Trails End Computer Club

Bulletin for week of MARCH 17, 2013

MEETINGS
Every Wednesday

Library Room
Program or Lesson
9:30 - 10:30
One on One Help
10:30-?

SPECIAL INTEREST GROUPS:

If you would like to meet in a small group to discuss special computer related subjects or form a Special Interest Group lets discuss it.

Our bulletin is also available on line by visiting tecc.apcug.org and clicking on bulletin.


Our weekly program or lesson is intended
to be of interest to all computer users.
Following the program an allotment of time will
be available for one on one help to those
who want a better understanding of something done
 during the presentation.

Upcoming Events

Wednesday March 20, 2013 Meeting
 9:15 AM Set up your computer
 9:30 AM Lesson
10:30 AM One on One help

IraBack Again  - Phone Scammers Want to Hijack Your Computer

by Ira Wilsker

 

WEBSITES:

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/

http://answers.microsoft.com/en-us/windows/forum/windows_xp-security/

http://www.theregister.co.uk/2011/06/16/tech_support_scam_calls/

http://windowssecrets.com/top-story/watch-out-for-microsoft-tech-support-scams/

https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?lang=en

             Early last year, I wrote a column here warning that telephone scammers, claiming to be from Microsoft, were calling local people, informing them that their computers were infected with malware.  The rip-off had seemed to be somewhat dormant for several months, with only occasional inquiries from people asking about a phone call from Microsoft, Norton-Symantec, McAfee, or their ISP alleging that their computers were infected, and that for a fee and with remote access, they could repair the computer.  During a few week period in late 2011, I heard from many people that they had received such calls, but for the last 15 months, I only received an occasional inquiry.  Now, in just the last few days, I have received several such calls and emails indicating that either by plan or coincidence, local computer users are again receiving those calls in quantity. 

            Last Friday evening, I received a frantic phone call from an acquaintance indicating that he and his wife had received a half-dozen calls over the past few hours, many irate, from foreign accented individuals claiming to be from Microsoft.  These "Microsoft employees" needed immediate remote access to stop the victim's computer from spreading malware, and that Microsoft had detected hundreds of viruses and other malware coming from their PC!  Demanding that they, the crooks, needed to take immediate remote control of the victims' computer, in order to prevent the spread of computer viruses.  The first polite request was denied, followed a short time later by a second telephone request, also denied.  The third telephone request was somewhat irate, demanding immediate access to the victims' computer.  A fourth, fifth, and sixth call over a period of a few hours became much more irate and belligerent, demanding immediate access.  The distraught victim then phoned me, asking if Microsoft really needed to take control of his computer in order to clean off viruses; I told him no, that this was a well documented scam, and to simply hang up on them if they called again.

            Later Friday evening, I received an email from another friend, "Is there a scam going on with someone calling on the phone to notify us that there has been a problem on my computer, and that they can directly connect into all Windows users?"  I replied promptly, that this was also a scam.  Saturday afternoon, I received a phone call on one of my digital phone lines that has an unpublished number that I had never given to anyone outside of my immediate family.  This call showed no name on the caller ID, but appeared to be from the 559 area code (Fresno area of California).  The caller had an unusual accent, and the voice quality sounded like it was a foreign call.  A quick check indicated that the call was possibly a VoIP (internet relayed digital call) coming through a node near Fresno, and then on to the domestic phone network.  While I have no empirical evidence to prove it, I would make an educated guess that the call originated from Nigeria, a common source of this and many other internet scams.  Similar scams have been traced to India, Pakistan, the Philippines, China, Vietnam, Russia, and other south Asian countries.

            Being fully cognizant of the nature of the scam, I decided to play along with it. This very polite gentleman, with the foreign accent, informed me that he worked for Microsoft, and that Microsoft had detected that my computer was responsible for infecting other computers with several viruses.  Very kindly, he offered to perform a remote security scan on my computer if I would only allow him to remotely access it.  Trying hard to sound somewhat cyber illiterate, I asked him how he could remotely perform a scan, and he told me that all I had to do was click on my Windows 7 icon (orb)  on the bottom left of my screen, or click on the "Microsoft Menu" key on the bottom left of my keyboard, and then follow his instructions.  Pretending to be somewhat unsure of myself, I had him walk me through the process; open my menu, and then click on Control Panel, then System, then click on "Remote Settings" on the left side of the window.  When the next window opened, he instructed me to click on the remote tab, and then to check the box "Allow remote assistance connections to this computer".  I hesitated, telling him that I was not comfortable doing this, and in a reassuring voice akin to the classical "Trust Me" ruse, he assured me that all that he was going to do was a comprehensive virus scan on my computer to verify that it really was my computer that was broadcasting viruses to other computers.  Knowing what would be coming next, I asked him if his virus scan would remove the viruses for me.  Very politely he responded no, that this was just a virus scan, but for a "nominal fee" he could remove any viruses that he found from my computer.  A follow up inquiry disclosed that this "nominal fee" was $69.95 charged to a credit card number that I would give him over the phone.  I told him "no thanks", but before I could hang up the phone, he pleaded with me to trust him, and allow him remote access to my computer.  With a stern "NO!",  I hung up the phone.

            This was not just some isolated or random event; in the past few days another co-worker received a series of similar phone calls in his office from a very persistent caller who would not take "no" for an answer.  Shortly after hanging up on him, he called back again, with the same response.  A few minutes later, he called back very angry, demanding remote access to his work computer, which was duly refused.  Moments later, someone claiming to be a "supervisor" demanded access "right now" to his computer; he called me over to talk to the scammer.   The "supervisor" said that he was with Microsoft in India, and that it was mandatory that I give him remote access to this computer immediately.  My curt refusal was met with a somewhat threatening reply that I would be in trouble for refusing him remote access to this computer, and that I would regret it.

            According to those that have fallen victim to this crude scam, the repeated scenario is the crook asks the victim to allow him remote access to the victim's computer by clicking on some Window's commands, allowing the crook complete remote access and control of the computer.  Once the crook has control of the victim's computer, he regretfully informs the victim that his computer is heavily infested with malware, and that for a fee, typically $69.95 (but it may vary greatly), he can clean the computer and return control to the victim.  What the cyber-thief does not say is that while he is performing the security scan on the computer, he is likely to download (steal) documents, spreadsheets, personal information, emails, address books, password files, and other valuable data from the computer.   It is also not uncommon for the bad guys to install malware such as keyloggers and screen capture utilities to steal usernames and passwords for the purpose of identity theft.  If a credit card number, expiration date, and CVV security code are given to clean the computer, not just is the card charged for the service (often for much more than the agreed upon price), but the credit card information also often appears for sale on the illicit websites selling credit card numbers.

            The number of people victimized by this scam may be much larger than previously known.  According to a report on this scam, published June 16, 2011 in "The Register" (UK), "The software giant (Microsoft) surveyed 7,000 computer users in the UK, Ireland, US and Canada and found an average of 16 per cent of people had received such calls. In Ireland this rose to a staggering 26 per cent."  Personal losses can be quite dramatic for those victimized by this and similar scams. In this same report,  "(Microsoft) said 79 per cent of those tricked suffered financial loss – the average loss was $875 (£542). Losses ranged from just $82 (£51) in Ireland to a whopping $1,560 (£967) in Canada." (Source:  theregister.co.uk/2011/06/16/tech_support_scam_calls)

            Scams such as these have been around for several years, and reputable organizations, news services, and blogs have been warning about them.  In several locations, Microsoft has emphatically stated, "Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes." (Source: www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx).  Be especially aware if a person over the phone offers to remotely install "genuine" Microsoft security software for a fee, since Microsoft makes this same software available to anyone for free.

            If you are one of the many victims of this scam, Microsoft and others have published a series of recommendations to follow.  First, if you gave the crook your credit card number, immediately contact you credit card company using the 800 number on the back of your card, and cancel your card, requesting a new one. Over the phone, the customer service representative can list your recent charges, and may give you an opportunity to question them right away. Look carefully at any recent charges on your online or paper statement, and challenge any illicit or unknown charges with the credit card company.  Next, perform a complete security scan of your computer using security scanners other than the security software already  installed on your computer.  Since your current security scanner and protective software may have been neutralized by the cyber crook, perform a scan with one of the major third party security scanners; my personal favorites are the free versions of SuperAntiSpyware (superantispyware.com) and MalwareBytes (malwarebytes.org).  Once your computer has been satisfactorily cleaned of any malware that the scammer may have installed, it may be necessary to reinstall your security software.  Change the password that you use to logon  to your computer, and any other passwords that you use to access your email, financial accounts (including banks and credit cards, as well as such services as PayPal), online retailers (including eBay), and any other passwords that you may have used.  After doing what you can to mitigate the damage done, consider filing a complaint with the Federal Trade Commission using the "Complaint Assistant" at www.ftccomplaintassistant.gov. 

            Please, do not fall victim to this scam which is again targeting manly local residents.  If "Knowledge is Power", then now you have the power to protect yourself from this and similar scams.



Submit Your article; deadline for next bulletin is Tuesday noon each week. Only what you write may be published. We cannot publish other peoples work without written permission. Simply click here EDITOR AT TECC and paste your write-up to submit it.
Share your computer experiences with other members. We need articles to publish in the TECC Bulletin each week.

UPDATE YOUR MEMBERSHIP INFORMATION Change your e-mail address, unsubscribe to this bulletin, etc.  Use link below.
UPDATE YOUR MEMBERSHIP