Have you been the victim of the spurious “support”

Phone Call scam?

This is where an engineer from an offshore support company rings you to tell you that your computer has reported to them that it has problems!  These are always a scam often they pretend to be from “Microsoft”, “The Windows Helpdesk” or even BT!  They just pick a company they think you will have heard of and that it sounds reasonable that your computer would have contacted them.  People assume that any con to do with their computer is going to come from the Internet, so are naturally wary of emails and websites.  When they get one of these phone calls they think they have been caught by something online, whereas it is the phone call to help them that is the con!  This sort of activity is call Social Engineering, where the person is targeted rather than the technology.  The phone calls play on peoples natural fear of damage to their computer or data from viruses, malware, or Windows errors.

There are ways to protect yourself from this telephone based scam that uses social engineering.  The person using the computer is the weakest link in the security chain as they can bypass even the cleverest security software as the computer “trust”s you. Criminals know this and exploit it to their advantage. Everyone needs to learn how to spot the lies and tricks they use.  Remember it’s not just the money they take directly by getting you to pay for their “services”, you have also given them full access to everything on your computer.

What are the Risks?

• The most damaging to you would be the risk of Identity Theft.  Using private information stored on your computer, criminals can apply for credit cards or other credit in general by pretending to be you.
• Access to Security information stored on your computer, bank details or even access to online shopping accounts where they have your credit card details stored on the site.
• Installation of spy-ware or other software to either allow them to remotely control your PC at some time in the future or monitor your “online experience” and gather information about your Internet activities.  This information may be sold on to advertisers or again used to facilitate Identity Theft.
• Bypassing any security software.  Of course once bypassed they may need to disable it to allow the software they installed to function.  This can be quite subtle and the security software may not even be aware it has been disabled.

How to spot social engineering

The forms Social engineering takes can vary from subtle and manipulative to much more blatant.  Even so, all attacks will involve one or probably several of the following elements:

• Appeal to greed, fear or scarcity.
• Authority figures. “We are phoning from Microsoft / BT / Windows Help Centre”.
• Appear Friendly. They want you to trust them.
• Generally people like to be helpful and avoid confrontation.
• We don’t want to appear stupid or uneducated but are easily confused by “techie” stuff.
  This is why they “prove” the issues using Event Viewer and “techie” jargon.
• We often feel obliged to return a favour. After all they are phoning to help. We don’t want to be rude or appear ungrateful.
• Consistency. People want to appear consistent and trustworthy so we tend to try to behave in ways consistent with earlier behaviour, even if it was foolish.
• We assume people are truthful, so con-men will mix a little lie with a big truth.
• Social proof: we tend to follow the crowd, rather than appear isolated or foolish.
• A hook: Getting you to check for errors to “prove” your computer has problems.

This last point I want to spend some time with.  They will often get you to check what they say is true.  They do this in a clever way. They get you to check the computers event log (if you want to have a look you can run Event Viewer, just go to “run” and type eventvwr.msc to start it).  This logs all Windows events and is very technical in nature so to the average user is very scary and full of errors and warnings.  Often these are “critical errors” with scary signs and “prove” your computer has problems.  Of course the reality is Windows will report something like the printer was off when you tried to print as a “critical” failure of the printing system.  This is not helped by the fact that the text of the critical failure often bares no relationship to the actual cause of the problem. For example if your broadband router is switched off Windows would log lots of DNS failures, failures of Outlook, failures of Internet Explorer but nowhere will it say “the router was off”.  So the advice is take no notice of what the event log says it proves nothing and needs a computer technician to interpret it.

How to protect yourself from this scam

Spot the lie.  The big one they use is this: “your computer has reported errors” or “we have seen errors on your computer” – this is their whole reason for contacting you.

Remember,
Your computer does not under any circumstances contact any outside organisation to ask for help. NEVER. EVER.
You may click on help or go online or phone someone, but you computer will never do this.

One thing I will mention is the pop-up shown by Windows when an application has to close due to an error.  The pop-up (shown right) is just part of an automated error collection system Microsoft uses to gather statistical information about application errors in Windows.  The is no human intervention the system is fully automated and it is rare that you will ever hear from Microsoft even if you always click on the “Send Error Report” button.  Microsoft gather information on errors and if they get a large number of similar errors they may release a patch to fix the problem through the Windows Update site.  It is only if a patch already exists to fix your problem that you may hear from them, but even then it will only be via an automated email.  Microsoft  will never contact you or send any information about you or your computer to anyone ever. 

Be firm. Con-men can be very persistent and persuasive; playing on human emotions like guilt, greed and the desire to be liked.  Stick to your guns. It is a scam.

Let me illustrate this from personal experience

I actually received one of these phone calls, which just goes to show they do not check on who they are phoning. I spun him along to start with, lots of “oh really” and “I didn’t know that”.  Right up until he wanted me to visit their website so that a Microsoft Engineer could “fix” my PC.  Not only was there nothing wrong with my PC but the “Tests” he did would not have shown anything even if there had been!

So I sprung it on him that what he was doing was a scam and that there was nothing wrong with the PC and that he had phoned a computer support company.

But was he fazed by this ? No he was adamant that my PC was infected and needed fixing.  Basically he ignored everything I said and just repeated that the PC needed fixing over and over until I got bored and hung up on him (I did actually have some work to do). This did get me thinking though, if he could continue to try to convince me, then anyone who was not quite sure could easily be taken in by his absolute certainty that there was a problem and fall for the scam.

So remember it doesn’t matter how convincing they are they are lying there is nothing wrong with your PC they just want your money and access to your PC.  If you are concerned about your PC, phone a support company that you have picked and that you trust.

And for the record, the company that called me is called PC Wizards and the website is www.onlinepcwizards.com don’t go there, they would like the extra web visitors.

If  you have a topic you would like me to cover, please let me know.

Mick Maidens is the Owner of Kent PCs for Computer Repairs in Challock (Nr Ashford).  Follow us on Facebook
Email: info@kentpcs.co.uk        Phone: 01233 740306