Tech support scam

 

Image from Pixabay

Cry for help from the audience: “Help, I've been fooled!” In such a case I listen to both ears: the left one listens to hear how I can help, the right one listens to see if there’s a story that could be useful to others. Both ears got their money's worth. In this case, the person in question (let's call him Bert) already asked if I wanted to write a blog about it, otherwise I would have asked if he was okay with that.

Let me paint the picture. Bert had an old, slow PC at home on which he wanted to install the new version of his virus scanner. That didn't work out. That's why he wanted to go to the supplier's site and find a solution. He googled the name of his virus scanner, clicked on the top result and ended up at the requested site. Shortly afterwards a chat popped up: we have noticed a problem on your computer and we would like to help you.

Yes please, Bert replied; After all, he was on that site because he indeed had a problem. In order to be helped, he had to install a program (GoToAssist) to let the friendly helper look at Bert's computer. That's what Bert did. A viewing program (remote support) like that often lets the helper take over the computer, allowing him to get things done; You probably know that from your work. A moment later, the directory tree of Bert's computer scrolled across the screen, and suddenly everything turned red. Oh dear! A few thousand Trojan horses had been found!

A Trojan horse is a specific type of computer virus. Bert rightly asked why they had not been intercepted by his virus scanner. That's because the company's standard scanner doesn't detect Trojan horses at all, the helpdesk employee replied. But luckily she was able to offer Bert an extra program that would fill in the gap. They had subscriptions available for 1, 2 and 5 years, for just a few hundred euros.

At this point – about half an hour into the chat – Bert smelled a rat. He asked the helpdesk how he could be sure he was really chatting with someone from the antivirus company. There was no clear answer, after which Bert terminated the connection and, on the advice of his sister, who he was now on the phone with, pulled the network cable from the PC.

What had happened here? To begin with, Bert had not ended up on the real site of his supplier at all. Criminals recreate websites and ensure that they end up at the top of the search results. Almost no one looks closely at the address (URL) in a search result, so if it says you're going to virusscanner.com, it's easy to miss that you're actually going to viruscanner.com. When Bert ended up on the fake site, the criminal started a chat and tricked Bert into installing that remote support program. Once inside, he put some windows on the screen, made lines turn red and put a fake message about Trojans on the screen. His goal was to scare Bert and trick him into buying a "solution".

It is nonsense that Bert's virus scanner would not recognize Trojan horses. The idea that his computer would be home to an entire cavalry: just the same. But in the meantime, Bert felt bad. What has that criminal done? Maybe he stole files? Bert stores his photos and other important files on an external hard drive, which fortunately he disconnected at the beginning of the chat.

I discussed a number of scenarios with Bert. Perhaps the criminal copied Bert's email address book in order to present himself to Bert's contacts with insider knowledge or perhaps even to pose as Bert. Bert was smart enough to inform his closest contacts about this immediately after the incident and to impress on them that they should be on guard for strange messages. Another possibility is that the criminal wanted to copy photos and documents and then threaten Bert with publication. Fortunately, those files were inaccessible on the disconnected external drive. But the most likely scenario for me is that the criminal was only looking to make Bert pay for the Trojan horse killer offered. It came with a hefty price tag and is the easiest way to get money. The other scenarios require more from the criminal.

It makes sense that Bert is still not completely comfortable with the situation. I advised him to first run his old virus scanner on the disconnected PC. Step two is to re-connect the PC to the internet and run a free online virus scan (google 'online virus scan'). If that is all negative, Bert can also connect his hard drive and give it the same treatment. Finally, I suggested using a search engine other than Google, for example Startpage or DuckDuckGo . But to be honest, that is mainly for privacy reasons. Whichever you use: I prefer not to click on the sponsored search results, but to scroll through to the web results. Good luck, Bert!

 

And in the big bad world...

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English.

• an app can destroy lives.
• Brenno 's cat explains that your self-image does not matter. [DUTCH]
• Brenno better keep his cats away from the keyboard.
• the Spanish police have struck a major blow against organized cybercrime.
• the US government provides guidance on phishing prevention.
• Google now pays a premium for reporting vulnerabilities in artificial intelligence.
• the International Court of Justice was a target of cyber espionage.
• Even Google's boss doesn't understand how his privacy settings work.
• the Nigerian police have dismantled a cybercrime recruitment organization.