The Telephone Support Scam

The other phone hacking story

By , Columnist

Here in the United Kingdom, the news is filled with the scandal of Rupert Murdoch’s newspaper empire hacking into voicemail, and the more recent allegations of infecting computers to gather information.

While this is happening another less sensational, but rather more concerning, form of phone hacking is also going on. In fact, it’s been around for some time. Ladies and gentleman, I present “The Telephone Support Scam”.

Picture the scene: you’re lounging around at home and your phone rings. The very helpful person at the other end informs you that they’re from your Internet service provider, or Microsoft, or some such company, and they’ve noticed security issues with your machine. Fortunately, if you have just a few minutes spare they can fix these for you. How kind of them!

Over the next few minutes they’ll guide you through a series of steps to “fix” things, and along the way you’ll end up giving them complete access to your machine. Once that happens, they’ll either infect your computer or steal data from it. In some cases, they’ll even cheekily ask for your credit card details so that you can pay for their services.

I was lucky enough to receive one of these calls myself a few weeks ago, and I’m a little ashamed to admit I enjoyed it. Hey, I have my own fun!

Talking to probably the dumbest scammer I’ve ever encountered, I managed to confuse them by responding to their request to press “the green start button” with: “I think I’ve got a problem because my start button’s blue. Will it still work?” That wasn’t part of their script and it took a while for them to decide that the (entirely fictitious) blue button should work just as well.

Before long, they asked me to type in a command, and I decided to test their patience. I managed to add to their phone bill by dragging the call out, very slowly confirming each of the letters they told me to type. “E… for echo? OK… e…. V… for bravo?”

After several long minutes they’d explained which command I should be typing in. (I wasn’t actually typing it, obviously!) They were trying to get me to look at the Windows event viewer, hoping that the information shown there -- some routine and harmless “error” messages -- would frighten me into accepting their offer of help.

Enjoyable though this was, I had better things to do, and so I thanked them deeply, sincerely, and profusely for all their assistance. At this, their sarcasm detector finally triggered, and the phone went dead.

If you get a call like this, the best general advice is to ask them not to call again, and then hang up. If they get the message that you aren’t going to fall for their tricks, they probably won’t bother trying again.

More specific advice is available in this free white paper I originally put together for friends and neighbours, and also in articles Sophos has published here and here.

Finally, you can help make others aware of this problem by telling them about this article. As more people learn about this scam, fewer will be caught out by it.

Share this story About the author

Steve Clark is the director of an IT support company based in London, UK. A confirmed geek who's been nosing around inside computers for the past three decades, he considers solving puzzles, cracking codes, and improving security protocols to be legitimate ways of having fun.

View Profile
Visit Website

More from Steve
Related Tags
 

Connect With TMR

Recent Writers

View all writers »

December 2016
S M T W T F S
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31