We’re aware of being cyber attacked by malware being placed on our computer by email content, visiting criminal-controlled Internet websites, Facebook links, and even malware-laden software apps. But here’s a new approach: the tech-support phone call scam; still another way to separate us from our money.
In this scam, a crook imitating a major software company (think Microsoft) informs you that your computer has been detected to be performing abnormally and they believe it’s infected with a virus. They are investigating the issue and offer to help you secure your computer. They then proceed to scare you into letting them take control of your computer remotely, and then walk you through the various services on your computer, disabling legitimate services, including your antivirus protection. By disabling your computer, they are trying to convince you that the only way to fix it is to purchase their product. They will also be harvesting your personal identification to use later to steal your identity, open credit cards in your name, and generally ruin your life for a few years.
At times legitimate companies whose services you use,
such as your bank or your credit card company, may call
you to confirm your account information, or to update you on
a purchase. The challenge is determining when these
phone calls are from legitimate companies and when they
are scams. Here are some key steps to protect yourself.
- When someone asks you for information over the
phone or asks you to take an action, be suspicious
and confirm the person’s identity first. Ask what
company the person works for. If you have never
heard of the company before, then there is a good
chance this is an attack. If this is a legitimate
company you know, then simply tell the person this
is not a good time for you to talk. Ask for a name
and employee number and explain that you will call
back. Then go to the organization’s website or
other information that you already have on file, get
the phone number from there, and call the
- If the phone caller is creating a sense of urgency or
creating tremendous pressure for you to take action
right away, this is most likely a scam. Do not trust
- Do not rely on Caller-ID alone to authenticate a
caller. It is easy for criminals to spoof the Caller-ID or
create fake Caller-IDs so they can pretend to be
calling from a legitimate company when they really
- Never give your password over the phone. No
legitimate organization will ever ask you for your
- Never give an organization information they should
already possess. For example, if your bank is calling
you, the caller should already have your account
See the The SANS OUCH Newsletter for July 2012 for more information on this scam.
As always, I appreciate your comments on this subject…so please do. And be careful out there…it’s extremely dangerous these days.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.
lubicp(at)yahoo.com and @paulsinternet on Twitter.