Practically everybody who has a land line has experienced some form of "Tech Support Scam". Basically it works like this: You receive a call from a known technology company (most typically, Microsoft), stating that they have received automatic notices from your computer regarding a virus infection. Sometimes the victim actually finds them through bogus ads which have been placed in search engines. They might want you to think that you are calling HP or Dell or any other well-known manufacturer, And often they manage to place these ads higher in the search results than the legitimate companies' entries.. In the end, they want to gain remote access to your system, so they walk you through the steps to grant them that access. Once they are on your computer, they show you a folder that includes many innocuous files. They explain that those are all virus infections, and offer to remove them for a fee. Or they might try to enroll you in a fake maintenance program. If you accept the service, they will have your credit card information or your bank information or, at a minimum, your money. If you don't pay, they might install an actual virus infection, or in some other way just render your computer unusable. This scam has existed for many years. It is highly effective and, apparently, profitable for them.
Our recommendation has always been to peform a complete virus scan with a legitimate product. To be on the lookout especially for key loggers. Also to change any passwords that might have been used since they accessed your computer.
But recently, we have found that this is not enough. Scamers are now also re-configuring your email. They set up a forwarding address. So all email that you receive goes to them. They will know who you bank with, which online stores you use, which paid online games you play ... There is quite a bit of information that they can use over and over again.
Allowing anybody you don't know to access your computer remotely is a risk. You need to be sure that the person you are granting this access to is from a legitimate company. The best way to do this is to visit that company's web page, and look for a support phone number there. And never grant access to anybody if you didn't initiate the call. But if you have unknowingly granted access to your computer to somebody. And you are not sure if they are from a legitimate company, be aware of all the things that might make you vulnerable: Check your email settings, check your network settings (Proxy or DNS settings can be used to access information that you send), and make sure that there is no "new" suspicious program that you didn't install.
Tuesday, September 16, 2014
Subscribe to:
Posts (Atom)
