In the last week I’ve received several calls that start like this:
“Hello, are you one of the main PC users in your household? You are? Good. I am from PC Support. We monitor error messages sent from your computer and we have noticed that you seem to be having lots of processing errors which, whilst probably not visible to you, will be causing your PC to run slower than it should. Can I help you to fix that?”
Sounds plausible, doesn’t it? Adopting the role of sleuth, I have played these callers along, asking them difficult questions like their company’s full name, where they are based, what their website address is, the caller’s full name, which application is sending error messages, etc. Suffice to say that, whenever pressed a little too hard, they simply hang up.
So, on one occasion, I behaved like an innocent, concerned PC user and managed to get them to reveal that they wanted me to provide them with “remote access” to my PC (which can be achieved via me inputting a simple website address and providing authorizations codes). Of course, I never went that far. If I did, the “PC Support” person would have simply used the access to plant malware while claiming “There, that’s fixed it for you now.”
Of course, experienced fraud prevention professionals and savvy consumers will recognize this as just another variant on a series of tried and trusted social engineering scams. But it’s a clever one nonetheless, playing on the universal problem of the slow computer to get past your cyber-security defenses.
Don’t fall for it. Even if you have entered into an agreement to allow error messages to be sent to your operating system or software provider, it is highly unlikely that they will call you about a fault you have never been aware of, and even less likely that this call will come from someone who is reluctant or unable to tell you which company’s “PC Support” team they are ringing from.
If in doubt, do not divulge any information and suggest that you call them back on the company’s main switchboard number. If the caller hangs up, it was a scam. If they tell you who they are, where they are from, what their extension number is and agree to be called back via the switchboard then… even then, beware. The fraudsters can still trick you by staying on the line when you have hung up, keeping the line open, and can even play you a dummy dial tone when you pick the phone back up. It’s a low-tech trick, but surprisingly effective, as I have noted before.
The only safe way is to call a switchboard or technical helpdesk number that you know to be accurate, and to do so from a different phone. But If you have employed all the defensive moves suggested here, I am sure you will never get to that stage!
Have you been scammed like this already? Get your PC checked by a security professional. Some of the latest malware will not be detected by even the most up-to-date anti-virus and anti-malware products. And if still in doubt, stop using that device and inform anyone that might have experienced a resulting compromise, like your bank. They would far rather advise you how to protect your credentials in the face of malware than have to speak with you about restoring your credentials and online identity after funds have been plundered from your account.