This blog was written by Bruce Snell.
A couple years ago I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.
Rick said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the anti-virus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from and the site he used to get the malicious file. I told Rick that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.
After the abrupt end of my call, I ran a malware scan using our security software and confirmed that the file Rick wanted me to install was a remote access tool (RAT) that would allow him full control of my system and most likely turn it into part of a botnet.
These scams have been going on for years. We’ve seen them crop up around tax time with the person on the line claiming to be from the IRS, and at back-to-school and Christmas, when people have new laptops. The scam artists will use any story they can to get to you to give them access to your information. In security we refer to this as “social engineering,” using social interactions to trick someone into giving up information or installing software. The more entrepreneurial criminals out there even outsource this activity to call centers that could be anywhere else in the world. The goals are to collect your personal or financial information, or to get you to install malware on your system.
The best defense against such scams is to recognize them for what they are and simply hang up.
How can you tell a scam from a legitimate call?
Any company can be impersonated with this sort of scam, so it’s important to watch for certain behaviors.
- We won’t call you. You will not get a call from McAfee or any other reputable security vendor informing you that you have a virus. It’s just not how these things work. With McAfee, for example, you may enter your phone number when creating an account online, but that is used for billing information only. There’s no connection between the number you enter into your account profile and the anonymized virus detection data we collect. We will never make an unsolicited call to you and ask for your user name and password.
- Don’t give up the control. There are times when you might call a computer repair service that asks you to allow them to remotely control your machine to help troubleshoot. That’s generally fine because you initiated the action, and presumably identified a reputable repair service. However, if someone calls you out of the blue and tells you they need remote access to your system, never agree. They are almost certainly not who they say they are.
- Go directly to the source. If someone calls claiming to be with a security vendor, government agency, cable provider, or any other important sounding place and wants to gather information about you or access your machine, give them a call back. Ask the person on the phone if there is a case number you can refer to and end the call. Then go to the company’s website to locate the customer support number and call them directly. Don’t ask the person calling for the phone number.
The elderly, young children and teens tend to be most susceptible to these efforts, so please make sure to talk with your family and friends about this topic and help them avoid these scams.