Skip to content

Archive for January, 2013

17
Jan

Rogue Security Software

If you’ve reached this blog post from a Google search for the phone number 4169153536, please be advised that the call you’ve received is a scam. Read on for details.

Rogue security programs look legitimate, but are nothing more than a social engineering tool designed to relieve you of your money.

Rogue security programs look legitimate, but are nothing more than a social engineering tool designed to relieve you of your money.

I touched on rogue security software in my last post (Digitally Transmitted Diseases 101), but a recent experience made me want to revisit the topic.

A member of my family recently fell prey to one of these programs. Setting aside how the program made its way onto his computer, it happened, and it told him that his computer had fallen victim to over “800 hacks.” Not being very technologically savvy, this scared him, as it’s designed to do. He called a number that was given to him (416 915 3536, which has a Toronto area code), and spoke to someone named Steve Dawson.

Unfortunately, my grandfather was convinced to hand over his credit card information, and grant them remote access to his computer. When he started to realize he may have made a mistake, he told Steve that he would ask his grandson to help him. Steve, in an effort to sound legitimate, encouraged him to have me call them. Here’s how that phone call went:

“Hello, thank you for calling Windows technical support!”

Right away, I can tell that this is not a local call, by how it’s ringing. This is a call that’s being routed to another country altogether.

A lady claiming to be named Lucy picks up the call. She has a thick accent. “Hello, thank you for calling Windows technical support. How may I help you?” There’s a tonne of noise and yelling in the background.

“Good evening. Steve Dawson, please,” I say.

She replies, “Oh, Steve Dawson. Yes.” And then, instead of putting me on hold, she just yells, “STEEEEEEEEEEEEEEVE!”

Very professional. Another guy with a thick accent comes on the line. He says he’s Steve Dawson. I ask him what country he’s in. He says New Jersey, United States. Bullshit.

Two minutes into the conversation, he gives up on the lie that he represents Microsoft technical support. When he realizes that he’s actually speaking to an IT professional, he gives up on the lie that he’s a Microsoft-certified engineer. When my grandfather told him he would ask his grandson to help him, he told him to have his grandson call him. I ask what he thought was going to happen when I did call him. He has no answer.

He starts rambling, and I tell him to stop talking. I spend the next five minutes ripping into him over the phone until he gives up and hangs up, but not before he turns it around and starts calling me a scammer.

Did I expect to get anything out of the conversation? Of course not. But sometimes it’s nice to have someone to yell at – someone who deserves it. And for messing with a kindly elderly man, he deserves it.

That takes care of all my pent up aggression this week. I don’t have an asshole landlady to argue with anymore, so who else am I going to unload on?

What do you do if this happens to you?

If you’ve let it get this far already (as in, they have your credit card number and/or remote access to your computer), the first thing you need to do is cut off their access. It may not be easy for you to shut down your computer properly, so hold the power button for a few seconds to cut power if you need to. The important thing is that their access over the internet be cut immediately.

Call your credit card company and report the fraud. Explain what just happened, and have them reverse any charges made. They’ll cancel your current card, and issue you a new one. If necessary, involve the police, as they can file a police report that forces your credit card company to cancel the fraudulent charge.

If you’ve given them your computer’s password, change it immediately. Think about any other online accounts you may use the same password for, and change those immediately, too. This is especially important if you use that password for your email or any online banking.

Call your nearest IT guy and ask them to help you remove the malicious software from your computer, as well as any remote access software left behind. A scan with your antivirus software is recommended, but you may need a professional to look at it anyway, especially if your antivirus software has been disabled.

The Moral of the Story

Don’t trust software you’ve never seen before if it tells you that your computer is infected. Don’t trust someone who calls you and tells you the same.

And the most important point, something I tell my clients all the time: If you have even the slightest doubt or question about something, call your IT guy. Don’t worry about putting them out. Just remember, a five-minute phone call can save you hours of frustration and embarrassment.

Steve Dawson, whatever your real name is, know this: If I ever meet you in person, your testicles will be introduced to my shoe, post-haste.

What do you think? Leave a comment!