Spyware by Phone

Posted on Jul 25, 2013 in Security

Malware creators and distributors are kicking it up a notch at the local level.  It’s no longer good enough to just have Antivirus Software, we are to the point where a monthly (if not weekly) scan of your computer with a suitable Spyware Scanner is almost a requirement.  Now however, something that I’ve only seen as an issue at the business level is starting to trickle down and affect home users as well.

I have a computer in my shop now that was infected in a way that I’ve never heard of happening to a home user before.  Someone called and said that they were from “Microsoft”.  “Microsoft” informed the user (let’s call her Mary and let’s put her age at 70) that her computer had signaled them for help.  They then asked Mary to confirm that her computer had been running slower than normal and that webpages weren’t loading like they should.  I want you to take a minute and think about how you would answer that question.  I think every one of us would answer that with an enthusiastic “Yes!”  The “Microsoft” tech then asked Mary to verify her address and read off the correct home address of our unfortunate victim.

Mary was convinced, the tech on the phone had known personal information and had known about ongoing computer issues that she had been facing.  The tech walked Mary through going to a website, downloading and installing a piece of software that would allow remote access to her computer, and then she watched as the “Microsoft” tech took control of her computer to test the installation.  It was at this point that Mary was asked for her Credit Card information so that they techs could continue on with their work.

Hi, how can I steal your money today?

Finally warning bells started going off for Mary.  She questioned the tech again about who they were with, what they were doing, and how they knew there was an issue.  The tech of course tried to assure Mary that everything was fine and that all of her computer issues would be taken care of quickly and professionally, all she had to do was agree to a very reasonable $49 charge.  Mary hung up immediately and contacted her daughter, a client of mine, who brought the computer to me.

The spyware installed is typical Scareware, it’s a fake Antivirus program that tells the user that there are 845 instances of Spyware on the computer and that they can be cleaned off if the software is activated with a credit card number.  This is the first time I’ve seen it manually installed by someone over the phone though.  As someone that works with home users and business alike, I’m at a loss of how to let people know how to better protect themselves from this type of attack.  Short of sharing the story and getting it in front of as many people as possible, what are some options?  If you are tech savvy, how do you let your family know about this sort of issue?

As always, leave your comments in the section below.

Dennis Edmondson
Computing Concepts LLC

Share via email Share
0 comments