ALAN TAYLOR looks at what you need to know to stay one step ahead of the scammers…
My brother messaged me a few days ago.
“There is a guy from tech support on my phone. He is using Teamviewer to try and help me with serious virus issues. If you want to listen in, please ring me and I will add you to the call.”
|
|
THE CALL YOU DON’T WANT TO RECEIVE: Alan Taylor says scammers who call posing as tech support are simply chasing your money. (Image posed by a model). PICTURE: Franque de Win/www.freeimages.com |
Now, I knew there was nothing wrong with his PC. I’d built it a couple of days before and all updates were applied along with a reputable anti-virus product.
So I told him to hang up. “It’s a scam,” I added.
This scam has been around for some time. The scammers will call, claiming to be from a major corporation including Microsoft, HP and even anti-virus companies. Once they convince you that your PC is infected, they offer to remote control it in order to clean it. The remote control software is renowned such as the already mentioned Teamviewer and others including Logmein and Ammy.
What they really want is your money and the quicker they can convince you to part with it, the better for them.
And the way they convince you is as follows.
Firstly, they ask you to click on ‘Start’ then ‘Run’. Type in eventvwr.msc and press the <enter> key. This will load the viewer that allows you to see your computer’s log files. Just about anything that happens on your PC is viewable here. Often it contains errors and it’s those errors the scammer zooms in on. Errors in log files are commonplace. For example, an error may say that your anti-virus cannot download its update files with the simple reason being that your computer wasn’t connected to the internet at the time. Some scammers will even say that the log viewer should be clear and if there is anything in there, your PC is doomed. Remember, log files are normal.
Secondly, they’ll ask you to view what are called Windows Prefetch files in a folder called C:\Windows\Prefetch. These files are used by Windows to launch programs faster and are genuine files. They are NOT infected files.
And thirdly, they’ll ask you to run what is called MSCONFIG. This lists the programs that start automatically when Windows starts. They’ll take you to the Services tab which shows the services that are running. Some services need to run all the time while others only run when a program starts them. Stopped services are normal. They’ll try to convince you otherwise.
Once you’re convinced, they’ll lead you download the remote control software, log into your PC and ‘have a look around’ for themselves.
At this point they’ll ask if you want to fix the situation and if you do, they’ll charge you for their service. Often they’ll tell you it’s a relatively small amount but once they get your credit card details they’ll charge you whatever they can get away with. If you decline (remember they’ve remote controlled your PC) they may get nasty and start deleting your documents. An example of this can be found at https://blog.malwarebytes.org/fraud-scam/2013/04/phone-scammers-call-the-wrong-guy-get-mad-and-trash-pc/.
Not all scammers follow the above script. They may take you to different areas of your computer, ask you to type different commands or try to convince you of infection in other ways. But bottom line is, no large corporation has employees sitting around monitoring your PC or internet connection for viruses. It’s not economical and doing so would breach privacy laws and leave them liable for prosecution.
And your PC security and health is your responsibility. Don’t let unknown people remote control your PC. You never know what they’ll try to access or what damage they’ll do. That’s like letting a stranger into your house and letting them rummage around at their leisure.
As for my brother, it took a bit of convincing before he did as I asked, but not before the scammer placed viruses on his PC and disabled his anti-virus.
