Telephone Fraud - Fake Anti-Virus

Very funny...

I just got a call from someone (Unknown #) who was interested about our Microsoft Windows computer. She wanted to talk to the owner, saying that they were certified Microsoft Technicians. After a few questions, she entered in her process (that she was obviously reading): Did you know that your computer could be intected with malware, virus, that can be undetected by conventionnal anti-virus... blablabla, then a series of questions/answer:
  • Is the computer on at the moment?
  • Yes
  • I'll give you directives to scan your computer and you'll see how infected your computer is
Ahhh, now, it's getting interesting! At this moment, I decided to switch roles:
  • Where are you calling from?
  • She mumbled the name of the company, I could't understand even after two repetitions
  • What is your phone number?
  • We don't have one, we operate on the internet
  • Well, you're talking on a phone, you must have a phone number right?
  • Our phone number is for our technicians only
  • What is your phone number?
At this moment, something really funny happened. The girl on the line started blowing in the handset, to simulate noise on the line. I was quite amused and told her "Wow, what a good idea to blow in the handset!", then, after a few seconds, I just terminated the call with this sentence: "Nice try".

I called my phone company to see if they can get the # even though it is blocked and the person who answered said no, but he told me that he got a call a few days ago saying that he got a similar call, followed the steps and "they" took control of his computer... he was seeing the mouse moving by itself.

Ah, the lesson is: don't trust anyone who calls you. It's the equivalent to get in a stranger's car that offers candies: you don't know what can happen. Don't forget that nothing lasts only the time of a call. You can always hang up and call a friend to validate.

Comments

ugob said…
I contacted the SANS institute about this topic and they've covered this in the past: http://isc.sans.edu/diary.html?storyid=9139

Popular posts from this blog

Outlook 2007 Add-in with OTRS

Asterisk works under OpenVZ (no zaptel)

KeePass enforced configuration