So, yesterday I got a phone call from "computer technical support". Now, if you've read some of my posts, you could probably guess that I work in the technology field, which in fact, I do. This was the third call that I got from this scam group.
Call 1: Their webhost was located in Columbus, OH (I'm from Ohio), so I call up the webhost and tell them about their website. Two hours later, their website was no longer in service.
Call 2: Their website was now located on a webhosting company in Europe, so, since I'm not going to incur long distance phone charges, I ran a vulnerability test on their site, and whoever designed it didn't think to patch their mysql server, and was vulnerable to a sql injection attack. A little while longer, and their website showed a 404 error.
And so, yesterday.. I was in a playful sort of mood, so instead of getting them shut down, I decided to play a bit. Here is the, as far as I can remember, script:
Phone rings, I answer
Isaac: Hello, this is Isaac from computer technical support..
Me: Isaac? Come on now Isaac, what is your real name?
Isaac: Excuse me?
Me: Is your name Bob?
Isaac: No, its Bobby.
Me: Bobby? It's not Bob?
Bobby: No, my name is Bobby.
Me: Oh, ok Bobby, how are you doing today Bobby?
Bobby: Not bad man, I'm kind of tired.
Me: Your tired? You should get some sleep then
Bobby: Yea man, I'm really tired.
Me: I know what you mean, what time do you get off?
Bobby: I don't know man
Me: Well that sucks, should get some sleep when you get off though
Bobby: Yea man, I think I might do that
At this point, I wanted to get some advice from our computer technician about doing something, like setting up a DNS server in Ubuntu or something.. or let him "walk me through" accessing their website, and pretending like I'm running Windows 3.1; or something.. but alas:
Me: So what's up Bobby?
Bobby: Nothing much man, you have a good day.
Me: Oh, ok Bobby, you too, and get some sleep!
The phone call is ended
OK.. so yea, I have a bit of experience with IT stuffage, so basically the scam is that they are detecting viruses coming from your computer, so they want you to run a program that you download from their site after paying xxx amount of dollars. Obviously this is a scam, and the program is malicious (keylogger, opens a backdoor, etc..). Sometimes they also want to do a remote log in on your system, so they can run the program.
Unless you call your ISP and submit a ticket, you should never be "cold called" from someone claiming to be from "computer technical support". If you are, then scam alert. Do not allow them to social engineer their way into your bank account.
I have two books that I've read, great books on the art of social engineering. The first is, "How to win friends and influence people", the second, "The Art of Deception". I would recommend picking up the second book if for anything but seeing how it is easy to be scammed, and learning from others, so that you, yourself, are not scammed.
Results 1 to 6 of 6