Beware of unsolicited tech support
Published March 20th, 2013 at 2:43 PM EDT , modified March 20th, 2013 at 2:43 PM EDT
Two weeks ago, I wrote about trust issues and fake tech support scams. Coincidentally, it would seem, I got a very concerning e-mail message from a friend of mine yesterday relating to exactly those issues. The incident I’m about to relate is, in fact, so concerning that I feel warning people immediately is of utmost importance.
My friend’s message concerned a friend of hers, who received a call from someone claiming to represent a company called AMMYY. In this call, she was told that her security software had informed them that she had malware that could not be removed. They told her that only someone from Microsoft, who it seems they also claimed to represent (the story is a little muddled), could fix it.
This is a common scam. Thieves will call with varying stories about how you’ve got malware installed, and telling you that you need their help removing that malware. The ultimate goal, of course, seems to be twofold. First, of course, is to get you to pay them to remove a non-existent virus from your computer. A second goal, though, is to install some kind of back door on your machine, so that they can steal from you further through keylogging, capturing data entered in web forms (which may contain data like credit card numbers) and the like.
If this were the end of the story, I wouldn’t be at all surprised by it. However, this particular incident takes a turn down a darker and more sinister road. Some time after receiving the call, a man dressed as a police officer showed up at her door, asking if she could “show him the error.” He was invited in, and ultimately ended up doing something to the computer. What was done is unclear, but some kind of malware (also unclear) was later detected by Norton and removed.
Now, it should be fairly evident that allowing this person in the house was a mistake. Just because someone is dressed as a police officer does not mean they should automatically receive your trust, and certainly in this case the context of having a police officer show up to handle a computer problem ought to raise all kinds of red flags. However, regardless of how you may feel about your ability to spot a scammer on your doorstep, it is nonetheless a matter for great concern that someone intent on scamming you in this manner might show up at your home. That is truly frightening.
For this reason, it’s important not to give these kinds of people any reason to be interested in you. If you receive an unsolicited call of this kind, tell them you’re not interested and get off the phone, then call your local police (on a non-emergency number!) to report the incident. Do not give the person on the other end of the phone any reason to think that continuing to pursue you as a victim will be fruitful.
It’s important to be aware, too, that caller ID information can be faked. I received word from a colleague, as I was writing this article, who said that he had heard of a similar story. In that case, the victim was told that local police would be sent to confirm the problem, and was called back minutes after the conclusion of the call from a number that showed on caller ID as being the local police department. However, caller ID spoofing is extremely easy to do and commonly used by scammers. So even if it looks like the call is coming from a legitimate source, keep suspicion in the front of your mind, and never let a stranger into your house unless you have asked them to come perform some service and have verified their identity at the door!