Crime Prevention HQ   /     #2: Did a Microsoft Technician Call Me? I Smell a “RAT” – CPHQ Podcast 2

Description

Original post: #2: Did a Microsoft Technician Call Me? I Smell a “RAT” – CPHQ Podcast 2 I received a voice mail this week that claimed to be from a Microsoft Certified Technician. The message claimed that my computer has been sending error messages to Microsoft and that the technician was going to help me fix my computer. I play the actual voice mail in the podcast and show how the scam works. Source: Crime Prevention HQ - Your Crime Prevention Headquarters for Cybercrime, Social Media and CPTED Training and Information Resources

Summary

This is your headquarters for resources, tips, training and content for the crime prevention services provider.

We do lots of things at Crime Prevention HQ, but we try to concentrate on two areas: using social media tools to spread your crime prevention message and providing some content that you can pass on to your community.



Voice Mail
Let’s start with a voice mail that I received this week at home. Later, we’ll talk about ways you can share this information with your community.

I received a voice mail this week that claimed to be from a Microsoft Certified Technician. The message claimed that my computer has been sending error messages to Microsoft and that the technician was going to help me fix my computer. I play the actual voice mail in the podcast.


The scam
The scam works by hoping that the person receiving the call doesn’t realize that Microsoft will never initiate a call to anyone that hasn’t called them for support first. If the scammer finds someone who answers their phone, they try to convince them to do one (or both!) of two things.

First, they may try to get the victim to give them their banking or credit card information to purchase software that will “fix” the problem.  This could result in the victim’s bank account being drained or their credit card being hit for hundreds or thousands of dollars in false charges.

Second, if the victim agrees to the software purchase, the victim’s computer is loaded with malware that does far more harm than the initial problem. Rather than repairing any problems, the program installs keyloggers, viruses, trojans and other information stealing software that grabs your banking information, passwords and other account details off your computer and provides them to the criminal to hack into your accounts at will.

The more common report, however, is that the criminal asks for your IP (Internet Protocol) address and gives you instructions to change the settings on your PC to allow a “RAT” inside your computer. This RAT (Remote Access Tool) allows the criminal access to your computer from anywhere in the world. Once inside, they have a free reign to steal your passwords, grab your identity information and install any manner of malware they like.  Remote Access Tools are actual programs used by real Information Technology (IT) departments and services for bona fide customer service reasons. They allow companies to fix problems remotely without having to physically be at the customer’s computer. The problem comes when these real tools are used for nefarious purposes by criminals like these scammers.

What can we do?
What can we do as Crime Prevention Officers to keep our people safe from this trick?

 


* Remind everyone that Microsoft will never call them first to tell them about a problem with their computer.
* Post the information on your web page.
* Link to information such as Snopes.com.
* Post on Facebook.
* Tweet a link to your warning.
* Do radio or TV Public Service Announcements (PSAs).
* Tell people not to answer these calls in the first place. Use voice mail to screen out the scam artists.
* Never call them back if you’re not sure about the validity of the call.
* Don’t give anyone banking or credit card information if you did not initiate the call.



You don’t have to be a law enforcement officer to help
Whether you are a crime prevention officer, practitioner, or volunteer, community services officer, School Resource Officer, Citizen Observer Patrol coordinator, Volunteer in Policing member, Neighborhood Watch Coordinator or Block Captain, Home Owner’s Association member, or have a different title,

Subtitle
I received a voice mail this week that claimed to be from a Microsoft Certified Technician. The message claimed that my computer has been sending error messages to Microsoft and that the technician was going to help me fix my computer.
Duration
12:23
Publishing date
2014-06-14 23:30
Link
http://crimepreventionhq.com/microsoft-technician-call-smell-rat
Contributors
  Jay Toth
author  
Enclosures
http://media.blubrry.com/crimepreventionhq/content.blubrry.com/crimepreventionhq/CPHQ2.mp3
audio/mpeg

Shownotes

Original post: #2: Did a Microsoft Technician Call Me? I Smell a “RAT” – CPHQ Podcast 2

This is your headquarters for resources, tips, training and content for the crime prevention services provider.

We do lots of things at Crime Prevention HQ, but we try to concentrate on two areas: using social media tools to spread your crime prevention message and providing some content that you can pass on to your community.

Voice Mail

Let’s start with a voice mail that I received this week at home. Later, we’ll talk about ways you can share this information with your community.

I received a voice mail this week that claimed to be from a Microsoft Certified Technician. The message claimed that my computer has been sending error messages to Microsoft and that the technician was going to help me fix my computer. I play the actual voice mail in the podcast.

The scam

The scam works by hoping that the person receiving the call doesn’t realize that Microsoft will never initiate a call to anyone that hasn’t called them for support first. If the scammer finds someone who answers their phone, they try to convince them to do one (or both!) of two things.

First, they may try to get the victim to give them their banking or credit card information to purchase software that will “fix” the problem.  This could result in the victim’s bank account being drained or their credit card being hit for hundreds or thousands of dollars in false charges.

Second, if the victim agrees to the software purchase, the victim’s computer is loaded with malware that does far more harm than the initial problem. Rather than repairing any problems, the program installs keyloggers, viruses, trojans and other information stealing software that grabs your banking information, passwords and other account details off your computer and provides them to the criminal to hack into your accounts at will.

The more common report, however, is that the criminal asks for your IP (Internet Protocol) address and gives you instructions to change the settings on your PC to allow a “RAT” inside your computer. This RAT (Remote Access Tool) allows the criminal access to your computer from anywhere in the world. Once inside, they have a free reign to steal your passwords, grab your identity information and install any manner of malware they like.  Remote Access Tools are actual programs used by real Information Technology (IT) departments and services for bona fide customer service reasons. They allow companies to fix problems remotely without having to physically be at the customer’s computer. The problem comes when these real tools are used for nefarious purposes by criminals like these scammers.

What can we do?

What can we do as Crime Prevention Officers to keep our people safe from this trick?

 

  1. Remind everyone that Microsoft will never call them first to tell them about a problem with their computer.
  2. Post the information on your web page.
  3. Link to information such as Snopes.com.
  4. Post on Facebook.
  5. Tweet a link to your warning.
  6. Do radio or TV Public Service Announcements (PSAs).
  7. Tell people not to answer these calls in the first place. Use voice mail to screen out the scam artists.
  8. Never call them back if you’re not sure about the validity of the call.
  9. Don’t give anyone banking or credit card information if you did not initiate the call.

You don’t have to be a law enforcement officer to help

Whether you are a crime prevention officer, practitioner, or volunteer, community services officer, School Resource Officer, Citizen Observer Patrol coordinator, Volunteer in Policing member, Neighborhood Watch Coordinator or Block Captain, Home Owner’s Association member, or have a different title, if you provide crime prevention services to your community you can help keep people safe from fraud!

 

  • If you are a member of a homeowner’s association, post the information on your HOA bulletin board or in your newsletter.
  • Neighborhood Watch and Crime Watch groups can share the message with their members.
  • School Resource Officers can include the warning in messages to their school staff and parents.
  • Volunteers and civilians can share with their church, Rotary, Lions and other social groups.
For more information, you can see all of the links and resources mentioned during this show on our webpage at CrimePreventionHQ.com/2.

Links mentioned during the show

Snopes.com article on the Microsoft Impersonation Scam

Wikipedia article on Remote Access Tools

Source: Crime Prevention HQ - Your Crime Prevention Headquarters for Cybercrime, Social Media and CPTED Training and Information Resources