SCAMwatch, an Australian federal government funded initiative to provide information about how to avoid scams to consumers and small business, has reported phone call scams continue to plague Australians.
With new tactics and tricks, including follow-up calls to people who initially fell victim to a previous scam in an attempt to scam the same people again, calls occur mostly during the day and target people unfamiliar with their Microsoft Windows operating systems.
SCAMwatch provides a number of warning signs that someone calling you is a scammer:
- You receive a scam call out of the blue claiming there is a problem with your computer.
- The caller claims to be from a large computer company/brand, bank, financial institution, or legitimate technical service provider.
- They will request remote access to your computer and if you say yes will run a ‘scan’ that shows up a fake virus.
- The scammer will pressure you into buying unnecessary software or a service to ‘fix’ the computer.
- The scammer may be very persistent and use abusive or inappropriate language.
- The scammers may sound professional and knowledgeable.
During calls received by TechTarget staff the scammer stepped through a number of scripted instructions to ‘prove’ the computer was infected by opening Windows Task Manager and looking for “red and yellow circles” which, according to the caller, “are infected files”. The scammer then attempts to use free remote control software to connect to the victims PC over the Internet.
Once connected the scammer uploads an application which finds a ‘virus’ and either ‘removes’ it upon payment (at the same time clearing the Windows Task Manager of all events to prove the infected files have been cleaned) or attempts to charge a software maintenance fee for the anti-virus software.
Calls are made from a difficult to trace VoIP connection with no caller ID. Callers appear to be mostly women working in a call centre environment, who then pass the intended victim to a “senior support” engineer if the intended victim asks questions which fall outside the scripted procedure. Upon reporting the scam call to Optus residential home phone customer support, Optus recommended contacting the SCAMwatch website and were happy to help complete the web based SCAMwatch complaint form correctly.
According to the SCAMwatch website, “Many scams originate overseas or take place over the internet, making them very difficult to track down and prosecute. If you lose money to a scam, it is unlikely that you will be able to recover your loss.”
Governments around the world have been trying to raise awareness in the community about Internet and telephone based scams for decades. This year during Privacy Awareness Week (1 to 7 May 2011), privacy commissioners and regulators from across the Asia Pacific region released an animation and e-survey to find out more about privacy and social networking. The animation and survey are available on the Privacy Awareness Week website: http://www.privacyawarenessweek.org/.
Last year’s National Cyber Security Awareness Week was held from 6 to 11 June 2010, and launched a number of new initiatives including the spam reporting tool ‘Spam SMS’. The tool provides Australians with a quick and easy way to report spam SMS by forwarding messages to 0429 999 888. Programs to help teachers manage cybersafety education and increase awareness in schools were also launched.
So how do scammers connect so easily to PCs behind firewalls and protected by anti-virus applications?
The number of remote control software options has grown significantly in the last few years. While Windows Remote Desktop and VNC technologies with their specific TCP port requirements are used by system administrators to manage servers and enterprise PCs, a market in over-the-Internet support has seen the development of web based tools which allow users to share their computers across a tunnelled http or https connection.
downloads.com reports over 160 free remote control software options, with the most popular including TeamViewer (28m downloads) and LogMeIn Free (1.3m downloads). Skype and Cisco WebEx also offer screen sharing however remote control is more carefully controlled.
Teamviewer offers the most disturbing environment from a security point of view by far.
Driven entirely from the homepage of the Teamviewer website Teamviewer allows a remote user to connect to a PC and control that PC as if they were the local user. The remote user can even control whether the local user of the PC may interact with the session via a feature called ‘Disable Remote Input’. The controlling remote user may also transfer files, blank the screen, reboot the PC and establish an encrypted VPN between two machines, blinding local anti-malware and anti-virus gateway infrastructure and effectively jumping the firewall.
It is difficult to think of any extra features a scammer would need to completely compromise a PC in a more efficient way. Even the IP address of the remote host is hidden as each PC makes a connection to the teamview servers, which broker the connection between the two end points.
Teamviewer technical support team in Germany advised that once a remote control session between the scammer and victim had been established, Teamviewer engineers could “trace the scammer and block IP addresses”, effectively blocking the scammer from using the software. The Teamviewer press representative was not responsive to further questions asked via email. Teamviewer have local phone numbers in Australia however customer support is serviced from sites in the USA and Europe.
SCAMwatch recommends a number of ways to protect yourself.
- If you receive a phone call out of the blue about your computer system’s security status and requesting remote access - hang up – even if they mention a well-known company or product.
- NEVER give an unsolicited caller remote access to your computer.
- If you have given remote access to your computer, or you fear that your computer has been hacked, seek out help or advice from a qualified and reputable computer technician.
- Do not give out your personal, credit card or online account details over the phone unless you made the call and the phone number came from a trusted source.
- Make sure your computer is protected with regularly updated anti-virus and anti-spyware software, and a good firewall - but research first and only purchase the software from a source that you know and trust.
- If you have fallen victim to a scam or you receive a lot of unsolicited emails and phone calls consider changing your email address and phone numbers.
- If you think you have provided your account details to a scammer, contact your bank or financial institution immediately.
Scams can be reported to the ACCC via the report a scam page on SCAMwatch or by calling 1300 795 995.