 |
| Image from Pixabay |
Cry
for help from the audience: “Help, I've been fooled!” In such a case I listen
to both ears: the left one listens to hear how I can help, the right one
listens to see if there’s a story that could be useful to others. Both ears got
their money's worth. In this case, the person in question (let's call him Bert)
already asked if I wanted to write a blog about it, otherwise I would have
asked if he was okay with that.
Let
me paint the picture. Bert had an old, slow PC at home on which he wanted to
install the new version of his virus scanner. That didn't work out. That's why
he wanted to go to the supplier's site and find a solution. He googled the name
of his virus scanner, clicked on the top result and ended up at the requested
site. Shortly afterwards a chat popped up: we have noticed a problem on your
computer and we would like to help you.
Yes
please, Bert replied; After all, he was on that site because he indeed had a
problem. In order to be helped, he had to install a program (GoToAssist) to let
the friendly helper look at Bert's computer. That's what Bert did. A viewing
program (remote support) like that often lets the helper take over the
computer, allowing him to get things done; You probably know that from your
work. A moment later, the directory tree of Bert's computer scrolled across the
screen, and suddenly everything turned red. Oh dear! A few thousand Trojan
horses had been found!
A
Trojan horse is a specific type of computer virus. Bert rightly asked why they
had not been intercepted by his virus scanner. That's because the company's
standard scanner doesn't detect Trojan horses at all, the helpdesk employee
replied. But luckily she was able to offer Bert an extra program that would
fill in the gap. They had subscriptions available for 1, 2 and 5 years, for
just a few hundred euros.
At
this point – about half an hour into the chat – Bert smelled a rat. He asked
the helpdesk how he could be sure he was really chatting with someone from the
antivirus company. There was no clear answer, after which Bert terminated the
connection and, on the advice of his sister, who he was now on the phone with,
pulled the network cable from the PC.
What had
happened here? To begin with, Bert had not ended up on the real site of his
supplier at all. Criminals recreate websites and ensure that they end up at the
top of the search results. Almost no one looks closely at the address (URL) in
a search result, so if it says you're going to virusscanner.com, it's easy to
miss that you're actually going to viruscanner.com. When Bert ended up on the
fake site, the criminal started a chat and tricked Bert into installing that
remote support program. Once inside, he put some windows on the screen, made
lines turn red and put a fake message about Trojans on the screen. His goal was
to scare Bert and trick him into buying a "solution".
It is
nonsense that Bert's virus scanner would not recognize Trojan horses. The idea
that his computer would be home to an entire cavalry: just the same. But in the
meantime, Bert felt bad. What has that criminal done? Maybe he stole files?
Bert stores his photos and other important files on an external hard drive,
which fortunately he disconnected at the beginning of the chat.
I
discussed a number of scenarios with Bert. Perhaps the criminal copied Bert's
email address book in order to present himself to Bert's contacts with insider
knowledge or perhaps even to pose as Bert. Bert was smart enough to inform his
closest contacts about this immediately after the incident and to impress on
them that they should be on guard for strange messages. Another possibility is
that the criminal wanted to copy photos and documents and then threaten Bert
with publication. Fortunately, those files were inaccessible on the disconnected
external drive. But the most likely scenario for me is that the criminal was
only looking to make Bert pay for the Trojan horse killer offered. It came with
a hefty price tag and is the easiest way to get money. The other scenarios
require more from the criminal.
It makes
sense that Bert is still not completely comfortable with the situation. I
advised him to first run his old virus scanner on the disconnected PC. Step two
is to re-connect the PC to the internet and run a free online virus scan (google
'online virus scan'). If that is all negative, Bert can also connect his hard
drive and give it the same treatment. Finally, I suggested using a search
engine other than Google, for example Startpage or DuckDuckGo . But to be
honest, that is mainly for privacy reasons. Whichever you use: I prefer not to
click on the sponsored search results, but to scroll through to the web results.
Good luck, Bert!
And in the big bad world...
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- an app can destroy lives.
- Brenno
's
cat explains that
your self-image does not matter.
[DUTCH]
- Brenno better keep his cats away from the keyboard.
- the Spanish police have struck a major blow against organized cybercrime.
- the US government provides guidance on phishing prevention.
- Google now pays a premium for reporting vulnerabilities in artificial intelligence.
- the International Court of Justice was a target of cyber espionage.
- Even Google's boss doesn't understand how his privacy settings work.
- the Nigerian police have dismantled a cybercrime recruitment organization.
