When I decided to write my first Tech Tails article I was going to do a article on retro gaming on your MacBook. Then, I got a phone call from Dave (name changed for this tail tale). Dave is a Mac user, family man, and one of our clients. On Christmas Eve, Dave received a phone call from “Apple Service” saying that his iMac and MacBook had been compromised and were “full of viruses”. But what Dave was experiencing wasn’t a malware infection, but another form of the dark arts: social engineering.
The Wikipedia article on social engineering defines it as, “psychological manipulation of people into performing actions or divulging confidential information. A type of a confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme.” Basically it takes advantage of the trait of decision making known as cognitive biases (also sometimes known as “bugs in the human hardware”) to confuse you and then get you to give up sensitive information.
There are different types of social engineering: pretexting, diversion theft, phishing, phone phishing, baiting, quid pro quo, tailgating, shoulder surfing and more. In Dave’s case this was phone phishing. He thought it was a legitimate phone call from Apple, but towards the end it turned into attempting to convince him to buy bogus software that would likely have allowed the hacker to access his machine remotely. Also, if he had purchased this software, the attackers would have his credit card information. With this information in hand, these criminals can purchase what is called white plastic (or blank magnetic credit cards), transfer the credit card numbers onto the magnetic strip, and then have a functioning credit card to use as they wish.
Now I’m used to hearing this all the time in the PC world: “Microsoft just called me did some stuff with my computer and now my laptop doesn’t work anymore.” Microsoft would never call you out of the blue about your computer, and the same goes for Apple. The only way to prevent this is education, not anti-virus software. I highly recommend reading this helpful information on Avoiding Social Engineering and Phishing Attacks to learn how not to be a victim of these types of scams.
Surf safe my friends!