by | | 0 comment(s)

Windows help desk scams: do’s and don't whether or not you fell for it


Windows tech support scams

Whether we are PC or Mac users, we live in interesting and tumultuous times. Computers are far more secure than they used to since less than 4 years ago. Full system encryption is widely available, not only to enterprise customers, but also to regular home users, and network security has improved dramatically, offering previously unheard of levels of protection.

Sadly, cyber-threats have also been keeping up, and evolving to a point where clicking on the wrong email attachment can cause all our precious data, not only on the computer we are using, but also on all computers directly connected to it over wired or wireless connection, to lock up, irreversibly, unless we are prepared to follow convoluted directions to pay a ransom.

According to data released by the US Department of Justice, ransomware attacks to as many as 7700 systems have netted an excess of $57 million, between 2005, with a peak reached in 2015 alone, of $24 million, gained from 2500 affected systems.

With that said, there is an even bigger threat to consumers than ransomware: social engineering.

There is nothing more effective than the manipulation of the human mind, towards gaining access to a computer system. Playing on people’s fears works remarkably well, at least according to the volume of calls reported by consumers, in regard to what has been known for some time as the “help desk scam”, where criminals pose as help desk professionals, who contact consumers on behalf of Microsoft, Apple, and Google, to notify them of security issues affecting their computers.

The primary goal is, as for every other regular old scam, quick cash. The faster the crook gets a credit card number, the better for the perps. The secondary purpose is the gathering of information, which is usually carried out by delivering a trojan horse to the victim, in order to take control of the system, and wreak havoc while stealing as much information as possible in the least amount of time before red flags begin to rise.

It could be argued that the success of help desk scams relies heavily on the poor IT literacy of users, with a focus on those with a fear-based mentality, and a natural distrust for what they don’t understand. This type of user will be more prone to listen to those who tell them a clean-cut, definitive scenario (good or bad), rather than a reasoned (boring) and thorough (time-wasting) explanation of why something is happening. This “just fix the dang thing” mindset is what creates the perfect conditions for a scammer to reach the objective.

If an individual claims to work for Microsoft, Google or Apple, there are a number of things that consumers must keep in mind:

They might know you, but that’s about it.

If you receive a call from an individual saying that your computer has been compromised, and there are security issues affecting your files, hang up. No company in the world will call you directly about an issue that pertains to your computer. Why? Because real company employees don’t have a clue, and to put it bluntly, they don’t care.

Regardless of what you may have heard, there is no central database where all your computer activity is sent to. No one is interested in your vacation pictures, nor your secret plans to build a batman-themed man-cave under your house. What companies are interested in, is statistical data that can be used for marketing, because, as shocking and crazy as it may sound, marketing is big business, and marketing revenue trumps conspiracy-grade voyeurism any day of the week.

Scammers gather their call lists from many different places, including leaked databases, adware, spyware, other scammers, and even plain old local listings and classifieds websites like Craigslist (remember all those job ads you replied to and never got an answer back?). That information may often contain clues on where you are geographically, and in some cases, depending on what you share on social media, as detailed as direct phone numbers, emails and street addresses.

This information helps crooks in making the scam more believable (“I know where you are, i can disable your computer from here if you don’t pay”). Always keep in mind that whether they know where or who you are, there is absolutely nothing they can do to your computer, unless you let them.

No candy from strangers

No matter what you are being told. No matter the detail of the information they are giving you about yourself. No matter how convincing they sound. Never, ever, ever accept a file, visit any website, nor follow any directions given by someone, if they cannot prove, irrefutably, beyond any shadow of doubt, that they are who they say they are.

Ask questions, as many as you can. Question everything. Ask the same question twice or three times. Ask why they want you to click on something, or open something else. Wear them out until they are forced into a corner.

Chances are they will get angry, shout, even threaten legal action, or worse, but always keep in mind: they have nothing, and cannot do anything, unless you give them something.

Specific red flags

Scammers will have you go through an array of trials to get you to believe you need to pay them to “help you”. Most often Windows users will be instructed to open the Event Viewer, which 100% of the times, will display a large number of mostly innocuous warning symbols, even after a clean install.

The victims are usually told that those warning signs are dangerous security issues that must be dealt with “immediately”, or the “help desk technician” will be authorized to lock the victim out of their computer, by means of the all-powerful, and completely fabricated “Windows Global Router”, in Virginia.

Some users will also be told that unless they let the “tech” connect to their computer via TeamViewer, or similar remote desktop administration tool, their (unspecified) “hacking files”, browser history, and other confidential information, will be revealed to “local authorities”, or the FBI.

In some instance, crooks might be unaware that a victim has more than one computer, or that the computer is running on an operating system other than Microsoft Windows, such as a MacBook, a Chromebook or a PC running Linux.

What if you’ve been had?

Let’s say you become part of that percentage of people who do fall for these scams, what do you do?

If the scammers have your credit card number, call the number on the back of the card, and submit a fraud report. Credit card companies are able to instantly cancel a credit card, and you won’t be liable for any purchase effective as of the time and date of when the fraud occurred. That is the easy part.

The hard part is to do damage control, after the scammer has been granted remote access to your computer.

While you may think that the safest course of action is to do a system restore, and rollback to a version of Windows prior to the call, don’t waste your time. Once a hacker gains control of a remote system, everything should be considered compromised, including System Restore backup files. Wipe everything, start from scratch, and do NOT use the same passwords for anything that was present on the system prior to the attack.


You must be logged in to post comments.