Staying up on top of the latest attacks, exploits and subterfuges is an almost impossible task for me. Despite being a Security Architect, I’m not in the trenches with the guys that have to face the calls every day or in the security vendor space, so I tend to know about older or current high profile goings on.
So it came as a little surprise to me when one of my colleagues got hit by a scam that has apparently been about for a while. For those not wanting to click through, the scam went a little like this (I’ll be calling my colleague Fred, just to keep it simple):
Scammer 1: “Hi I’m calling from Microsoft about an error we’ve noticed on your PC and we believe that you have a virus.”
Fred (who has had phone passed to him by his wife): “Really? How do I know that you are from Microsoft?”
Scammer 1: “Here run this command” He then runs through how to fire up a command prompt using hot keys and abbreviated commands which makes a page full of text appear, hoping to fool the person into thinking ‘wow they must be from Microsoft with all these cool short-cuts’
Scammer 1: “can you see the 3rd last line? That is your serial number, I’ll read out what we have on record for you and it will prove that we are Microsoft!”
Having never heard of command before Fred , who happens to have work laptop next to him and runs same command on it only to see what happens, sees that the ‘serial number’ is in fact just a Hexadecimal number that is identical across both machines. Wanting to see have far the scam goes he plays along..
Fred: “OK so what now?”
Scammer 1: “OK can you please do the following… ” He then proceeds to get him to open the system monitor and then the even viewer.
Scammer 1: “Can you see that there are some yellow error messages and some Red error messages in there”
Scammer 1: “That means you have multiple viruses and that they are multiplying! Don’t click on any of them or you’ll launch the virus. ”
This goes on… To the point that they get him to check for a non existent process that is supposedly some Security Layer. After which he then says that this Security Layer must be expired and that all other AV software relies on it being present. He’ll have to renew his subscription in order to get it working again.
Fred: “No problems, I’ll take it to a local repair shop and have them rectify the problem”
Scammer 1: “Oh we can do that now, I’ll transfer you”
At this point my colleague notes that there is a whole call centre in the background running people through the same crap.
Scammer 2: “Hi, in order to get this sorted I’ll have to get your credit card number.”
Of course this is where it all goes funny (well I thought so) Fred now plays with Scammer #2 and draws out the conversation a good 30 minutes, including which the Scammer even attempts to say Fred is racist as he doesn’t want to deal with an Indian Call centre, before letting it be known he realises that this is a scam and wanted to just keep the guy on the phone, to which he has the phone hung up in his ear.
What got me was the layers to the scam; all to get a poor schmuck to hand over his credit card number and personal details. From what I was told the Call Centre could have been fairly legitimate, as in staffed with low paid english speakers that thought that they were doing their job. The second level, however, was well and truly scam central trying every trick in the book to get those details; from the deception itself to emotional blackmail. the scary thing is that this is only 1/2 of the picture. No doubt there is a money mule or re-packaging scam that back-ends this little charade .
Like people can use Cloud Computing as easy access to lots of computing resources to crack things, why wouldn’t scammers use Indian, or any other cheap mass market, call centres as their readily available meat cloud?
Food for thought.