Threat of the Week: Bogus Tech Support Sweeping Nation
“Hello, this is Microsoft Support calling to alert you that there is a dangerous virus on your computer. Would you like assistance in removing it?”
Get that call and the best advice is, hang up.
But, across the nation, many thousands of such calls are coming in – possibly from phone banks in India, say some sources, although the locus is not known to a certainty – and, sadly, apparently many people are taking the bait.
In some cases they pay a flat fee for “virus removal” – usually in a range of $130 to $330, according to research by security firm Guardian Analytics.
That’s the cheaper price. In other cases, the “helpful” technician asks for permission to remotely take control of the victim’s computer and, in those instances, dangerous malware is downloaded to silently steal the victim’s banking credentials. This can include Zeus and similar credential- robbing software.
A variation: there lately has been a proliferation of counterfeit websites, purporting to be “official” Google or Facebook or Twitter help desks that, for a fee, will solve a user’s problems.
Understand that the new generation of Internet giants may have become essential in many lives but they also are parsimonious in providing live tech support. That sends frustrated users online to hunt for help but it also sets them up to be fleeced, again either by paying for useless services or, worse still, opening their computer to a download of toxic malware.
Guardian Analytics’ manager of fraud intelligence, Chris Silveira, said in an interview that the company knew the tech support scam was becoming a national problem when, suddenly, multiple of its clients were calling in, saying their customers were being fleeced by scamsters running similar support schemes.
There are so many cases, Microsoft itself has warned about this epidemic.
Here is a report of an outbreak in Wisconsin. Another from Quincy, Ill.-Hannibal, Mo. A third from Harrisburg, Pa. A fourth from Wichita Falls, Texas. A fifth from Palestine, Texas. Many dozens more turn up in a basic Google News search.
The good news: there is scant creativity or variation in the scam pitches, which follow a rote formula. The bad news: the callers are plentiful and they apparently simply keep trying until they find susceptible marks.
“There may be multiple groups using the same scams,” said Silveira.
He added that, to some extent, the security community has paved the way for this outbreak with its incessant warnings about computer vulnerabilities and malware. By no means is he suggesting that the criminals thus get a free pass, but he suggested the susceptibility of some people to the tech support scam has to be seen as growing out of the heavy publicity around each new flaw that is revealed. That raises consumer fears and, when that call comes in, confirms their worst nightmares.
What to do if you, or a credit union member, already have fallen for this scam and malware may have been installed? Microsoft offers three steps to good computer hygiene. The first is change the device password. The second: run Microsoft’s free malware scanner. Third, install MIcrosoft’s free Security Essentials, which will maintain a vigilant inspection of the computer.
As for what credit unions can do to help members avoid these scams, advice from the experts is to get out the word that Microsoft is not cold calling users and offering unsolicited help. So if that call in fact comes in, just hang up.
Remind them, too, that neither Google nor Facebook has suddenly become customer-centric and any help for either comes from third parties who may well be crooked.