Helping people with computers... one answer at a time.
In a brazen scam attempt you may get a phone call from someone claiming to be your ISP to "help" you with your Windows problems. Don't fall for it.
Perhaps you might be interested in this little anecdote.
Yesterday about noon, the telephone rang.
It was an Indian woman - the conversation is as I recall it ...
•
What follows is one of the most brazen scam attempts I've seen in a while. Fortunately, the person reporting it had the right instincts and was able to avoid getting taken.
Let's look at the transcript provided, and I'll identify all of the warning signs with [notes] as we go.
•
The conversation (with names changed) went like this:
"Given the amount of information that's likely publicly available about each of us, it's not that hard to put together a convincing sounding story - but that story will have holes."Caller: "Mr. Smith? We have your address as [correct address given], and we have your telephone number, otherwise we'd not be able to call you. For security purposes, would you give me your first name, please?"
Smith: "You should have that on your records" [1]
Caller: "Yes, but this is to check that you are Mr. Smith."
Smith: "I don't think that is necessary - I answered the telephone. What is this all about?"
Caller: "This is your ISP. [2] We seem to be having some problems with your account. Have you been having trouble with programs crashing recently?" [3]
Smith: "Yes, of course !"
Caller: "Well, when that happens, it sends a message to us [4], and we are getting a lot of these from you, and they are causing us some problems. Also, it is a sign that you may have serious problems with your computer very shortly. We want to help you to solve this problem, which will prevent you having your computer die on you - and it will solve the problems we are having with your messages. We have a team of Microsoft experts here to deal with it."
Smith: "Are you trying to sell me something ?"
Caller: "Oh, NO, Mr Smith! We just want to help you to sort out the problems; it's part of our service."
Smith: "O......K."
Caller: "Is your computer turned on?"
Smith: "Yes"
Caller: "Will you go to Start > Run, type in "Eventvwr" and press Enter."
Smith: "O.K."
Caller: "Click on "Application, and you will see lots of Events [5], either Information, Warning or Error. What is the total shown at the top?"
Smith: "over 1,700 since 6th Jan"
Caller: "Wow ! Roughly how many of these are Warnings?"
Smith: "I guess about a third?"
Caller: "O.K., now click on System, and tell me the total?"
Smith: "Over 2,800 - again, about a third are Warnings."
Caller: "You see Mr. Smith, how serious this is ?"
Smith: "Is it ?"
Caller: "Oh, YES, Mr Smith! [6] But we can do something about this ! I'll hand you over to a colleague who is an expert who can fix it for you."
Expert: "Hello, Mr Smith ! I'm going to help you fix the problems on your computer. I want you to go to Run > Start, type in www.logmein.com [7] and press Enter. Then tell me what you see."
Smith: "It's asking for a six-figure entry code." [8]
Expert: "Ah. Do you have that ?"
Smith: "No."
Expert: "Well, that's because your computer is over a year old. You get a year's free support, and this has now lapsed. You will need this 6-figure code before we can proceed. Renewal costs £50. May I have your Credit Card Number, please?" [9]
Smith: "Just a moment ! Your colleague told me at the start of this call that this was not a sales pitch. Do you want money off me ?"
Expert: "Oh, NO, Mr Smith ! We just want to sort out the problems on your computer ! But to do that you must have that 6-figure code....etc., etc., etc..."
Smith: "Just a minute ! I asked, do you want money from me, Yes or No?"
Expert: "It's not about money, Mr Smith, it's about fixing your computer !
Smith: "Is that a Yes or a No?"
Expert: "It's a Yes."
Smith: "Fine. Good day." CLICK [10]
The biggest take-away from this conversation may not be obvious, and that's this: always (and I do mean always) be extra cautious when they call you. Ultimately, you have no way to verify that they are who they say they are. You could be talking to a total stranger - or scam artist.
With that in mind, on to the specific notes:
[1] Exactly. Though they will often ask for something even more personal - like mother's maiden name or a part of your social security number - with all the obvious risks therein. Hence the warning I started with: recognize that they called you, and don't respond with this information. [back]
[2] Your ISP will never say "this is your ISP" - they'll identify themselves by name, both the name of the individual calling (which may be meaningless for security purposes) and the actual name of your ISP. Stating the correct information doesn't mean they're legit (it's not that difficult to find someone's ISP), but not telling you at all is a big red flag. [back]
[3] Really, now ... who hasn't?
[back]
[4] No, it doesn't. If a message is sent at all, it's sent to Microsoft or to the vendor of the software that's having a problem. [back]
[5] Yes you will. In fact we all will. The event viewer is kind of a mess, and having lots of events is not an indication that things are about to go bad. [back]
[6] Oh, NO, Mr. Scammer! [back]
[7] Important: logmein.com is a legitimate company/site and they have nothing to do with this scam. They provide a "remote access" service - the ability to login to someone else's computer across the internet. I think you can see where this might be headed. [back]
[8] It's unclear, but this is one of two possible targets of the scam. It's possible that once the appropriate code is entered (provided by the scammer, of course) that they would then be able to access our victim's computer remotely. [back]
[9] Bingo. This is more likely the real target of the scam: to get you to divulge your credit card information. [back]
[10] Handled excellently. This is exactly the correct response. [back]
I think of it as phone phishing.
As you can see, there were many red flags in this conversation. Given the amount of information that's likely publicly available about each of us, it's not that hard to put together a convincing sounding story - but that story will have holes. You must watch for them.
Here are my important take-aways from this example:
-
Insist on full and correct identification of the company that they claim to represent.
-
Always be extra suspicious when they call you. One solution: ask for a number at which you can call them, and then either research that number (Google's been fairly useful for this), or call your ISP yourself using only phone numbers you find yourself in your ISP's provided information and ask if this number, person or scenario is something they actually know about.
-
Never, ever give your credit card or other personal information to someone who called you. At least not unless you're absolutely positively certain you know who they are. If needed, get a call back number - that way even if it still turns out to be a scam, you'll have that to give to the police.
-
Be particularly suspicious of instructions to visit web sites. They may be legitimate - if you call your ISP's tech support line, for example, they're likely to have you do things like that. However, until you're certain you know who you're talking to, don't.
If you get called, and you're the least bit uncertain the solution is simple: hang up, and call the company that they claimed to represent. If it's legitimate they'll understand (and perhaps even appreciate) your caution. If it's not, they'll definitely appreciate your caution, and you'll have just saved yourself a lot of grief.
Article C4164 - February 19, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I just got a call (which showed as Overseas on caller ID) from someone with an Indian accent telling me he was from 'Windows Clear' and that my computer sent several error messages to the company. He said that he was calling to fix it for me. I hung up at that point - he hasn't called back.
Posted by: Caroline Forster at February 24, 2011 1:03 AMWell, here, in the Netherlands I work for the consumer dsl support desk and we may call our customers when a trouble ticket was logged in our ticket system. Also when a customer has inadvertently become part of a botnet or is violating security policy i.e. sending email without headers and was blocked by our abuse department and that has gone unnoticed for more than three weeks. However we always identify ourselved clearly and we will never take over a computer (as that has become impossible due to the block on their internet traffic)
Posted by: Maarten at September 27, 2011 1:02 PMI have had a similiar phone call today saying I have problems on my windows. I just said I don't have a computer and she said I was lieing to her and wasting there time, and just hung up on me. I then thought how do they know I have a computer and what my phone number was.
Posted by: Andrew at October 15, 2011 8:28 AMI received a similar call yesterday and went along not thinking straight. I was eventually asked to go to {URL removed} not realising it was logmein allowing remote access. I did go as far as keying in the 6 digit pin but as soon as a connection was established I closed the chat box and hung up.
Now my question is whether my information has been compromised since I did not allow them to take control? I have disabled anything doing with lmi.exe on my firewall an disabled remote access.
Please help! Appreciate it..
Posted by: Shea at March 17, 2012 1:05 AM@Shea
Posted by: Mark J at March 17, 2012 4:17 PMTo be on the safe side, I would run an antispyware scan or two on my computer.
Spyware: How do I remove and avoid spyware?
I would also change my PIN.