Imagine this scenario. For the past few months, your computer has been running slowly. That’s can’t be right, can it? I mean, you only bought it last year and the person in the store said it was a really good computer. He said it was future-proof.
Out of the blue, your landline rings. A polite young man with a comfortingly familiar Indian accent is on the other end, and he says that he’s from Microsoft Technical Support. He says that your computer has a problem. A really big problem. He says that your computer has a virus. But you needn’t worry. He’s an expert, and he’s here to help.
He asks you to install something called Team Viewer, and soon enough your mouse is flying across your screen without you even touching it. You see him open up something called the ‘Event Viewer’, and sure enough you see a bunch of scary looking messages each colored in the brightest red. Each identifiable by the category ‘error’. These are caused by the virus on your computer, the nice young man said.
He can fix it for you. All he needs is your credit card number and for a fee he promises he can clear up your system and bring it back to the pristine state it was originally in. You agree, and €200 is debited from your MasterCard. The young man on the other end stays on the line for another ten minutes and installs a program you’re never heard of. He tells you what a great decision you made, and how everything is now fine. He then leaves, wishing you a pleasant day.
The Fake Tech Support Scam
It’s one of the most effective phone based scams in recent years, targeting the majority of users who own a computer for internet browsing and word processing. It is mostly run from call centers in the Indian subcontinent, and the victims can be found in places as far flung as New Zealand, Australia, The UK, Canada, and the US. Tim warned us why you you never trust a cold-calling computer technician. Also, be warned that fake tech support scamsters could find a different way to reach you.
Recordings of these calls paint a picture of authoritative, polite people who sound like they know what they’re doing. They call you ‘sir’ and ‘ma’am’. It drips with legitimacy. With that in mind, is it any wonder why people fall for them?
What makes this scam even more tragic is that it’s not obvious if the people who make the phone calls realize they’re taking part in something that is likely considered to be a criminal activity in most Western jurisdictions. Do they genuinely believe that they’re helping people?
Make It Harder for The Scamsters
Prevention is always better than a cure, and it’s always useful to take steps against getting scammed in the first place. Whilst none of these are a guaranteed silver bullet against any ill-meaning phone calls aimed to part you from the money, they will make life harder for the scammer.
Firstly, look at obfuscating your name, address and phone number. This can be done by removing your details from third party directories, including the public (also known as edited) electoral roll in the UK, and from the phone directory.
If you’re an adult who is living in the UK, it’s almost certain that you’re on the electoral register. Did you know that the electoral register has a ‘full’ version and an edited one? The full one is used for the purposes of identifying who is eligible to vote and for companies such as Experian to check the identity of people who are applying for credit. This version of the electoral register is never sold to companies for marketing purposes.
However, the same is not true for the ‘edited’ version of the electoral register. This is freely sold to whoever wants it, and is a great way for enterprising scammers to get a list of people to target. However, it’s very easy to remove yourself from this list. Simply send a letter in writing to your local Electoral Register Officer (ELO) and politely ask yourself to be removed from the edited register. You’d also be well advised to pay the website of the Telephone Preference Service (TPS) a visit and opt out of all unsolicited marketing calls.
It might also help to scrub your name and address from the phone directory. In the US, you can remove yourself from the White Pages by following the instructions contained here. You can also join the Do Not Call registry. It’s free and only takes a minute.
In Australia, you’d do well to join the Do Not Call registry. This can be done online, by phone or by post. Just follow the instructions on this web page. Furthermore, you can opt out of being listed in the white pages by calling up your phone provider and ask for it to be categorized as a ‘silent’ number. This will remove it from the White Pages website and from any future printed phone directories. Sadly, some phone providers charge for this service.
Whilst none of these actions guarantee that you won’t be the victim of the phone scam we mentioned earlier, it does ensure that it’s harder for people to get access to your phone number. It also provides you with some recourse with the authorities if you receive any unsolicited marketing calls after opting out.
Finally, you’d be well advised to read up on how these phone cons work. Troy Hunt is an Australian security researcher and software developer who has tirelessly researched the people, the motivations, and the methods behind the fake IT support scam. His blog is a great starting point for any research into them.
After the Scam Has Taken Place
Unfortunately, some people find themselves being taken in by these phone calls and forking out a huge amount of money, often to the tune of the hundreds of dollars. It is at this point where you start thinking about damage control.
If you granted the caller access to your computer, you should no longer consider your computer to be safe or clean. He might have installed any number of programs, changed any number of settings, or even installed a virus. In short, you can no longer trust it. Therefore, you would be well advised to simply backup all your files and reinstall your operating system. Whilst this is tedious and irritating, it ensures that your computer is reverted to a pristine state, as it was before being compromised.
Secondly, you should deal with getting your money back. If you paid with a credit or debit card, you should contact the issuing bank and explain the situation and request a chargeback. Your success will vary based upon the jurisdiction where you live as a result of the variation in consumer protection legislation in each country. I’d also strongly encourage you to cancel your current credit or debit card and request a replacement from your bank in order to prevent any repeat purchases.
I’d also strongly encourage you to request a copy of your credit report. Considering that the attacker was able to contact you, identify you by name, gain access to your computer and was provided with a credit card, it’s safe to say that it can only be considered prudent to keep an eye out for anyone using your identity to get credit.
In the United States, federal law allows consumers to access their credit report once every twelve months for no charge. AnnualCreditReport.com is a website jointly run by the three major credit reporting agencies in the US. By signing in, you can see a copy of your credit report (sans credit score) and can check whether your identity has been stolen.
It’s Not Your Fault
As someone who once fell victim to online fraudsters, I know first hand how utterly awful it is. You feel incredibly foolish and angry. Even though someone acted with malice against you, you can’t help but feel as though it was somehow your fault. It’s almost as if you feel culpable. And if you’ve fallen victim to a fake IT support scam, odds are pretty solid that you feel that way too.
But you shouldn’t. The reason why these scams are so effective is because they’re utterly convincing to a non-technical audience. The people at the other end of the line are polite, charming and confident. They sound like they know what they’re doing. They sound legit. It’s not your fault that you were deceived, and you shouldn’t blame yourself.
The fake IT support scam is a particularly pernicious con that preys upon the trusting and the less technically able. It has sucked in hundreds of thousands of dollars, and is a lucrative money spinner for those who are behind it. Still, it remains a despicable attack on undeserving people, with a very real personal cost for its victims.
Have you ever been taken in by it? Do you know anyone who has? Tell us all about it in the comments below.