Today I had an interview with Ernest Pillay of Radio 2000 around the phone scam story, and I was using an IP telephony by the way (Here is the clip). This follows my presentation, titled “How Threat Intelligence can be used to help organizations protect themselves from cybercriminals” at the CYBER CRIME EXTENDED WORKSHOP 2012 on the 2nd April 2012. The first thing Ernest asked me was about the level of cybercrime is South Africa. Definitely a concern for most citizens and the reality is that, we don’t have official statistics yet and companies are not yet obliged by a law like “the Draft Protection of Personal Information Act (POPIA)”. It only came out in the recent case heard by the Johannesburg Magistrate’s Court that South African banking customers were scammed out of R180-million in 2010 alone. An increase of R120-million from 2009.
On a quick search, I came across an article Cyber Criminal: Attackers Don’t Stop released on December 28, 2008 (which happened to be my birthday 
). This, in a way tells you that we are not dealing with a new trick but rather new means through technology to purport this act of criminality. A sophisticated phone scam evolving from traditional web – based phishing attacks. Cybercriminals don’t just send fraudulent email messages and set up fake websites any longer. They are also calling you on the telephone and claim to be from Microsoft in some instances.
Their persistence drives them to even calling one person several times as in the video below:
Microsoft has warned South African consumers to be wary of a phone scam that has left some victims hundreds of rands out of pocket in October last year . Several radio stations including MetroFM and Radio 702 also added their voice to reach out to consumers on this issues. The truth is, neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
How it happens
The scam typically unfolds in the following manner:
1. A cold caller, claiming to be a representative of Microsoft, one of its brands or a third party contracted by Microsoft, tells the victim they are checking into a computer problem, infection or virus that has been detected by Microsoft.
2. They will trick consumers into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you for the removal of this software.
3. They tell the victim they can help and direct them to a website that then allows the scammers to take control of the computer remotely, adjusting the settings and leaving the computer vulnerable.
4. The cold caller will then spend some time on the computer trying to demonstrate where the ‘problems’ are and in the process convinces the victim to pay a fee for a service that will fix the computer.
What you need to know
Cybercriminals often use public phone directories to harvest consumer names and personal information, thereby garnering consumer trust in the sheer level of knowledge they appear to offer about them. These callers claim to be from:
-
Windows Helpdesk
-
Windows Service Center
-
Microsoft Tech Support
-
Microsoft Support
-
Windows Technical Department Support Group
-
Microsoft Research and Development Team (Microsoft R & D Team)
In reality, there is nothing wrong with your computer but the scammer has tricked you into believing there is a problem and that paying the fee is the best way to get it fixed. Often they will also push you to buy a one year computer maintenance subscription. They are just trying to steal money from innocent people.
How to protect yourself from telephone tech support scams
Firstly don’t be fooled, Microsoft will not cold call consumers in regards to malfunctioning PCs or viruses and secondly use common sense in assessing your callers and their intent. A few basic pieces of advice can help South African consumers from being taken in by this and other scams:
-
Do not purchase any software or services.
-
Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
-
Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
-
Take the caller’s information and report them to the South African Police Services (08600 10111 or crimstopgauteng@saps.org.za) immediately.
-
Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
What to do if you already gave information to a tech support person
If you fear that you may already have been scammed, you should:
-
Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
-
Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
-
Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)
-
Keep an eye on bank accounts and report any potentially fraudulent activities immediately.
-
Ensure the operating system is full updated and that all security updates are installed; and
-
Make sure the system is protected with strong passwords that are changed regularly.
More guidance and advice is available at www.microsoft.com/security or contact our local office on 011 361 9000.
Have you ever been victimized already, albeit by phone,SMS, email or over the internet? Share your story by leaving a comment and warning others!
