Telephone Fraud - Fake Anti-Virus

Very funny...

I just got a call from someone (Unknown #) who was interested about our Microsoft Windows computer. She wanted to talk to the owner, saying that they were certified Microsoft Technicians. After a few questions, she entered in her process (that she was obviously reading): Did you know that your computer could be intected with malware, virus, that can be undetected by conventionnal anti-virus... blablabla, then a series of questions/answer:
  • Is the computer on at the moment?
  • Yes
  • I'll give you directives to scan your computer and you'll see how infected your computer is
Ahhh, now, it's getting interesting! At this moment, I decided to switch roles:
  • Where are you calling from?
  • She mumbled the name of the company, I could't understand even after two repetitions
  • What is your phone number?
  • We don't have one, we operate on the internet
  • Well, you're talking on a phone, you must have a phone number right?
  • Our phone number is for our technicians only
  • What is your phone number?
At this moment, something really funny happened. The girl on the line started blowing in the handset, to simulate noise on the line. I was quite amused and told her "Wow, what a good idea to blow in the handset!", then, after a few seconds, I just terminated the call with this sentence: "Nice try".

I called my phone company to see if they can get the # even though it is blocked and the person who answered said no, but he told me that he got a call a few days ago saying that he got a similar call, followed the steps and "they" took control of his computer... he was seeing the mouse moving by itself.

Ah, the lesson is: don't trust anyone who calls you. It's the equivalent to get in a stranger's car that offers candies: you don't know what can happen. Don't forget that nothing lasts only the time of a call. You can always hang up and call a friend to validate.

Comments

ugob said…
I contacted the SANS institute about this topic and they've covered this in the past: http://isc.sans.edu/diary.html?storyid=9139
8:42 PM
Post a Comment

Popular posts from this blog

General linux performance troubleshooting

Here's a list of commands that you should execute and then share the output to someone who can help you figure out what resource is the bottleneck in your system. Note, it requires the  sysstat  and  procps  packages (ubuntu and RHEL and its derivatives): uptime vmstat 1 10 iostat -xN 2 10 mpstat -P ALL 3 10 pidstat 1 10 free -mw (or free -m, if your OS doesn't support -w)  uptime is to see the load averages on the system. vmstat is mostly used to tell if the system is swapping or not. If you see significant numbers in the 'si' and 'so' columns, your system is most likely swapping (using the hard drive as RAM), which usually slows performance a lot. iostat is mostly used to determine if your disk subsystem is not able to cope with the load. If you see one or more lines that shows 100 or close almost constantly, it is probably the case.  If it is your swap volume, you probably saw numbers in the 'si' and 'so' columns in the  vmsta...
Read more

Networker automated recovery testing using the REST API - introduction

One feature that is lacking from Networker, compared to some of its competitors, is the built-in automatic recovery testing. However, when there's an API, there is a way.  Networker's REST API is not perfect, but it allows the backup administrator to perform queries about Networker resources (objects). As my workload is going up, I realize that one of the tasks that I tend to skip the most is the periodical recovery tests.  Don't forget that a a backup that is not tested should be considered non-successful. I also found out that my recovery tests were not diverse enough. When I started this project, I knew a little bit about REST APIs, and nothing about JSON processing. With the Networker REST API documentation, and the help of a friend and Networker Support staff, I was able to create HTTP queries with Postman,  cURL and jq . Once I got the queries that I needed, I put them in a bash script that would somehow select one backup, and then restore it. My first attem...
Read more

Tips for being a better system administrator

Here are a few tips that I have discovered or implemented during my career, that can help anyone get better results: Follow the 3-2-1 backup strategy  or better 3 copies of the data 3 different media 1 copy offsite Test your backups regularly. Ideally, automate your recovery tests. Use Whatever-as-code as much as you can. IaC is the first that comes to my mind, but using code to define objects and their properties have several advantages: Auto-documentation of changes Ability to easily rollback (using source code management like Git) Makes it easier for standardization an compliance Ansible, Chef, Puppet, Salt, Terraform, Pulumi are good examples Maintain a changelog of all the major changes in your infrastructure (that isn't already "documented" because you're using IaC). Keep track of your hardware inventory and plan your renewals and warranty extension purchases. Build a spreadsheet with all the components that you manage and make sure that everyone on the sysadmi...
Read more