But sometimes things go wrong, very wrong. They can’t connect to the needed site, and then someone calls them up to tell them that their device has a host of serious issues … including malware and child porn.
The person gets very nervous. They make a series of decisions. Questionable ones.
- They listen to the voice on the other end of the phone.
- They let the person remotely check out their computer.
- They believe what the person says they are discovering.
- They get ready to pay for this person to fix their computer.
I thought this was an old scam that had gone out of fashion. I dealt with it firsthand when I worked at another security company and iYogi, their outsourced computer service provider, was making wildly erroneous statements about my computer. Then Brian Krebs, the intrepid journalist behind Krebsonsecurity, got wind of iYogi misdeeds and did his own investigation. Brilliant work. And regardless of whether this was iYogi employees going rogue or making gross lies to make their sales quota, the service contract was cancelled within 24 hours of the Krebs report going live.
It’s going on right across from me in a City Library somewhere in America
A woman is having computer issues and talking about it with someone on the phone for a long time. After hearing about potentially unwanted programs, outdated certificates, and more, I walk around over to her side of the table as she is discussing the payment terms. Then I learn that they had contacted her due to some computer issues.
Since I stepped around just as she was about to pay, I made a few hasty decisions of my own. Instead of researching the name of the company, how the woman was to pay, or even talking to the online tech guy myself (which would have made a much entertaining blog post), I made a direct statement:
“Get out of there now, it’s a scam,” Then she waved me over and I ended her WiFi connection and removed the two networking apps. No other apps seem to have been installed.
I do not know what precipitated the issue or how the scam organization got her phone number. But, I did know that this woman was getting scammed, she was clearly unknowledgeable about anything IT related, and that I really needed to leave the library for another appointment. I suspect her issues stemmed from being years behind on updates as her AV was about 960 days behind and even the calendar on the computer was a few years out of whack.
Which brings me to the three cardinal rules
1. Nobody will ever call you.
- If you remember nothing else, try and keep this in mind: Nobody(legitimate) will call you out of the blue about your software issues. It just won’t happen.
2. Don’t let just anybody into your computer.
- I’m quite sure that she didn’t have child pornography on her computer. But who knows what little surprises could be there afterwards.
3. Figure out who you gonna call.
- This is the tough question. The woman had no techie geek at home. Her experience with a big-box repair service was not satisfactory. I suggested she visit the IT department of her nursing program. After all, if she could not visit their site due to outdated certificates, they should know about it. And I hope they will point her in the right direction.
Guess I will find out more next time I go to the library. 😉