It seems like every day I hear about someone getting scammed by someone pretending to be an agent of a large IT company or the government.\u00a0 We have seen the resulting payment and ransom requests get into the thousands of dollars.\u00a0 Over time I have noticed generally the same predictable pattern to the scams with the occasional interesting twist.\u00a0 It seems it really it boils down to two ways that this type of scam commonly occurs\/originates.\u00a0 The two methods are what I would label “phone initiated” scams and “search engine\/Internet browsing initiated” scams.<\/p>\n
In the “phone initiated” version of the scam the scammer cold calls the potential victim on the telephone claiming to be someone they are not (generally a Microsoft support technician).\u00a0 Sometimes the scammers are sophisticated enough to spoof their Caller ID, have professionally recorded messages and may employ other techniques to give a greater impression of legitimacy. The scammer tells the potential victim that their computer is compromised and that they need to follow their instructions or their computer (or specific pieces of it like antivirus) will quit working, that they will be left vulnerable and\/or there will be a hefty fine.\u00a0 The scammer then instructs the victim to get on their computer and go to a web site.\u00a0 These web sites contain an installer package that once installed gives the scammer permission and ability to control the victim’s computer remotely. From there the scammer simply takes over control of the victim’s keyboard and mouse (as the tools are intended to do).<\/p>\n
I think it’s important to note here that the key to this whole scenario is summed up in “…gives the scammer permission and ability…”\u00a0 The media often portrays these low-brow scammers as though they are talented hackers reaching up from the dark web and grabbing control of user’s systems.\u00a0 In reality, these scammers didn’t break in, the victim let them in.<\/p>\n
The “search engine\/Internet browsing” initiated scams are basically the same, but, the original contact between scammer and victim occurs via an interaction on the World Wide Web.\u00a0 The victim may search a search engine for a search term like “Microsoft Technical Support” or “Why is Internet Explorer crashing?”\u00a0 In order to prey on the victim’s acknowledged problem (these are the search terms of someone pretty obviously having computer problems) the scammers purchase key word advertising or otherwise optimize their web site ranking to get to the top of the list of search results for those kinds of key word search terms.\u00a0 The scammer presents a phone number to call for help and the telephone scenario goes as described above for phone initiated scams.\u00a0 In a bit of good news the search engines and the companies the scammers identify as are clamping down on this technique somewhat.<\/p>\n
Scammers also buy pop-up advertising on web sites, so, the phone number may be presented in the form of a pop-up message claiming that the user’s computer is compromised.\u00a0 Again, the scenario leads to a phone number for the victim to call and the scammer convincing the victim to install a piece of remote access software to facilitate the scam.<\/p>\n
The level of sophistication and cruelty of the scammers varies.\u00a0 Sometimes the scammer does a bunch of nothing (snoops around, opens the Control Panel points out what they claim to be problems, etc).\u00a0 Eventually the scammer convinces the user that he has saved them from a made up malady, charges them a fee and then moves on. To take it a step further, sometimes the scammers sell a security product or ongoing technical support which they claim will prevent all future malady and give them a foot in the door to contact the victim again at a later time (to renew or update the service they purchased).\u00a0 Even further yet, sometimes the scammers create a persistent remote connection and will continue to scam the victim peroidically saying something else has happened to the victim’s computer.<\/p>\n
Moving to the more nefarios end of the spectrum, some scammers lock the victims out of their computers and\/or files with system with encryption, passwords or by simply cripple the operating system (generally by disabling services set to run on Start Up).\u00a0 These tend to be the scams which lead to the most expensive ransom demands.<\/p>\n
Another similarity I see amongst these scams is the evolution in the accepted methods of payment. As these scams have become more and more common scammers have had to evolve their accepted payment methods. Banks, credit card companies, and other financial institutions and brokers are finally starting to watch for and shut down transactions to made to known scammers. In order to circumvent this many scammers have moved to having the victims provide payment in the form of Google, iTunes and other gift cards. These gift cards are considered so liquid that they are basically as good as cash (what can’t you buy from Amazon or Walmart?) As soon as the victim gives the gift card information to the scammer the money changes hands with no recourse.<\/p>\n
So how do you protect yourself from these kinds of scams? The best defense here is knowledge. The IRS, Microsoft and other large IT companies and government entities will generally not try to make contact direct with consumers via a phone call.<\/p>\n
Never trust incoming contact information like telephone Caller ID or a sender’s email address.\u00a0 Just like outgoing postal (snail) mail, there is little that can be done to authenticate the sender’s claimed credentials.\u00a0 Instead, if for instance your bank calls you on the phone, hang up and call the phone number you know to be the bank to ask if they are trying to get in touch with you.<\/p>\n
As noted, another big red flag in these situations is the scammer’s insistence on the victim going to a web site and downloading and installing software.\u00a0 Once this software is installed the scammer is in the driver’s seat.\u00a0 Given the variations in the remote access tools that the scammers use, at the point that they have control, the best thing to do is shut the computer off.<\/p>\n
If you have a computer that has been remotely accessed the best course of action is to take it to a trusted computer professional to have them check for backdoors which may allow the scammers future opportunity to get back on the computer and to check the machine for malware\/spyware.<\/p>\n
Share this information with your friends and family, especially the elderly and\/or vulnerable. Encourage them to contact you or another trusted resource if they are ever unsure about someone who has contacted them by phone, email or via a website they have visited.<\/p>\n","protected":false},"excerpt":{"rendered":"
It seems like every day I hear about someone getting scammed by someone pretending to be an agent of a large IT company or the government.\u00a0 We have seen the resulting payment and ransom requests get into the thousands of dollars.\u00a0 Over time I have noticed generally the same predictable pattern to the scams with<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rs_blank_template":"","rs_page_bg_color":"","slide_template_v7":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1610","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/1610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=1610"}],"version-history":[{"count":0,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/1610\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=1610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=1610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=1610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}