One of my first TT articles was a piece on a cold calling scam where someone would call you out of the blue and say that you have an issue with your computer and they had a fix: “Just let me remote in, install some software and for ONLY 200 dollars all of your problems are gone!” In the article I mentioned that this called a “phishing scam.” Well folks today we’ll talk about essentially the same scam but different rods and bait.
The scammers have gotten more high tech and are taking more risks. Instead of cold calling people out of blue, they are DNS hijacking (that is a whole other can of worms) advertising servers and are then using their scripts instead of the real code. If you accidentally click on one of these pages, you will get their script using event handlers which consist of a “alert command” and a “ONLOAD command” which display a message such as: “Your Macintosh has been infected!!! Please call this number for further assistance.”
Now working as a technician, I have heard many times that a customer let a stranger remote in to fix a problem that didn’t exist. I wondered “what is the end game here?” When one of these victims came in to make sure her computer was safe to use, she still had the number that she called handy. I decided to play the victim and call to see what happens.
Before I did this, I did some prep work. First I used a fresh install of OS X with no third party software. I dd not use my home or work wifi network; I used a public one. Now I was all set up with a fresh copy of El Capitan on a MacBook Pro 2010 and phone number in hand.
I dialed the 1-888 number provided and a nice person answered: “Hello, this is Rebecca. I’m with from COMPANY X. What is your issue?” I replied in a scared tone that I was surfing the web and got a pop-up on my screen that my Mac was in trouble and might you be able to help? “Sure, sir, we can help!” she responded.
She instructed me to go to a website which was very primitive; just a page with three links: remote help for Windows, Mac, and Linux. The link installed a program called Team Viewer. She took control of my machine and opened System Preferences and a Terminal window and ran the netstat command, which is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. It has NOTHING to do with malware, but she insisted that the other computers on this public wifi network were the “bad guys” trying to get into my machine. Then, in System Preferences she clicked on Security and Privacy and showed that a firewall was not installed, and she said she could transfer me to a technician and for a mere $199.99 they could fix it!
At this point I decided to let her know that she was talking to a IT professional and hung up the phone. As soon as I hung up, I quickly disconnect the remote session and started to run malware scans. The scans came back clean; these scammers just wanted to scare a credit card number out of me.
Don’t let them fool you! If you think your computer may have a problem, give us a call instead.