Almost one in four people in the UK has been cold-called by fraudsters in scareware scams, according to safety awareness campaign Get Safe Online.
The scams normally involve fraudsters calling and pretending to be part of an IT helpdesk, Get Safe Online said in a statement on Monday. Some users are misled into thinking their computers are infected, and sold fake antivirus software.
The non-profit organisation's suggestion that a quarter of Britons had been cold-called by such fraudsters came from the 2010 Get Safe Online survey, carried out by ICM Research in October with a sample size of 1,520 adults over the age of 18 with access to the internet. UK security minister Baroness Pauline Neville-Jones said that eight out of ten people were not aware of this type of scam.
"Given that our latest research indicates 80 percent of UK internet users have never heard of these 'IT helpdesk' scams, yet almost a quarter have been approached by them, it is vital that we make people aware of this threat," said Neville-Jones in Get Safe Online's statement.
UK e-crime police have seen scareware crime gangs employing hundreds of people, Sharon Lemon, deputy cybercrime director for the Serious Organised Crime Agency (Soca), said in the statement.
"In recent cases, we have seen gangs employing 300-400 people to run their operations and using call centre-scale set ups to target victims en masse," said Lemon. "They can also be paying out as much as $150,000 [£93,000] a month on a pay-per-download basis to individual webmasters who are unwittingly advertising their fake software — this level of investment from criminals indicates that the returns are much heftier than this."
Get Safe Online managing director Tony Neate told ZDNet UK on Monday that both consumers and businesses were vulnerable to cold calling scams.
"My advice is: don't take cold calls — especially for a security warning," Neate said.
A significant percentage of scammers attempt to direct people to websites containing malicious code such as the Zeus information-stealing Trojan, said Neate. Scammers also try to sell antivirus software that is free and software that is ineffective.
Many organised crime gangs that are involved in IT helpdesk fraud are based in eastern Europe, China and the Indian subcontinent, Neate added.
ZDNet UK reader Chris Randle said that he had been cold-called in September by a woman claiming to represent Microsoft via a company called 'The Service Center at Windows'. No such company exists.
Randle was told he had errors with his computer. He was given step-by-step instructions to 'solve' the problem. First, he was asked to call up Windows Event Viewer. "I was told I would see errors marked with a red cross indicating there were problems with my computer," said Randle in an email exchange.
He was told to run the command 'prefetch spyware' to show the supposedly malicious programs on his machine. He was then asked to visit a legitimate website, which provides third party log-in services for technical support, and type in a PIN. At this point Randle broke off the process.
"Although I had no intention of doing any of the things I was asked, I do wonder who would get caught up in this," he said.