Summary: Online con artists are targeting PC users worldwide in a brazen scam. It starts with a phone call from a "tech support specialist" who warns that your computer is infected with a virus. To fix things, all you have to do is give the caller remote access to your PC. Here's what happens next.
Updated 7-November with additional details.
An old social-engineering scam appears to have taken on new life lately, targeting PC users worldwide.
Ironically, the scam doesn't use a computer at all—at least, not initially. Instead, it starts with a phone call from someone who claims to be affiliated with Microsoft or another legitimate company or government agency.
The caller then asks for the primary computer user in the house, who is told: "Your computer has downloaded a virus." And, of course, the caller is ready and willing to fix the problem. All you have to do is navigate to a web site, click a link to install some remote-control software, and allow the "technician" to get to work.
The perps are using legitimate remote-assistance software, like the Ammyy Admin program from Ammyy Software Development, which posted a warning that included some reports the company has received from scam victims:
"I got call from an India based consultant who said to me that he is calling from a govt. organisation in Melbourne, Australia. He made me to log into my computer to track some files and without advising me he wanted me to download a software application from ammyy.com and get remotely connected to a technician to delete some files..."The scam has been around for a few years. Charles Arthur at the Guardian UK wrote about a similar scam last year, noting that it had been "going on quietly since 2008 but has abruptly grown in scale this year." He wrote about it again in March 2011.
"I was recently called by what I thought was my internet service provider technician who used Ammyy to gain remote access to my computer - after I stupidly granted him that permission. It turns out that he was nothing to do with my internet service provider. When I became suspicious and began questioning him he said he would show me who he was and opened a website of a company - the web site triggered my virus software and I then demanded that the remote access be terminated..."
In June of this year, Microsoft published a warning about the scams, including results from a survey it conducted in the U.K., Ireland, U.S. and Canada. The survey showed that across all four countries, 15 percent of those surveyed reported having received one of these phony support calls.
Of those who received a call, 22 percent, or 3 percent of the total survey sample, were deceived into following the scammers’ instructions, which ranged from permitting remote access to their computer and downloading software code provided by the criminals to providing credit card information and making a purchase.The latest outbreak appears to be another wave, judging from the sudden increase in complaints I've seen recently.
The vast majority (79 percent) of people deceived in this way suffered some sort of financial loss. Seventeen percent said they had money taken from their accounts, 19 percent reported compromised passwords and 17 percent were victims of identity fraud. More than half (53 percent) said they suffered subsequent computer problems.
I've heard from Windows users and legitimate support specialists who've seen this scam in action in Australia, Canada, and the UK. Recent reports from Microsoft indicate that the scammers have widened their net and are now working in languages other than English, targeting Windows users in Poland and the Czech Republic.
I also got one reliable report from an extremely trustworthy source: my mother.
A caller with a thick accent tried to run this scam on my mom, who peppered the caller with questions. What's your name? What's your company's name again? What's your phone number? (She raised six kids. She's used to social engineering attempts.)
My mom's Caller ID said the call originated from 999-910-0132; the caller claimed to be from a company that sounded something like Alert Center, and she gave a callback number of 609-531-0750.
If you plug those numbers into a search engine, you'll find that they lead to a group of companies using identical website templates under different names, including TechResolve, Itek Assist, and—bingo—AlertSoft. A company with the unimaginative name Custom Design Firm, at the same address in Kolkata, India, also offers custom web-design and search-optimization services at exorbitant prices.
My mom eventually hung up on the scammers, but others haven't been so lucky. If a victim falls for the scam, the next step involves a credit card, naturally, as this victim reported:
Posed as troubleshooter, got into my system, used a "safe code" to get into my computer. Claimed my machine has been hacked into and infected with a virus. Tom and John, heavy Asian accents. Wanted to install "lifelong protection" for $130. I balked. They have my name and number and have been calling incessantly. I'm concerned that they might have planted something in my computer that allows them access.Indeed, that's a legitimate concern. Once a victim has granted an intruder remote access, it's impossible to tell exactly what sort of damage they've done. If you know someone who has fallen for this scam, you should assume their computer has been compromised and respond appropriately.
Most readers of this blog are sophisticated computer users who would laugh out loud at an attempt like this. But you probably have friends, family members, or clients who could use a heads-up on this one. If you get a call from someone claiming to have detected a virus on your PC, just hang up.