PC Support or Social Engineering?
By admin on Jul 6, 2012 in Security, Viruses and Spyware
I recently received a call from an individual purporting to be from “Windows Support” informing me that my PC was sending notifications to their support center and that I had a virus that they would like to help me to fix. Now, this was an obvious scam but it’s interesting to note the techniques that they used. First, they guided me to various registry keys. They repeated one of the “clsid” entries to me and asked me to confirm if that was what I could see on screen. Now obviously it was, because that particular entry is the same on all PCs, but to a non technical user, this would provide further credibility to the claim that they were being called from a genuine company or that the PC had in fact been transmitting an ‘ID number’ to this company.
They then guided me to the event log viewer, and asked me to look at the application log. Of course, this contains a number of errors and warnings as is to be expected, however they pointed out to be that these were all the viruses present on the PC. To gauge their reaction I actually told them that I’d just clicked ‘Clear Log’ and that everything had now been cleared and so the PC was now clear of viruses, but the scammer told me that they would reappear again as they had not been correctly repaired.
He then directed me to a website and asked me to download and run a ‘virus repair tool’ – of course, I didn’t, and I didn’t have the time or patience to set up a virtual machine to run it in to find out what it was going to do. I have no doubt that this was the usual ‘ransomware’ type attack, whereby it would hide/remove key programs and lock up the PC with constant warning popups and so on about fake viruses, until I eventually paid for their ‘service’ to remove it again. The naïve home user believes that this was caused by the ‘viruses’ that the scammer identified, when in actual fact, the only virus is the malware that the phone operator tricked the user into downloading.
Unfortunately, these types of attacks are not just targeted against home users, social engineering attacks like this are levelled against both businesses and site owners alike. If you’re ever unsure of what’s going on, ask for the caller’s number and company name, then look up the number, look up the company, and take some time to think about it before you decide whether or not you want to call them back. Making out that it’s a life or death matter and that you have to pay right now or suffer dire consequences is a common scam tactic. If a telemarketer tries to bamboozle you with such offers, it’s probably best to just put the phone down and leave it, rather than being pressured into doing something.
For a full review of your internet security please visit http://www.expertinternetsecurity.com/
Post a Comment