or similar which downloaded an apparently harmless file, but one which could be executed by means of the assoc command. That would then be harmful.
Anyway, these fellows kept calling back but I was never around to find out what they were up to. Until tonight.
So I get handed the phone and there's a very staticy line with what sounds like an Indian on the other end. He tells me he's from what sounds like Plain Tails, Victoria. I couldn't make it out, and didn't want to press the point to avoid raising suspicion. Instead, I act all worried when he tells me he's calling because I've got an infected computer. I'm very curious to see what happens next, even though I have a pretty good idea. I also get told I'm a priority-VIP customer and all this is free. I'm pathetically grateful, and obviously those that know me realise that's not easy for me to act.
I was waiting for something else too, and it didn't take him long to say it. Yes, there was a reference to Microsoft. Doesn't matter which well-known organisation, it'll be Microsoft, IBM, National Computer Security Council of Australia (that doesn't even exist but it sounds impressive) ....something big, technical and reassuring to give you the comfort of knowing these guys are acting for a real company.
Anyway...on with the 'diagnosis'. We hit the Windows key to bring up the Run menu and type 'eventvwr'. This takes a while because I get it wrong even though I can see where he's going after the first three letters, setting the scene for later delays. I'm quite happy to start the Event Viewer - I have an initiate knowledge of Windows, used to be a certified engineer, programmer...you name it, so I know precisely what I'm doing. So up comes the Event Viewer, and it looks like this:
The engineer has me click on Application, scroll down and count the red and yellow warning/error messages. I get to 20 and dissolve into a fit of panic. My goodness me, so many errors! I am almost tearful at this point, mainly because I'm biting my tongue to induce pain. My faithful engineer tells me there is a major, major problem here and my computer could die at any time. It must be fixed now! I cry agreement and say how grateful I am to have this call. If he was a really cluely guy he'd have asked me what the Source was, seen it was MySQL and Apache and started to wonder how come an apparently dumb user is running open-source web software on an XP machine. But he didn't, and if he did I've had made up something innocuous, if I could fight back the tears.
Now in reality almost any Windows event log has various error messages, red or otherwise. This is all perfectly normal and nothing to worry about, or certainly it doesn't mean there is an urgent security threat. But I have to admire the ingenuity of using a real diagnostic app and panicking the user with the scary messages.
So we go back to the Run menu. Here he wants me to type in a web address. It's TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet (http://www.teamviewer.com). This I don't do. I'm not bothered about the website causing an error on my PC or infecting it as all my protection software is up to date and I have no intention of accepting anything that says "Please run me". I'm concerned that they will be monitoring every hit on that site and associate my IP address and other data with this call. Yes, the IP address is dynamic so it changes, but I'm not risking it. Instead, I cold-read the guy into telling me what's on the screen by pretending I can't see properly as my glasses slipped off and it's all a bit fuzzy, can he help me. He falls for it and together we get to the stage where I'm apparently downloading software.
Now as it turns out I decided to check out TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet (http://www.teamviewer.com) anyway, via an anonymous proxy (http://anonymouse.org) so they couldn't see who it was. As it happens TeamViewer is a perfectly good software house. Their website looks way too professional to be a scam - but that's not proof it isn't. Reviews of the software on the likes of Cnet are as close as it gets -> TeamViewer - Free software downloads and software reviews - CNET Download.com. So is a phonecall to their support line. I have contacted TeamViewer and told them their software is being used by scammers, and suggested some ways to prevent it. Please understand that TeamViewer are no more to blame for this than the makers of a crowbar used by a burglar.
So why are the scammers directing their victims to TeamViewer? Well, from their company site:
With TeamViewer you can remotely control any computer as if you were sitting right in front of it - even through firewalls.
All your partner has to do is start a small application, which does not even require installation or administrative rights.
There you go. They get you to download TeamViewer and hey presto, you've given them access to your PC. From there I speculate they comb your hard disk for all sorts of interesting data such as passwords, bank details, who knows. On the average PC hard disk there would be more than enough information to pull off a very convincing identity theft. Or they could just install a keylogger and rip off your Internet banking password and empty your account. If you're lucky they'd do that, if you aren't lucky they'd be smarter and just cream off a bit here and there, waiting for a windfall like a bonus, car sale proceeds or something and then swoop. Or maybe you've got a mortgage and you're ahead on the payments, could just arrange things so all the equity is converted back into one nice cash lump sum ripe for the picking. Scared yet? You should be, this is serious.
At this point I can't continue with the scam any further, so I tell him the game's up by explaining what's happened so far. I do this so they realise there's no point trying to con us further. It takes a while to sink it, but he gets it and becomes abusive, telling me he can hack into my computer any time. Of course, that's simply not true because if he could, he'd have done so without needing to resort to tricking me into installing something like TeamViewer. I point this out, he hurls some abuse (the most clearly he's spoken so far) and hangs up. On to the next target for them, and onto the police for me.
Where did they get our phone number? No idea, phone numbers are on so many lists any one of them could have been compromised. It doesn't matter. What matters is you understanding some simple computer security rules:
1. no computer company phones you up of an evening and wants to diagnose your computer.
2. always, always, take the time to check the bonafides of any support person
3. buy a shredder, and use it
4. just because someone asks for personal information such as name, address, DoB doesn't mean to say you need to supply it. When I bought a TV I was asked my address. Forget it, they don't need that for the sale. Your default reaction should be no.
5. your high-value passwords such as Internet banking should be unique to Internet banking. Never, ever the same one you use on say a web forum, or easily guessable. A good way to create a password is a phrase, eg '!iasgihaflr!' - hard to remember? No, it stands for '!I Am So Glad I Have A Friend Like Robert!'. Easy, and much harder to crack than 'patrol4wd1'.
6. Encrypt sensitive files. TrueCrypt is what I use. That way if the hard disk gets stolen it's going to be a little difficult to get into the contents.
7. If you dispose of a PC remove the hard disk and destroy it. Handing it to children will do the trick, then drill it, and burn it and drown it. Then take it apart. Generally, have some destructive fun. Simply formatting the disk doesn't work. It is possible that even after much abuse a data from a hard disk could still be recovered, but why would a scammer bother when there are so many more, easier, targets?
8. Never, ever run any software that your web browser downloads automatically. If you have specifically gone looking for it and knowingly initated the download, that's usually fine, but any time you end up on a site and there's strange messages offering to clean your computer, start a download or some such - close the browser window immediately.
9. anything that looks to good to be true, is. Just about every scam, computer or otherwise, offers something better than the average be it returns on investment or something for free. Or that hot chick/bloke suddenly taking an interest in you on Facebook, apparently remembering you from way back? And don't get me started on the 419 scam...check out 419 Eater - The largest scambaiting community on the planet! (http://www.419eater.com).
I hope you found that interesting.
You can read more about ID theft here:
10 Ways to Prevent Identity Theft (http://sbinfocanada.about.com/od/insurancelegalissues/a/identitytheft.htm)
and here:
Coping with Identity Theft: Reducing the Risk of Fraud | Privacy Rights Clearinghouse (http://www.privacyrights.org/fs/fs17-it.htm)