Practical Computer Advice
from Martin Kadansky

Volume 9 Issue 1
January 2015
A Voice on the Phone Told You What? Don't Believe It!

To read this issue on my web site, please visit:
http://kadansky.com/files/newsletters/2015/2015_01_31.html

There have always been con artists and thieves out there. Today, with all of us relying on our computers more and more, scammers are using technology to fool and exploit people more than ever before. Here's one particular type of scam that you should be aware of that combines an old-school over-the-phone ruse with high-tech sophistication. This is a true story.

The pitch
My consultant colleague Don Gage was working at his computer in his office one day when the phone rang. It was a man with an Indian accent calling from "Microsoft Technical Support" to say that Don's computer had been sending them reports that there were a number of problems that were slowing it down, and if not treated, they could cause his computer to crash.

Don was a little surprised to get such a call, but oddly enough this sounded credible to him. From time to time he had in fact seen a few of his programs stop working, and there had been some mention of sending a report to Microsoft. In the past he had also found it almost impossible to reach anyone at Microsoft for help, so he thought it was very nice of them to call him and (as far as he understood) offer to help for free.

The hook
So, Don agreed to have the man scan his computer for problems. The man needed to take control of Don's computer remotely, so Don followed his instructions to download the necessary remote-control software into his computer. Don's Norton Antivirus displayed its green "safe" icon, so Don concluded that the software was legitimate, and permitted the man to take over his computer and run the scan. It took 10-15 minutes. When it was finished, it found hundreds of malicious files!

The catch
Now the man explained that Don needed to pay him $90 to remove these infections, he just needed Don's credit card number. Don was confused, since he had thought he was going to receive this help for free. The man explained that while the scan was free, the infection removal would cost $90. This made Don nervous and suspicious, and said that he'd have to think about it and call Microsoft back about this. The man responded that this was not acceptable, that this had to be done immediately.

The hijack
When Don said no, the man then made it clear that he was going to install a password to lock Don out of his computer until he paid the fee. The tone of the conversation changed from friendly and helpful to sinister and threatening. Since he was operating Don's computer using remote-control software, Don could see him opening some windows in an effort to set this password. Don was panicked, frozen, and scared. As it happens, the man's first attempt to create the password failed. As he started a second attempt, Don came up with something that he could do that would hopefully stop this attempt to hijack his computer. He pressed and held his computer's power button until it powered itself off. He also got off the phone, complaining to himself that this was a terrible way for Microsoft to treat its customers.

The aftermath
Don then called Norton Technical Support, and learned that this was a common scam, it was not legitimate, and the call had not come from Microsoft at all. They checked his computer and could not find any malicious software left behind by the scammer. They also explained that the Norton software considered the downloaded program to be "safe" because it was a standard remote-help program used by many computer support people. What the Norton software couldn't detect is the malicious intent of the person using it.

Don considers himself extremely lucky to have avoided having his computer held ransom, and to have had the sense to turn his computer off before getting locked out. He freely admits to allowing himself to be duped, that he participated in convincing himself that this was a legitimate call from Microsoft, and to naively believe that they had his best interest at heart and would help him for free. He felt violated that this person who was supposed to help him was more than prepared to take a "virtual crowbar" and attack his computer.

Don has received a few similar calls since then, and now recognizes them as fakes. He also noticed that for months after this call, his firewall software reported many attempts per day of someone trying to break into his computer, all blocked.

I want to thank my kind and generous colleague Don Gage (http://www.sdiResults.com) for sharing his story with me.

Don is not alone
A number of my clients and colleagues have been tricked into letting a stranger into their computers by callers with similar approaches to the one who targeted Don. This is a growing problem. Learn from Don's experience.

If you have a Macintosh, you might think, "Well, Don was more vulnerable because he has a Windows computer, and I'm safe and immune because I have a Mac." My advice is this: Since the number of software infections affecting Macintosh is growing, you should also assume that there is a growing number of scammers who, with your cooperation, are prepared to take control of your Macintosh just as easily as they did with Don's PC.

Protect yourself
So, if a stranger calls you on the phone offering to fix a problem with your computer:
  • It may be against your nature, but don't cooperate with them.
  • Do not download anything. Do not give them remote access to your computer.
  • Recognize that this is just a "voice on the phone," and they can claim anything. You don't know who they are. Anyone can say they're from Microsoft or the FBI or AOL or Facebook or Google or the IRS.
  • Be skeptical. Be suspicious. There is always a "catch."
  • Technology can be like magic, amazing but difficult to understand. Don't be exploited by a stranger, no matter their supposed credentials or expertise. Stick with people you know and trust!
  • Try to stay calm.
  • Notice the compelling story and the urgency. Those are designed to catch you off guard, rush you, and not give you time to think. What's the hurry?
  • Challenge the premise, ask yourself: How do they even know you have a computer? How could they possibly know anything about it?
  • Challenge the urgency, ask yourself: If your computer has had these problems for so long, why do we need to fix them right this second?
  • Don't volunteer any information. Scammers are trained to use anything you tell them to manipulate you further. "It's an older computer? That means that it's no longer supported, so it's probably already infected!" "It's a brand-new computer? That means that you're vulnerable to the newest, most sophisticated problems!"
  • Get off the phone. If you feel you must give a reason, blame someone else. Say "I have to talk to my computer person before I do anything like this."
If you're inclined to have a little fun and take up their time so they can't spend it scamming someone else for a few minutes:
  • If they ask for you by name, say, "He can't come to the phone right now, he's preparing his Nobel Prize acceptance speech, but you could explain why you're calling to me, I've got time."
  • I got a similar call a few months ago, claiming that they were calling all Microsoft customers to fix a problem. I did a quick google search, and then asked, "How nice of you to sit down and call 500 million people and offer to help them. You must be really tired, since you're probably making 20,000 calls a day yourself, right?"
Other variations
There are plenty of ruses that this type of scammer can use:
  • Your computer needs an update.
  • Your computer is running slowly.
  • Your computer is at risk of getting infected.
  • Your computer is already infected.
  • Your computer is getting full.
Since all of us who use a computer have experienced at least one of these problems at some point, we're all likely to be concerned about them, and thus more vulnerable to being fooled.

You should also know that:
  • These ruses might come at you in a variety of ways: by phone or email or a web site, through Facebook, Twitter, Skype, etc.
  • Instead of the scammer calling you, you might see an on-screen message claiming that there's a problem with your computer, along with a (probably toll-free) number for you to call. It might appear in a stubborn window that refuses to let you close it.
Don't fall for these, either! Don't contact that stranger, instead call someone you know and trust.

Where to go from here
How to contact me:
email: martin@kadansky.com
phone: (617) 484-6657
web: http://www.kadansky.com

On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to martin@kadansky.com and I'll add you to the list, or visit http://www.kadansky.com/newsletter

Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter

Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.

Copyright (C) 2015 Kadansky Consulting, Inc. All rights reserved.

I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.