Skip navigation

4 posts from 2010

Don't get caught out by phone scams

Most people are wise to so-called phishing scams, usually in the form of emails pretending to be from a reputable place such as a bank asking you to click a link to 'secure your account' or similar. Said link is usually a clone of the real site so that users feel comfortable entering in their confidential data. Of course, it all gets sent to scammers who go and use your details to commit fraud. Lovely.

It's not a new thing at all, but people are doing this over the phone too. A popular one that recently caught out a family member is that someone will call, ask for the householder by name, and proceed to tell them they are from Microsoft or 'Windows Support'. They may have the householder's email and/or home address (from where I have no idea; they may be using the local phone book or have the details sold onto them from other sources) and will gain the trust of the user by confirming these with them, proceeding then to tell the user their computer is infected by viruses and this must be fixed now or they will be fined/their computer will crash/other similar threats. Sounds like a classic scam, but due to the user being named it can catch people out - especially if they're computer illiterate.

The scam generally continues with some or all of the following:

  1. The user is instructed to go to their computer, go to the Run command/Windows+R (which brings up the Run box) and type in "eventvwr" and/or some form of "prefetch unwanted"

  2. The scammers tell the user that the entries listed in the resulting window are viruses and these must be cleaned.

    This is of course not true - "eventvwr" brings up the Windows Event Viewer and entries listed within this are events logged by Windows. Scammers may go further with this one and say that any items with a yellow warning triangle or red cross are malicious items, but they aren't - they're errors logged by Windows which for the most part are harmless. They are definitely not viruses.

    The "prefetch unwanted" command brings up the Windows prefetch cache, which is just that - a cache of programs which enables Windows to open them more quickly. Deleting these files won't remove a virus nor will it damage your computer.

  3. After insisting that the files found are dangerous, the scammers will offer to 'fix' them and will ask for payment to do this. They might take users to a website or they will ask for card numbers over the phone. Common websites users are sent to include some variant of the words "tech support" in the URL.

  4. What follows is an attempt to connect to the computer remotely. How this is done differs slightly per scam but in general they will direct users to a web page via the Run command and/or will ask them to install a program such as TeamViewer or LogMeIn. Installing those particular programs (the ones mentioned, that is - other programs may be more malicious) is not dangerous in itself - it's the part where the user hands over control that is, and the scammers will do this by asking the user to enter a code into the website or program. Control is then given over to the scammers - they can then see and use the computer as if it was their own.

  5. Once the card payment has gone through (for far more than the user paid for, in most cases), the scammers will set about 'fixing' the computer, which generally involves downloading and installing lots of software onto the machine and possibly deleting anything they think is a virus (note: this could be anything - personal documents, essential Windows files, etc). They might tell users to leave the machine for a bit and during that time they'll snoop into their personal files - or they'll do it right in front of the user and claim it's part of the fixing process. It isn't - they're just looking for information they can steal.

  6. Once all the software is installed, the user is told their computer is fixed and the call is ended. The installed software is, in most cases, harmless; it's just junk that doesn't do anything (or perhaps does do something, but not what it advertises - it may pop up a load of ads or redirect your browser to a dodgy search page, for example). However, some scammers have installed software which opens a backdoor to the computer and leaves it in their complete control and can use this to do far more damage. Rootkits and keyloggers can get installed and the computer can end up a so-called 'zombie' acting as part of a botnet.

Wonderful, eh?

Fixing all this once the user discovers they've been conned depends on quite how bad the damage is to the computer. Personally I'd recommend a full reformat - you never know what nasty little things were done during the 'fixing' process and what that seemingly harmless software might leave behind. It might still be 'calling home' in the background, sending personal details back to the scammers. Not really a nice thought. It also goes without saying that you should cancel all cards given out to these fraudsters and contact your bank telling them what happened. It's unlikely you'll get the money back, as you willingly gave the details out, but you should still contact them. Watch out for an increase in junk mail, email spam and/or similar phone scams as your details get passed around - don't fall for them again. If you can, get a credit check done to make sure no one is fraudulently using your details.

However, the best advice is not to be scammed in the first place. When random people call you up out of the blue, treat them as if they'd emailed you - would you blindingly trust any email that says it's from a certain sender? You shouldn't trust people on the phone that claim as such either. If they pretend to be from a reputable company, ask their name and ask for a reference number for the call, then call the company's main advertised number (NOT the number the person on the phone tells you to call, even if they say it's their private extension or similar) and quote the details. No such person/reference? You know that call wasn't genuine.

Think about it: would a major computer company such as Microsoft really care about individuals with viruses? And furthermore, if they did care, would they really task themselves with dealing with it? No, they wouldn't - they're a huge company with far better things to do. It's common sense; you cannot know a person is who they say they are even if you met them face to face, so how can you possibly know over the internet/phone? You can't, so don't give them the privilege of having your personal data. You don't know what they'll use it for - ID theft, selling it on, stealing from your bank account ... You name it.

Oh, and don't save things on your computer that will delight such fraudsters when they find them either - bank details in a Word document? Not a good idea. Really.

HTC Wildfire - a review

HTC Wildfire

So, I have been looking for a new phone and was thinking about getting the iPhone 4 or the HTC Desire. I was quite fond of my previous HTC, the T-Mobile branded G1 (aka HTC Dream), but it was crashing a lot. I ended up with an HTC Wildfire (that's it over there on the left. Pic of box taken with phone. Wheee).

View full entry »

Facebook knows all about you... Even if you don't know about it.

I might be late to this but it's something I discovered recently.

Let's take a fictional character and call them Joe Bloggs. Joe doesn't subscribe to all that fancy schmancy internet nonsense and has no clue what a 'Facespace' or a 'MyBook' is. He checks his email every now and then and might browse the web from time to time, but that's all he really does on the internet.

So imagine his surprise when he gets an email from some Facebook thing telling him he should sign up, because all his friends are on it. He'd dismiss it, only - it really is listing all his friends. How can Facebook know who his friends are? How does it know that Jane Bloggs is his sister and John Bloggs is his father? How does it know so much about him when he knows nothing about it?

The answer is that Facebook collects emails and search habits. You know that 'enter your email details to search your contact list for friends on Facebook' feature? Be careful with it. Facebook keeps all the addresses it finds and associates them with you. If you've got those email addresses in your contact list, they must be your friend, right? Repeat this for all the other members on Facebook who are doing the same thing and Facebook can build up a pretty good picture of who you are.

Facebook also allows you to list various family members on your profile, and if said member doesn't have a Facebook profile, it asks for their email address. Facebook then knows when someone invites you to Facebook that you're the brother of X and the father of Y and whatever else.

Facebook's privacy has come under fire recently and I'm not surprised - I admit to using the email search feature when I first joined Facebook and nowhere do I remember it saying it would collect all my contacts' email addresses and retain them in order to guilt-trip other people into joining. I had another look at it recently (without actually entering my details, of course) and I still didn't see it. Admittedly, I have not read their very long and very complicated privacy policy in some time so it is likely to be mentioned there.

Am I going to delete my Facebook profile after this? I'm not sure. It is a great way to keep in contact with people I haven't spoken to in years but if it's profiling me behind my back, I'm not sure I agree with that. Facebook are by far not the first or only company to do this, of course, but they are so far the most high-profile and media attention-worthy. With millions and millions of members, they can make some hefty $$$ from all this if they really wanted to (and there are rumours that they do want to. Imagine what advertisers could do with that data!). Then again, if I did delete my profile, Facebook never really deletes a profile in case you want to reactivate it. So they've got my info anyway, whether I gave it to them or not, and whether I want it there or not. Fun.

Scary stuff, if you ask me.

Older Entries