Tuesday, April 19, 2011

Hacking people.

I asked on Facebook if anyone had received a strange phone call from someone claiming to be from a computer security firm saying that your computer has contacted them over the Internet and let them know you have been infected with some kind of virus.

I've had two calls like this. The first one I was pretty abrupt with the guy and told him that my computer most definitely did not contact them and most definitely does not have a virus. All my computers are up-to-date and have antivirus and firewalls installed.

He said in the kind of tone that you might imagine a drug pusher would use "Really? You don't think it's been running a little slow lately?" which in the world of Windows is any computer that hasn't been defragged in a couple of months.

I told him "No, my computers are running fine."

Then I began asking him questions. I first asked him about how much information my computer sent him.

"Can you tell me what Operating System I'm running?"

His reply at this point was a rather weak "... Windows...?".

"Nah mate, all my comptuers are Macs."

"Your computers are Macs??! oh.."

click.

The second call started out very similar. It was a woman this time and sounded like she was reading from cue cards.

"Your computer has contacted us on the Internet to tell us that you have a virus and we'd like to help you fix it now."

I put on my surprised voice. "A virus? Really? On my computer??!! What should I do? Is it bad?! Is my computer going to die?"

Instant confidence on the other end. "Oh yes, very bad virus." She had an accent and had trouble with the 'V's and R's so it was more like 'bedy bad bydis", but I understood well enough. "But we can help you get rid of it. Just go to your computer and I'll tell you how to get rid of the virus."

"Go to my computer. Okay." I said.

There was about a minute of silence.

"Now what?" I asked.

"Are you at your computer?"

"Yes."

"Okay. Is you computer on?"

I couldn't help myself. "You want me to turn it on?"

"Yes. Umm. Please turn your computer on."

"Okay, I'm turning it on now."

I watch the clock on the wall silently for about two minutes... Windows computers can take a while to boot up sometimes.

"Ok, my computer is on."

She's speaking as carefully as her broken Engrish can carry her now, "Your computer is on now? Okay, now click on the Start button and then click 'Run' and you should see a box come up with somewhere you can type in?"

This is where the charade ends.

"I don't have a Start Button." I tell her.

She quickly jumps straight to what I'd imagine is the last of her cue cards. "Unfortunately we are unable to help you with your problem today. Bye."

click.

I have to be happy with the fact that I could cost these scamming bastards at least some time and money.



Modern operating systems are increasingly difficult to hack. Sometimes it's just easier to hack the user directly. I still don't know what the end result of this scam is but if they're starting with a run dialogue it's already looking pretty nefarious. From there they could direct you to type in commands to send your information directly to them over the internet, or to download an install a trojan, disable your firewall and antivirus, or even e-mail them your Internet browser history complete with all your passwords.

This is the kind of hacking that all the McAfee and Norton security suites in the world can not protect you from.

It's interesting to note that it's still only Windows users being targeted so far. Even old computer-illiterate grandma would've survived these two calls provided she wasn't running Windows!

1 comment:

JonDgar said...

http://www.computerworld.com.au/article/314295/windows_event_viewer_phishing_scam_remains_active/