AUSTRALIAN PHONE and INTERNET SCAM
AUSTRALIANS BEWARE!
Australians are being targeted from Indian call centres posing as Microsoft technical support, these call centres generally cold call you on the premise of clearing your computer from viral infections, or at least," lead you to believe," that your computer is infected with viruses and malware threats.
They accomplish this via social engineering techniques. They prey on your apparent lack of technical knowledge, or so-called gullibility, offering you the service of computer protection for a certain fee. They will generally have you turn on your computer and then prompt you through a set of instructions leading you to the “Run Command,” where they will then ask you to enter a command line instruction.
This run command is often used by computer technicians to “short-cut” certain actions on the computer. The scammers will ask you to enter ‘eventvwr,’ in the run command window.
This is short for event viewer, which is basically a series of log files built into Windows operating systems that reports information about operating system performance and service errors that are logged on your computer.
This is short for event viewer, which is basically a series of log files built into Windows operating systems that reports information about operating system performance and service errors that are logged on your computer.
They will tell you to look for errors in the form of yellow triangular symbols and also red (X’s,) that they may imply are symptoms of viral infection. This is not true!
These errors are normal behaviour in Windows, in fact some computers may have no errors show at all. These scammers will also try and have you make a few more clicks enabling them remote access to your computer. If they are successful, they effectively have almost full control over your computer every time it is online. This is very much like giving a complete stranger a copy of the keys to your house, and maybe even your car!
The biggest and perhaps most dangerous difference is; if you bank online and also make credit card transactions. They may well also gain access to your bank account information. This will no-doubt lead to financial loss, and sadly already has from many unsuspecting and innocent victims from
around the Gold Coast and Australia.
around the Gold Coast and Australia.
These scammers don’t just want your money, but also your identity. This scam is indeed both a financial and ID theft scam targeting Australians using your phone number and address which is believed to be derived from phone directories.
In the past it has been postulated that individuals working within telecommunications companies, were and perhaps still are, selling your personal information to overseas scammers in order to receive financial remuneration.
Whether this is the case or not, cannot yet be verified from information received by authorities about this recent and ongoing scam. It has been reported that these scammers have an aggressive and bully-like demeanour, especially when they are having a hard time swaying you into submission!
They will apparently ring you several times in an attempt to achieve their objective, this persistent harassment only seems to abate when they finally realize that you’re not that gullible or you repeatedly hang-up on their calls.
If these scammers do have your attention and believe you are as gullible as they think, after a bit of clicking around your computer, they will at some stage ask you to enter a URL “uniform resource locator” into your web browser.
These URL's belong to their "phished" (fake websites) that they use as a disguise for authentication and to date have been reported as:
For your online safety these URL's have been set to the Australian Scamwatch website should you click them.
Clearly, never enter these URL’s into your browser as they will automatically install malware providing the scammers with aggregate information enforcing their objective. Put simply, they collect and collate data that forms a bigger picture eventually divulging an unsuspecting victims’ identity.
The malware may include key loggers, which have the ability to capture every key stroke you type, or in other words, what you enter on your keyboard as a password, or even account number, can be logged and sent back to an unauthorised entity. As with the above example of freely distributing your
house keys, key loggers also have the potential to allow attackers not only access to your bank account, but other credentials such as your identity.
house keys, key loggers also have the potential to allow attackers not only access to your bank account, but other credentials such as your identity.
Should this happen, it is possible that you may end up with an invoice charged to your credit card for purchases you did not authorise or make! The worst case scenario is when these scammers take your identity credentials and create accounts in your name, which are then charged to you without your knowledge or consent! These occurrences have impacted many Australians over the
years and have also come to pass as a result of this particular scam.
years and have also come to pass as a result of this particular scam.
Ok, so now you understand the gravity of this scam, let’s look at ways to circumvent this social engineering attack and examine what you can do for yourself and protect your computer.
Signs the call may be scammers include:
- They may have an Indian accent with very poor English.
- They may tell you they are technical support for Microsoft.
- Unfortunately simply answering the phone to these scammers will only validate
that you’re a real person, (not an answering service) and have an active phone
number, this leads to their persistence! - They may assume you have a computer connected to the internet.
- They may ask you to perform a series of instructions on your computer.
- They may tell you it is running slow because it is infected with multiple
virus infections and requires their services to fix it! - They may offer this service at a price (usually $200 - $400)
- They may insist this will keep you safe for as long as you subscribe to their
services. - Their calls may persist should you refuse to comply with their
demands. - This persistence may become aggressive and abusive the more you refuse their
demands.
Some people have advised that you ask these caller’s for their ID and phone number and then call them back to verify their authenticity. You may also think about asking, what company they work for?
Since much of the time, they may introduce themselves over the phone, either as an employee of a hypothetical company, or perhaps one that is acquainted with a legitimate company or even a phished website such as: the winpctech.net fake web support website hosted by these scammers.
One thing should be made clear, "IT professionals and companies such as Microsoft, never cold call their customers."
Also be aware of secondary scams, where fake companies and phished websites will try and entice you into believing they can recover any money lost from an original scam.
History has shown that these scams often spring up as a rebound to a former scam, and in some cases may even be the original scammers pretending to be a helpful agency trying to help you!
How to protect your computer:
There are a few things you can do to protect your computer, because this kind of attack relies on social engineering, the first thing to do is use your common sense and better judgement, do not let yourself be swayed by criminal scammers.
A computer requires an operator to perform input in order to produce a specific action. It is this part of the process that scammers mill to their advantage.
A rule of thumb applies, "if it is too good to be true, it usually is!
The following is compiled based on a Windows XP operating system. Those with Vista or Windows 7 may have many of the following settings already set by default:
To help protect yourself you should:
*Turn off Remote Access.
*Check your firewall is on.
*Check that Remote Desktop is disabled in your firewall
*Check your firewall is on.
*Check that Remote Desktop is disabled in your firewall
And also:
*Make sure your antivirus and antispyware is updated.
*Scan your computer regularly and keep your OS updated and
patched.
*If you have a VoIP phone system, enable the highest security
settings.
I should make special mention about those using a VoIP (voice over internet protocol) system, you will need to ensure that the security and encryption protocols and your hardware are both updated and patched, and set to the recommended standards as set by the manufacturer.
VoIP is telephony services (voice data) that travels over the internet via packets as digital data and is then unpackaged at the receiving end as voice data. This is a security concern since this technology uses IP packets to send data, unless this data is encrypted, it is vulnerable to sniffing attacks
whereby and attacker could capture and read the data. Imagine if that data was your credit card information?
whereby and attacker could capture and read the data. Imagine if that data was your credit card information?
How to help secure a Windows XP based computer:
1) Enable your software firewall (or check that your antivirus may use one)
2) Disable ‘Remote Desktop’ in the Windows Firewall
3) Disable Remote Access
4) Delete cookies and offline content
5) Run Antivirus scans in Safe Mode.
6) Increase security settings via Internet Options
7) Block suspect websites (including those described above)
8) Change your logon password
2) Disable ‘Remote Desktop’ in the Windows Firewall
3) Disable Remote Access
4) Delete cookies and offline content
5) Run Antivirus scans in Safe Mode.
6) Increase security settings via Internet Options
7) Block suspect websites (including those described above)
8) Change your logon password
To check Firewall settings:
1) Click Start
2) Click Run
3) Type; firewall.cpl
4) Make sure the “On” radio button is checked, click OK
2) Click Run
3) Type; firewall.cpl
4) Make sure the “On” radio button is checked, click OK
While you’re in that neighbourhood, disable ‘Remote Desktop.’
1) Steps 1 to 3 as above
2) Click the ‘Exceptions’ tab
3) Scroll down to Remote Desktop
4) Un-tick the box next to Remote Desktop
5) Click OK
2) Click the ‘Exceptions’ tab
3) Scroll down to Remote Desktop
4) Un-tick the box next to Remote Desktop
5) Click OK
Disable Remote Access:
1) Click Start
2) Click Run
3) Type; sysdm.cpl
4) Click the Remote Tab
5) Un-tick the check box
6) Click Apply
7) Click OK
8) Click OK again
2) Click Run
3) Type; sysdm.cpl
4) Click the Remote Tab
5) Un-tick the check box
6) Click Apply
7) Click OK
8) Click OK again
Delete Cookies and Offline Content:
1) Click open Internet Explorer and click Tools at the top menu bar
2) Select Internet Options
3) Click Delete Cookies, also select “Offline Content”
4) Click Apply and OK (different browser's may look slightly different!)
2) Select Internet Options
3) Click Delete Cookies, also select “Offline Content”
4) Click Apply and OK (different browser's may look slightly different!)
Increase security settings via Internet Options:
1) Click Start
2) Click Run
3) Type: inetcpl.cpl
4) Click the Security Tab – set the slider to Medium-High
5) Click the Privacy tab – set the slider to Medium-High
6) Click Apply and OK – now reboot your computer
2) Click Run
3) Type: inetcpl.cpl
4) Click the Security Tab – set the slider to Medium-High
5) Click the Privacy tab – set the slider to Medium-High
6) Click Apply and OK – now reboot your computer
After you have completed all the above steps, you must reboot your computer to ensure these changes are written to the Windows registry and take effect.
If your computer runs Windows Vista or Windows 7, most of the above will be set by default, I would advise however, that you check to see that your computer is locked down with the above security settings and recommendations.
For the best protection, it is advisable to have a certified computer or security technician harden your network and computer system. You can also view other security tips under ‘Internet Security’ on this website.
What if I have been a victim of this scam?
If you have been scammed and do not know what to do, follow these steps:
1) Contact your bank and freeze the account you used for these scammers
2) Do not go online
3) Immediately change your computer logon password
4) Contact the Office of Fair Trading QLD on 13 13 04 and report your story
5) Ring the Police if you believe funds are missing from your account
2) Do not go online
3) Immediately change your computer logon password
4) Contact the Office of Fair Trading QLD on 13 13 04 and report your story
5) Ring the Police if you believe funds are missing from your account
If you have lost money, you may be offered a ‘charge-back’ where your bank may instigate efforts to reimburse funds to the amount stolen. This process varies with different banking institutions and credit unions, but for the most part, your first action is to contact your financial institution and have them suspend your account.
Your computer will most likely be infected with malware installed by these scammers. This malware allows the scammers to have administrative privileges on a computer. They effectively have explicit control of your computer and almost everything on it.
One of the first steps to eradicating this malware is to use your antivirus and antispyware software. Ensure both programs, (or just the one) is updated before you begin scanning. You may be offered several actions depending on what software you have and how it might be configured. Use the services of an IT professional if you are not that computer savvy or unsure on what to do.
If it turns out that your computer is significantly infected, you may have to reformat. This is where you reload Windows so your computer will be like the day you got it. The drawback here is in data backup, you will need to backup what data you wish to keep, as it will be erased along with any malware during the reformat.
Reformatting your computer will guarantee malware/spyware removal, but even if you back up your data, you must have it scanned with AV software before it is re-installed, this is to prevent ‘re-infection’ of the original malware that compromised your computer. Again seek the services of a certified computer technician if you are unsure.
Also remember:
§ Microsoft do not cold call customers
§ Contact a certified computer technician if you have fallen victim to this scam.
§ Ring your bank immediately and freeze any transactions on the credit card you may have used if you have been a victim of this scam.
§ Never give out personal information over the phone to people you do not trust or know.
§ Contact a certified computer technician if you have fallen victim to this scam.
§ Ring your bank immediately and freeze any transactions on the credit card you may have used if you have been a victim of this scam.
§ Never give out personal information over the phone to people you do not trust or know.
This same threat has now elvolved with the scammers posing as other companies such as Telstra and possibley other Australian companies who they impersonate.
Many people I have spoken to already have had numerous calls from these scammers (especially those with foriegn accents) posing as Telstra personal, funny thing is that many of these people reported that they do not even have a Telstra account!
These scammers will try and have you divoldge account and personel information and eventually attempt to have you provide your credit details, if you recieve one of these calls, HANG UP!
If you recieve calls and are not sure if it is Telstra, simply ring Telstra.
Again the information provided here is intended to inform the genral public of these nusiance calls and is in no way intended to implement Telstra with any of the above mentioned scams and or fruadulent activity.
Again the information provided here is intended to inform the genral public of these nusiance calls and is in no way intended to implement Telstra with any of the above mentioned scams and or fruadulent activity.
For more information contact the following agencies:
Scamwatch: www.scamwatch.gov.au
Your local Office of Fair Trading
ASIC and the ACCC
It must be made clear that Microsoft does not, nor is it implied to have anything to do with the above scam. Australian authorities are working with various agencies such as the Indian government to try and circumvent the above mentioned scam. Also be aware that these scammers may evolve their scam by impersonating other companies.