Imagine your phone rings one evening and the caller addresses you by name claiming to be from Microsoft (or one of Microsoft’s partners). He says the company has detected a serious security problem on your computer and asks you to open your computer’s event log. He even mentions warning and error messages you recently received to reinforce the story. The caller might instruct you to run a few commands and provide you with what he says are unique serial numbers from your computer to further lend credence to his claims. Once you are convinced that your computer is infected, he instructs you to issue commands or download a program onto your computer that will give him control of it so he can "help fix the problem."
Unfortunately, this scam costs individuals an average of $875 in stolen funds and $1,730 in computer damage every time it occurs. It is becoming increasingly common and targets consumers through land-line phones, cellphones (voice and text messages) and email. A recent study revealed that 15 percent of users polled in four countries have received calls like the one described above, and a whopping 22 percent of them ultimately fell for the scam. A shocking 70 percent of fraud complaints in Canada are related to this scam.
How do you know whether a caller might be a scammer? Here are some things to watch out for:
» They frequently claim to be from a well-known company, such as Microsoft.
» They frequently claim that your computer is "sending error reports" about being infected with a virus.
» They might ask you to run tools like "eventvwr" and "assoc" and use the contents of those tools to further convince you of this phantom "infection." Warnings and errors that show up in these logs are usually harmless, but the scammers will try to convince you that they are evidence of the "infection" they are trying to help you with.
» They will almost always ask you to install some kind of remote control utility, such as LogMeIn, to give them remote access to your computer, allowing them to "fix" the problem.
In many of the cases we’ve seen, the scammers say their service is free and do not ask for a credit card. However, if they are successful at getting you to install LogMeIn or a similar tool, they can monitor your online activities for weeks, obtain the passwords to your bank accounts or credit cards that you use to make online purchases, and access other private data stored on your computer.
What should you do if you get a call from someone offering to help you fix a security problem on your computer?
» Be suspicious of any caller who offers to fix a detected problem on your computer. Most companies, including Microsoft, do not do this.
» Ask whether there is a fee for the service they are offering or a required paid subscription. If there is, hang up.
» Never provide your credit card or bank account information to anyone who calls, emails or texts you out of the blue claiming to be technical support from Microsoft or any other company.
» Never give control of your computer through LogMeIn or any other service to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
» Ask for a call-back number and then do a search using Google or Bing with the number and the word "scam" to see whether others have reported scams coming from that number.
» Report the number to your local authorities so they can add it to any open investigations. The Federal Trade Commission maintains a complaint website that you can use to report these calls: www.ftccomplaintassistant.gov.
———
Hawaiian Telcom information security officer Beau Monday is a local cybersecurity expert. Reach him at Beau.Monday@hawaiiantel.com.
