OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Beware of unsolicited tech support

Published March 20th, 2013 at 2:43 PM EST , modified March 20th, 2013 at 2:43 PM EST

Two weeks ago, I wrote about trust issues and fake tech support scams. Coincidentally, it would seem, I got a very concerning e-mail message from a friend of mine yesterday relating to exactly those issues. The incident I’m about to relate is, in fact, so concerning that I feel warning people immediately is of utmost importance.

My friend’s message concerned a friend of hers, who received a call from someone claiming to represent a company called AMMYY. In this call, she was told that her security software had informed them that she had malware that could not be removed. They told her that only someone from Microsoft, who it seems they also claimed to represent (the story is a little muddled), could fix it.

This is a common scam. Thieves will call with varying stories about how you’ve got malware installed, and telling you that you need their help removing that malware. The ultimate goal, of course, seems to be twofold. First, of course, is to get you to pay them to remove a non-existent virus from your computer. A second goal, though, is to install some kind of back door on your machine, so that they can steal from you further through keylogging, capturing data entered in web forms (which may contain data like credit card numbers) and the like.

If this were the end of the story, I wouldn’t be at all surprised by it. However, this particular incident takes a turn down a darker and more sinister road. Some time after receiving the call, a man dressed as a police officer showed up at her door, asking if she could “show him the error.” He was invited in, and ultimately ended up doing something to the computer. What was done is unclear, but some kind of malware (also unclear) was later detected by Norton and removed.

Now, it should be fairly evident that allowing this person in the house was a mistake. Just because someone is dressed as a police officer does not mean they should automatically receive your trust, and certainly in this case the context of having a police officer show up to handle a computer problem ought to raise all kinds of red flags. However, regardless of how you may feel about your ability to spot a scammer on your doorstep, it is nonetheless a matter for great concern that someone intent on scamming you in this manner might show up at your home. That is truly frightening.

For this reason, it’s important not to give these kinds of people any reason to be interested in you. If you receive an unsolicited call of this kind, tell them you’re not interested and get off the phone, then call your local police (on a non-emergency number!) to report the incident. Do not give the person on the other end of the phone any reason to think that continuing to pursue you as a victim will be fruitful.

It’s important to be aware, too, that caller ID information can be faked. I received word from a colleague, as I was writing this article, who said that he had heard of a similar story. In that case, the victim was told that local police would be sent to confirm the problem, and was called back minutes after the conclusion of the call from a number that showed on caller ID as being the local police department. However, caller ID spoofing is extremely easy to do and commonly used by scammers. So even if it looks like the call is coming from a legitimate source, keep suspicion in the front of your mind, and never let a stranger into your house unless you have asked them to come perform some service and have verified their identity at the door!

Tags: ,

6 Comments

  • Someone says:

    I’m not sure which is creepier, MacDefender’s pornographic pop-ups or this story…

  • Timothy says:

    Wow, having someone actually show-up in person takes this to a whole new level (as does apparently impersonating a police officer.) Was this in the US??

  • Brittany D says:

    Wow. Just. Wow. I would never let any uniformed person in the door unless it was apartment maintenance (even though I would be scared unless a guy as in our apartment – like my father) but if a person dressed as a cop came to my door and wanted to see my computer I’d say get a warrant! I would not let them in. I have nothing to hide so if they want a warrant, let them get it… I tend not to answer doors unless I’m expecting a package to be delivered. I hate all the candy-bar-selling-kids and people I call ‘scammers’ who sell magazine subscriptions, oh and I can’t forget religious nuts trying to convert me even though I’m already a convert to Christianity. They have no purpose showing up at my door so I would not let them in. I guess I just like my privacy. haha But yeah I’ll share this story with my friends so they are warned. Thanks for this article!

    • Someone says:

      In my opinion, the “religious nuts” are okay (maybe because I don’t see them too often). But the really annoying ones are the ones representing some project or whatever and ask you to give them a. a donation, b. your email, or c. both.

  • Scott H. says:

    “In this call, she was told that her security software had informed them that she had malware that could not be removed. They told her that only someone from Microsoft, who it seems they also claimed to represent (the story is a little muddled), could fix it.”
    I just received a similar call this morning, from a company claiming to work for “Windows” not “Microsoft”, claiming that my Windows PC’s were infected with hacking files and they were contacting me to remove them. Of course this would require me giving them access to my computers. When I refused, they told me that I could be fined $1,000 and receive jail time. I told them I was not worried since I look good in stripes 🙂 and there was not a chance in hell that I would allow them access period, end of story!

    • Thomas says:

      I believe those scare tactics are fairly common. Of course, they’re ridiculous, as it isn’t illegal to be infected with malware – if it were, most Windows users would be breaking the law at some point! Still, some folks will fall for it and become victims.

This post is more than 90 days old and has been locked. No further comments are allowed.