customer fell for tech support call

Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

I will run a full, deep virus scan on her to make
sure she is okay. Plus look around myself.

Do you guys know if this scheme is just to steel your
credit card or do they also drop some crap on your
computer?

Many thanks,
-T

On Tue, 29 Jan 2013 22:02:54 -0800, Todd wrote:

Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

I will run a full, deep virus scan on her to make
sure she is okay. Plus look around myself.

Do you guys know if this scheme is just to steel your
credit card or do they also drop some crap on your
computer?


It can be either or both. Not all scammers who do this are the same.

I recommend that you do *not* rely on "a full, deep virus scan."
Besides their getting money from you for doing nothing of any value,
if she let them into her computer, who knows what damage they did
there or what confidential information they stole.

So since she did, I highly recommend that she (or you) do both of the
following immediately:

1. Do a clean reinstallation of Windows.

2. Change all of her passwords, especially any for banks or other
financial sites.

On Wed, 30 Jan 2013 09:05:15 -0700, "Ken Blake, MVP"
wrote in article
...

On Tue, 29 Jan 2013 22:02:54 -0800, Todd wrote:

Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

I will run a full, deep virus scan on her to make
sure she is okay. Plus look around myself.

Do you guys know if this scheme is just to steel your
credit card or do they also drop some crap on your
computer?


It can be either or both. Not all scammers who do this are the same.

I recommend that you do *not* rely on "a full, deep virus scan."
Besides their getting money from you for doing nothing of any value,
if she let them into her computer, who knows what damage they did
there or what confidential information they stole.

So since she did, I highly recommend that she (or you) do both of the
following immediately:

1. Do a clean reinstallation of Windows.

2. Change all of her passwords, especially any for banks or other
financial sites.

+1

And while she is at it, notify the banks and credit card companies and
put a fraud alert on any of her accounts she used or accessed with that
computer.

--
Zaphod

Arthur: All my life I've had this strange feeling that there's
something big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.

On 30/01/2013 1:02 AM, Todd wrote:
Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

Terrible timing coincidence. You're dealing with real tech support, when
fake tech support calls confusing the hell out of you. I don't blame
your client for falling for it.

I will run a full, deep virus scan on her to make
sure she is okay. Plus look around myself.

Do you guys know if this scheme is just to steel your
credit card or do they also drop some crap on your
computer?

They often do install malware, but I think that usually happens after
they get your credit card info. But you should ask your client whether
they asked her to allow permission to do anything on her computer.

Yousuf Khan

From: "Yousuf Khan"

On 30/01/2013 1:02 AM, Todd wrote:
Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

Terrible timing coincidence. You're dealing with real tech support, when
fake tech support calls confusing the hell out of you. I don't blame your
client for falling for it.

She "should" have requested more information to qualify and vet the caller.
Therefore, she does have blame.

People must use Critical Thought to thwart Social Engineering which is the
human exploit.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

On 01/30/2013 10:45 AM, David H. Lipman wrote:
From: "Yousuf Khan"

On 30/01/2013 1:02 AM, Todd wrote:
Hi All,

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer.

Terrible timing coincidence. You're dealing with real tech support,
when fake tech support calls confusing the hell out of you. I don't
blame your client for falling for it.

She "should" have requested more information to qualify and vet the
caller. Therefore, she does have blame.

People must use Critical Thought to thwart Social Engineering which is
the human exploit.


True. But, remember you would not have much of a career
as a criminal if you did not have an honest face. (It is
a play on words.)

And, I have given up telling people they should use Linux,
preferably off a live CD, to do on line banking. It is
so foolish to use Windows for private stuff. Yet
try and stop folks. (I do no on line banking. Perplexes
my bank, but they live with it.)

In message , glee
writes:
[]
Have them report the call he
https://isc.sans.edu/reportfakecall.html

Is that only for US citizens?
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A bird in the hand makes it hard to blow your nose.

"Todd" wrote in message
...

I had a customer call and told us that she had taken
a phone call from someone that said they were from tech
support and needed to check their computer out. She
fell for it as she had been dealing with some other
tech support and got the fraudsters mixed up with
them. She let them log in and poke around. She
wised up when they wanted to charge he credit card
$200.00 to fix her computer. . . .
Do you guys know if this scheme is just to steel your
credit card or do they also drop some crap on your computer?

Fake calls like this began at least three years ago. So IT
professionals should know by now this common scam merely
exploits one of the cosmetic ornaments of WinXP and later
MS operating systems.

/Administrative Tools / Event Viewer / points to logs of
malfunctions during normal operation. Those classified "Error"
are ornamented with a scarlet blob with superimposed white
X, and "Warning" with the familiar yellow triangle with black !

Naive (normal) users do not know that all Windows PC frequently
log errors like this without functionality ever being impaired.
When they.see for the first time the long series of these
alarming red and yellow markers, users may be easily persuaded
they need to pay an expert to "fix their computer." Most fake
callers use this alarm to sell AV software or bogus
services. (They may or may not also harvest credit card
information for resale to professional thieves.)

The initial warning signal is that the caller purports to
represent either Microsoft Corp. or the employer's IT
department. This is easily verified, and nearly always turns
out to be a lie.

--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)

"J. P. Gilliver (John)" wrote in message
...
In message , glee
writes:
[]
Have them report the call he
https://isc.sans.edu/reportfakecall.html

Is that only for US citizens?

I doubt it. There is nothing I've found on their site that indicates
any of their work is limited to the US. They monitor global security
issues.
--
Glen Ventura
MS MVP Oct. 2002 - Sept. 2009
CompTIA A+

In message , glee
writes:

"J. P. Gilliver (John)" wrote in message
...
In message , glee
writes:
[]
Have them report the call he
https://isc.sans.edu/reportfakecall.html

Is that only for US citizens?

I doubt it. There is nothing I've found on their site that indicates
any of their work is limited to the US. They monitor global security
issues.

Thanks.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

All I ask is to _prove_ that money can't make me happy.