A new scam

[rmp]

Hi

You may be interested in a real computer scam I've just had the dubious pleasure of experiencing.

My wife has had a few phonecalls from a representative of a company wanting to urgently fix our computer because it is infected. Here's the first clue something is wrong - no reputable computer company is ever going to phone you up in the evening to tell you your computer is stuffed. Ever. It just does not happen. An easy way to check is to ask to call back, take the guy's name. If the request is granted immediately chances are it'll be real, but it won't be. You won't be able to call them.

Fortunately, my wife was suitably suspicious and baulked at tying in the 'assoc' command on a Windows computer. The assoc command is by itself harmless, but I'm sure the next stage would have been a visit to a website or similar which downloaded an apparently harmless file, but one which could be executed by means of the assoc command. That would then be harmful.

Anyway, these fellows kept calling back but I was never around to find out what they were up to. Until tonight.

So I get handed the phone and there's a very staticy line with what sounds like an Indian on the other end. He tells me he's from what sounds like Plain Tails, Victoria. I couldn't make it out, and didn't want to press the point to avoid raising suspicion. Instead, I act all worried when he tells me he's calling because I've got an infected computer. I'm very curious to see what happens next, even though I have a pretty good idea. I also get told I'm a priority-VIP customer and all this is free. I'm pathetically grateful, and obviously those that know me realise that's not easy for me to act.

I was waiting for something else too, and it didn't take him long to say it. Yes, there was a reference to Microsoft. Doesn't matter which well-known organisation, it'll be Microsoft, IBM, National Computer Security Council of Australia (that doesn't even exist but it sounds impressive) ....something big, technical and reassuring to give you the comfort of knowing these guys are acting for a real company.

Anyway...on with the 'diagnosis'. We hit the Windows key to bring up the Run menu and type 'eventvwr'. This takes a while because I get it wrong even though I can see where he's going after the first three letters, setting the scene for later delays. I'm quite happy to start the Event Viewer - I have an initiate knowledge of Windows, used to be a certified engineer, programmer...you name it, so I know precisely what I'm doing. So up comes the Event Viewer, and it looks like this:


The engineer has me click on Application, scroll down and count the red and yellow warning/error messages. I get to 20 and dissolve into a fit of panic. My goodness me, so many errors! I am almost tearful at this point, mainly because I'm biting my tongue to induce pain. My faithful engineer tells me there is a major, major problem here and my computer could die at any time. It must be fixed now! I cry agreement and say how grateful I am to have this call. If he was a really cluely guy he'd have asked me what the Source was, seen it was MySQL and Apache and started to wonder how come an apparently dumb user is running open-source web software on an XP machine. But he didn't, and if he did I've had made up something innocuous, if I could fight back the tears.

Now in reality almost any Windows event log has various error messages, red or otherwise. This is all perfectly normal and nothing to worry about, or certainly it doesn't mean there is an urgent security threat. But I have to admire the ingenuity of using a real diagnostic app and panicking the user with the scary messages.

So we go back to the Run menu. Here he wants me to type in a web address. It's TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet. This I don't do. I'm not bothered about the website causing an error on my PC or infecting it as all my protection software is up to date and I have no intention of accepting anything that says "Please run me". I'm concerned that they will be monitoring every hit on that site and associate my IP address and other data with this call. Yes, the IP address is dynamic so it changes, but I'm not risking it. Instead, I cold-read the guy into telling me what's on the screen by pretending I can't see properly as my glasses slipped off and it's all a bit fuzzy, can he help me. He falls for it and together we get to the stage where I'm apparently downloading software.

Now as it turns out I decided to check out TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet anyway, via an anonymous proxy (http://anonymouse.org) so they couldn't see who it was. As it happens TeamViewer is a perfectly good software house. Their website looks way too professional to be a scam - but that's not proof it isn't. Reviews of the software on the likes of Cnet are as close as it gets -> [ame=http://download.cnet.com/TeamViewer/3000-7240_4-10398150.html]TeamViewer - Free software downloads and software reviews - CNET Download.com[/ame]. So is a phonecall to their support line. I have contacted TeamViewer and told them their software is being used by scammers, and suggested some ways to prevent it. Please understand that TeamViewer are no more to blame for this than the makers of a crowbar used by a burglar.

So why are the scammers directing their victims to TeamViewer? Well, from their company site:

With TeamViewer you can remotely control any computer as if you were sitting right in front of it - even through firewalls.
All your partner has to do is start a small application, which does not even require installation or administrative rights.

There you go. They get you to download TeamViewer and hey presto, you've given them access to your PC. From there I speculate they comb your hard disk for all sorts of interesting data such as passwords, bank details, who knows. On the average PC hard disk there would be more than enough information to pull off a very convincing identity theft. Or they could just install a keylogger and rip off your Internet banking password and empty your account. If you're lucky they'd do that, if you aren't lucky they'd be smarter and just cream off a bit here and there, waiting for a windfall like a bonus, car sale proceeds or something and then swoop. Or maybe you've got a mortgage and you're ahead on the payments, could just arrange things so all the equity is converted back into one nice cash lump sum ripe for the picking. Scared yet? You should be, this is serious.

At this point I can't continue with the scam any further, so I tell him the game's up by explaining what's happened so far. I do this so they realise there's no point trying to con us further. It takes a while to sink it, but he gets it and becomes abusive, telling me he can hack into my computer any time. Of course, that's simply not true because if he could, he'd have done so without needing to resort to tricking me into installing something like TeamViewer. I point this out, he hurls some abuse (the most clearly he's spoken so far) and hangs up. On to the next target for them, and onto the police for me.

Where did they get our phone number? No idea, phone numbers are on so many lists any one of them could have been compromised. It doesn't matter. What matters is you understanding some simple computer security rules:

1. no computer company phones you up of an evening and wants to diagnose your computer.
2. always, always, take the time to check the bonafides of any support person
3. buy a shredder, and use it
4. just because someone asks for personal information such as name, address, DoB doesn't mean to say you need to supply it. When I bought a TV I was asked my address. Forget it, they don't need that for the sale. Your default reaction should be no.
5. your high-value passwords such as Internet banking should be unique to Internet banking. Never, ever the same one you use on say a web forum, or easily guessable. A good way to create a password is a phrase, eg '!iasgihaflr!' - hard to remember? No, it stands for '!I Am So Glad I Have A Friend Like Robert!'. Easy, and much harder to crack than 'patrol4wd1'.
6. Encrypt sensitive files. TrueCrypt is what I use. That way if the hard disk gets stolen it's going to be a little difficult to get into the contents.
7. If you dispose of a PC remove the hard disk and destroy it. Handing it to children will do the trick, then drill it, and burn it and drown it. Then take it apart. Generally, have some destructive fun. Simply formatting the disk doesn't work. It is possible that even after much abuse a data from a hard disk could still be recovered, but why would a scammer bother when there are so many more, easier, targets?
8. Never, ever run any software that your web browser downloads automatically. If you have specifically gone looking for it and knowingly initated the download, that's usually fine, but any time you end up on a site and there's strange messages offering to clean your computer, start a download or some such - close the browser window immediately.
9. anything that looks to good to be true, is. Just about every scam, computer or otherwise, offers something better than the average be it returns on investment or something for free. Or that hot chick/bloke suddenly taking an interest in you on Facebook, apparently remembering you from way back? And don't get me started on the 419 scam...check out 419 Eater - The largest scambaiting community on the planet!.

I hope you found that interesting.

You can read more about ID theft here:

10 Ways to Prevent Identity Theft

and here:

Coping with Identity Theft: Reducing the Risk of Fraud | Privacy Rights Clearinghouse

[Scouse]

Nice work Robert .

They've been going around for a while now. I've copped one, my Dad has had 3 calls.

PhilipA posted his recent experience too:
http://www.aulro.com/afvb/computers/...ou-irrits.html

[awabbit6]

I had a similar call last night. They were suggesting a problem with my computer. At this point I normally hang up but thought I'd have some fun.

They gave me a "code" (URL) to enter into my browser which took me to a site for desktop sharing software. They were very insistent that I click on the big green button to "begin working with ------ administrators". At this point I stopped playing dumb and began asking questions. They argued with me that a router is the same as a server and that I must connect to their router.

The call ended soon after ... game over

[abaddonxi]

I had that one a while ago. They very nearly got me, too.

The call came, very conveniently, and what got me, just minutes after I'd been on the phone to my ISP about a connection problem.

[steveG]

My old man got sucked in good and proper a few weeks back (in NZ), and I've had numerous people at work and other friends that have had a call - but thankfully have been less trusting than dad was.

If you get the chance, stuff them around by pretending to boot your old, slow PC up, then after 10 mins or so when its "ready" and they want you to do something ask them "how do I do that on a Mac".

It will make you feel better, and reduce their phone call rate for the shift - hopefully preventing someone else getting a call.

Steve

[Mick_Marsh]

New scam? An old one. Had it quite a few times now.
Thanks for the entertaining story.
I might string them on in future.

[Allan]

These ****** need their balls cut out, I had my visa done by some gay guy in Queensland, he bought gay **** from the U.S. on my card. I have some idea how he got my details and now I am very carefull. The bank re inburst me but you still feel violated, like you have lost all control of your finances . One of the firms he dealt with gave me his name and adreess after much phoning the U.S. and Macaffe's help I was able to advise the the bank of my findings. I started giving to him the ****s. I would ring him at 2am Queensland time and ask if he had his prison stripe outfit ordered. I do'nt know if he got locked up, but it was real good to give him the ****s. Now I am so paranoid I will not use Visa for anything over the net or phone.

Allan

[tdi130dualcab]

Had the same one about a week ago.

I told them I was busy and asked for their number to call them back. They said that they would call me back in half an hour, I insisted on them giving me their number and they wanted to know why.
Then I told them that I intended having a chat with the police before returning their call. They kept on saying that that wouldn't be necessary and that they would call back in half an hour.
I next demanded that they give me a contact number because I had the federal police on the other line........click and sudden silence.




Microsoft are warning people about this:
Microsoft issues warning on phone scam, Security and Privacy, News Centre | Microsoft Australia

[rmp]

Hmm, didn't realise it was that widespread.

If you want to lead them on feel free, but I'd only advise it if you're sufficiently familiar with Windows to know what the registry is and how to edit boot.ini. Or do non-computing lead-ons such as 'can you wait while my prostitute finishes'.

[Neil P]

Robert , with regard to the Key Logger spyware , how would you check
your PC for the presence of such a programme ? For Internet Banking ,
how would the Hacker deal with "SMS transmitted code number confirmation" ( sent to your mobile ) requirements for completing transactions ?
Thanks , Neil.