Phone scammers target PC users with phony virus reports

Phone scammers target PC users with phony virus reports

Summary: Online con artists are targeting PC users worldwide in a brazen scam. It starts with a phone call from a "tech support specialist" who warns that your computer is infected with a virus. To fix things, all you have to do is give the caller remote access to your PC. Here's what happens next.

SHARE:

Updated 7-November with additional details.

An old social-engineering scam appears to have taken on new life lately, targeting PC users worldwide.

Ironically, the scam doesn't use a computer at all—at least, not initially. Instead, it starts with a phone call from someone who claims to be affiliated with Microsoft or another legitimate company or government agency.

The caller then asks for the primary computer user in the house, who is told: "Your computer has downloaded a virus." And, of course, the caller is ready and willing to fix the problem. All you have to do is navigate to a web site, click a link to install some remote-control software, and allow the "technician" to get to work.

The perps are using legitimate remote-assistance software, like the Ammyy Admin program from Ammyy Software Development, which posted a warning that included some reports the company has received from scam victims:

"I got call from an India based consultant who said to me that he is calling from a govt. organisation in Melbourne, Australia. He made me to log into my computer to track some files and without advising me he wanted me to download a software application from ammyy.com and get remotely connected to a technician to delete some files..."

"I was recently called by what I thought was my internet service provider technician who used Ammyy to gain remote access to my computer - after I stupidly granted him that permission. It turns out that he was nothing to do with my internet service provider. When I became suspicious and began questioning him he said he would show me who he was and opened a website of a company - the web site triggered my virus software and I then demanded that the remote access be terminated..."

The scam has been around for a few years. Charles Arthur at the Guardian UK wrote about a similar scam last year, noting that it had been "going on quietly since 2008 but has abruptly grown in scale this year." He wrote about it again in March 2011.

In June of this year, Microsoft published a warning about the scams, including results from a survey it conducted in the U.K., Ireland, U.S. and Canada. The survey showed that across all four countries, 15 percent of those surveyed reported having received one of these phony support calls.

Of those who received a call, 22 percent, or 3 percent of the total survey sample, were deceived into following the scammers’ instructions, which ranged from permitting remote access to their computer and downloading software code provided by the criminals to providing credit card information and making a purchase.

The vast majority (79 percent) of people deceived in this way suffered some sort of financial loss. Seventeen percent said they had money taken from their accounts, 19 percent reported compromised passwords and 17 percent were victims of identity fraud. More than half (53 percent) said they suffered subsequent computer problems.

The latest outbreak appears to be another wave, judging from the sudden increase in complaints I've seen recently.

I've heard from Windows users and legitimate support specialists who've seen this scam in action in Australia, Canada, and the UK. Recent reports from Microsoft indicate that the scammers have widened their net and are now working in languages other than English, targeting Windows users in Poland and the Czech Republic.

I also got one reliable report from an extremely trustworthy source: my mother.

A caller with a thick accent tried to run this scam on my mom, who peppered the caller with questions. What's your name? What's your company's name again? What's your phone number? (She raised six kids. She's used to social engineering attempts.)

My mom's Caller ID said the call originated from 999-910-0132; the caller claimed to be from a company that sounded something like Alert Center, and she gave a callback number of 609-531-0750.

If you plug those numbers into a search engine, you'll find that they lead to a group of companies using identical website templates under different names, including TechResolve, Itek Assist, and—bingo—AlertSoft. A company with the unimaginative name Custom Design Firm, at the same address in Kolkata, India, also offers custom web-design and search-optimization services at exorbitant prices.

My mom eventually hung up on the scammers, but others haven't been so lucky. If a victim falls for the scam, the next step involves a credit card, naturally, as this victim reported:

Posed as troubleshooter, got into my system, used a "safe code" to get into my computer. Claimed my machine has been hacked into and infected with a virus. Tom and John, heavy Asian accents. Wanted to install "lifelong protection" for $130. I balked. They have my name and number and have been calling incessantly. I'm concerned that they might have planted something in my computer that allows them access.

Indeed, that's a legitimate concern. Once a victim has granted an intruder remote access, it's impossible to tell exactly what sort of damage they've done. If you know someone who has fallen for this scam, you should assume their computer has been compromised and respond appropriately.

Most readers of this blog are sophisticated computer users who would laugh out loud at an attempt like this. But you probably have friends, family members, or clients who could use a heads-up on this one. If you get a call from someone claiming to have detected a virus on your PC, just hang up.

Topics: Mobility, CXO, Hardware, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

160 comments
Log in or register to join the discussion
  • I have gotten calls from 'Microsoft'

    When i get these phone scams they are usually from 'Microsoft'. I know a couple people that have been hit.

    I am surprised more people aren't doing this for Apple. I guess there would be a lower chance of getting an actual Mac user...
    tristandyer
    • RE: Phone scammers target PC users with phony virus reports

      @tristandyer I got a call from these people, claiming to be Microsoft and claiming they had detected a virus on my system. I told them that was impossible as all my PCs were running OS/2 ;) Their reaction was hilarious.
      Imrhien
      • RE: Phone scammers target PC users with phony virus reports

        @Imrhien - So tell us what they did and said. It sounds interesting. Thanks!
        Forensics1
      • RE: Phone scammers target PC users with phony virus reports

        @Imrhien NICE! Let's hear the details!
        alexneveryoumind
        • Phone call for PC from windows care

          Received a phone call from windows from the number 213-221-3528.They saved my infected computer which runs on windows.Their website is www.service4windows.com.
          Really very good service.
          popu
      • RE: Phone scammers target PC users with phony virus reports

        @Imrhien - When I got one of these calls a few days ago I was running Windows 8. They had never heard of it! I also had one a while back where I strung the guy along so much that eventually he swore at me and hug up, I was quite proud of that.
        maxthegold
      • RE: Phone scammers target PC users with phony virus reports

        @Imrhien

        I can imagine. At WROK PALCE ('Shark Tank' readers get the reference); our CEO got one of these calls on her private office line. (One, which BTW, bypasses the PBX.) She had her assistant call us in IT to come to her office, and listen in on the speaker phone as she did a superb job of driving that scammer nuts. Those 20 minutes she spent confusing that ID10T, just made our day.

        You have to wonder, just how can Linux be <b>infected</b> by a Windoze virus? (especially if you are NOT using WINE)
        fatman65536
      • RE: Phone scammers target PC users with phony virus reports

        @Imrhien

        I worked for Sears Catalog back when I graduated high school. We used to get an obscene caller the ladies called "The Panty Man" he would begin by pretending to be purchasing underwear for his wife but his questions would get more and more personal until the ladies would catch on and then hang up. I once got a call from him and he began his personal questions about whether I had a girlfriend and it went on from there. I had an audience of other associates before long and it was the obscene caller who ended up hanging up! I honestly don't remember the exchange but I do remember it was great fun. Unfortunately, I will not likely get any of these calls, not having a land line, but please, somebody please, sexually harass these scammers. It doesn't matter if it is a man or woman. Just start with some subtle and innocent flirting while pretending to go along with their scam and then slowly step it up and see just how much they will tolerate in the hopes of ripping you off.

        You have to know that most of these scammers are working for a company that is actually perpetuating these scams. Its unfortunate that they need the money badly enough to go along with it because I'm sure the employee must be aware of the shadiness of what they are doing for money. But even with that, they do have morals and values and creating a hostile work environment might just cause the companies to lose some employees to some other more legitimate jobs.
        techadmin.cc@...
    • The problem with a call from Apple...

      ...is that it's pretty much common knowledge that Apple isn't much interested in helping owners get rid of malware.
      GrizzledGeezer
      • RE: Phone scammers target PC users with phony virus reports

        @GrizzledGeezer LMAO, you nailed it ;)
        MrElectrifyer
      • RE: Phone scammers target PC users with phony virus reports

        @GrizzledGeezer I think you hit a nerve there.
        jgaskell
    • RE: Phone scammers target PC users with phony virus reports

      @tristandyer They begin by asking you to goto your Start Button.
      I don't have one, I'm on a Mac...
      They usually hang up immediately or don't understand and try to tell you where the start button is.
      I've had calls five minutes apart and seem to get the calls regularly then not get them for a long time then they start again. Had one woman say, "no, our company has never called you before".
      I've just recently put my numbers into a Do Not Call list and if I do get any marketing calls they are violating my rights. For some reason it takes 30 days to come into effect and mine should begin on the eleventh, so it will be interesting to see if I still get these calls and if I do, I might go along with them and try to get as much info as I can to report to the appropriate people.
      It's old people that get fooled and the credit card thing is the trap they get into.
      So just hanging up is not enough, as they'll just ring back at a later time/day, so if you're smart enough, play along with them and try get some info, or as my friend once did was went along with something and then said, 'Thank You, I've caught you out now, be prepared to be closed down' and they soon hang up in fright heheh!!!

      andjoh
      andjoh
      • RE: Phone scammers target PC users with phony virus reports

        @andjoh "Don't call lists" do not work for these calls. They are foreign origin, and outside the laws you are operating under, and therefor not compelled to honour your request.
        chriscollingwood
      • Block the caller

        @andjoh
        Since the National Do Not Call thing has no effect (I've reported one company a dozen times), I've taken to blocking numbers (requires Caller ID to get their number). It's very quick and easy. One company uses multiple numbers -- I block them all. To find how to block calls, Google "block calls" and your phone company's name.
        nfordtchrpub
      • RE: Phone scammers target PC users with phony virus reports

        @andjoh ,,, Actually IMO they feed on any newbe regardless of their age, kids up to their 20's also being great targets.
        tom@...
    • Good ole ZD - quick on the draw as usual! lol.

      @tristandyer <br><br>Here in the UK, the old Windows Virus telephone scam has been around for well over a year. One of these evil scum even tried to con my 77-year old mother. Fortunately she is a wily old bird and hung up before the guy could even start his spiel. Besides, she runs Ubuntu.<br><br>There are several gangs of crooks behind the scams and the details vary from one to another. However the basic pattern is always pretty much the same:-<br><br>1. You receive a call from an unknown "International" number.<br>2. An Indian or Pakistani sounding voice says, "You have a virus on your Windows PC", c/w bullshine about how their virus scanners detected the problem from your IP address.<br><br>If you are daft enough to believe the guy, then:-<br>1. He tells you to switch on your PC. <br>2. He walks you through a procedure that "proves" you have a virus - usually involving Windows Process Viewer.<br>3. Then he tells you to open your browser and points you to a site that downloads the "fix" onto your PC. <br>4. The call ends with them charging your credit card around 120 quid or so for the privilege!<br><br>They've tried me several times. Most times, I'm far to busy to listen to this nonsense. I generally somewhat impolitely tell the guy to "go away" shortly after his first sentence. But one day I decided to play along for a giggle.<br><br>I pretended to do his "virus test", telling him what he wanted to hear. I then diligently I downloaded the *.exe file to my desktop to fix my non-existent problem. <br><br>Then I double clicked it just like he instructed me. But it simply would not run. We tried again. And again. And again.<br><br>Eventually a man he described as his "supervisor" took over. We went through the procedure several more times - no luck<br><br>Frustrated, the "supervisor" handed me over to his "supervisor". Under the guidance of the uber-supervisor, I tried again, several times without success. I did ask if I needed to set the file's "executable bit", several times. But he instructed me to, "Stop being silly and do what I am telling you!"<br><br>Finally he asked me, "Which version of Windows are you using?"<br><br>"Windows?" I asked, "What are windows? I got a keyboard, a mouse, a screen. But no windows. Do you mean the screen? I sometimes use window cleaner on my screen. Its called Windowlene. It's awfully good. Is that what you mean?"<br><br>"Microsoft Windows Operating System?" he shouted - obviously becoming somewhat grumpy at this point, "What version of Windows Operating system have you got?"<br><br>"But I thought you knew that already? That's what your colleague told me, over an hour ago?" I enquired.<br><br>"Tell me. Tell me now! What does it say on your start menu?" He bellowed!<br><br>"Kubuntu Linux." I replied.<br><br>"Go to hell!" he screamed. There was a click and the phone went dead. <br><br>LOL :-)

      I just bought a phone adaptor for my voice recorder, ready for next time they ring. Five quid off eBay! So if I'm not doing anything when they hassle me next time, I will record it and post it somewhere. Should be a laugh...

      Best wishes, G.
      mrgoose
      • RE: Phone scammers target PC users with phony virus reports

        @mrgoose the best thing is...you wasted their time...which they hate! I did the same thing...played along for 10 minutes before telling them I was calling the police....they then called me back three times to shout abuse down the phone they were so angry. They really hate you wasting their time. Best one i have heard is to play along for a minute then say 'just hang on a moment I have to get something out of the oven'...and leave the phone off the hook for 30 minutes.
        now they are trapped....dont know whether they have really hooked you or to drop the call....mess with their heads....
        scubaal
    • RE: Phone scammers target PC users with phony virus reports

      @tristandyer My father got hit by this scam last month. Then on Friday I got a call from these folks. They back-tracked pretty quick when my response to "Can you click on the Start button on the bottom left hand corner of your screen?" was: "I don't see one of those. There's a big K. It's funny that Windows support has been getting these reports from my computer, being as all the systems in my house are running linux..."

      "I must have a wrong number, my apologies, very sorry to have disturbed you..." etc. etc. etc.
      stagetech
    • As a Mac user...

      @tristandyer
      I tell such people that my computer is totally and absolutely immune to all viruses and any other bad software, because it is a Mac and is not connected to the Internet! They always hang up after that.
      arminw
    • RE: Phone scammers target PC users with phony virus reports

      @tristandyer ,,, Around here it also includes banks, especially BOA.
      tom@...