22

The other day, I got a call from a relative with an email problem. After a bit more discussion, it turns out that two days previously, a man phoned my relative:

  • stated he was from microsoft;
  • asked if my relative had some computer problems.

He then proceeded to talk my relative through some "computer stuff" - he can't remember more details other than he didn't give them his password.

This is obviously a scam. My question is:

  1. Is this sort of scam common? If so, what do they usually do/want?
  2. My plan is to remove his pictures/files and rebuild his computer. What's the best way of making sure there aren't any "hidden surprises" in these files.

Tag suggestions welcome.

AviD
  • 72,138
  • 22
  • 136
  • 218
csgillespie
  • 957
  • 1
  • 9
  • 15
  • 2
    You might want to take a look at this thread: http://security.stackexchange.com/questions/3374/phishing-red-flags-and-countermeasures – Iszi Jun 13 '11 at 00:54

2 Answers2

20

This type of attack is called "Vishing".
I don't think it's very common, but it's not unheard of. However, mostly its automated responses on bogus numbers, manual vishing I have to think is even less common.

It sounds like the attacker was either hoping to get lucky, or it was a targeted attack - not really enough information here to tell. It could be he just wanted his password (email, bank, etc) or credit card, maybe personal info for identity theft, perhaps wanted to try to trick him into installing some trojan or backdoor, and possibly even some more elaborate social engineering scheme (e.g. does he work for DoD?).
At this point, not much to base it on, but try and convince him to try again to remember what he actually did.

As far as "surprises", it really depends on what your relative did to his computer on the say of the random stranger.
Of course, run all the files through an antivirus scanner (not that it will block most stuff, but do it anyway...)
Also look around on this site for virus and malware type questions....

And while you're at it, give your relative a quick tutorial on computer hygiene 101.
It's not like he'd hand his car keys to a random hobo that stops him on the street, just because he says he's from Ford.

AviD
  • 72,138
  • 22
  • 136
  • 218
9

There is an Epidemic of this attack in NZ at the moment.

We have been called about 5 times over the last 6 months.

The attacker wants to get you to open up your computer to remote access and then who-knows-what.

They use a Contact Centre (probably in India) with a script that goes something like this:

Hi, I am from Windows.

We have found a virus on your computer.

Please go to your computer and see all the problems

(tells user to launch Event Viewer).

Then open up your remote access / firewall etc.

Then we own your computer hahahahahahaha.

When I talked to the guy, he said he was in Wellington, he gave me an Auckland number and was obviously confused when I didn't stick to the script.

They seem to be tuning their scripts a little, I don't know how many people are getting hacked, but I suspect that they will get a lot better over time.

This doesn't seem to be a vishing attempt as I understand it (because they ask the user to circumvent their own security / grant access to their computer), more of a straight Social Engineering attack on individuals to get access to their computer to install malware or Rogue Security Software. Important to note that this attack leverages cheap call centre staff to attack individuals.

Community
  • 1
Andrew Russell
  • 3,633
  • 1
  • 20
  • 29