The fake tech support calls have been making the rounds again and we have seen countless cases where the victims realize that they’re being scammed only after it’s too late. Today though, that wasn’t the case. Today, there was no victim. I wanted to briefly share what happened in hopes that others may benefit from this fast-thinking would-be victim.
I received an email from a long time client with the subject ‘Windows Emergency’. My heart sank for a moment, fearing the worst, until I read the message. It was very short but the client had received a telephone call from ‘tech support’ warning that they [the ‘tech support’] had identified a Windows Emergency. The client’s response was perfect. Rather than letting the ‘tech support’ onto their computers or discussing the matter further with the fake ‘tech support’, the client simply said ‘then have our regular IT support call us and we will work it out’. That ended the call. The attacker was attempting to use Social Engineering to gain access to the client’s system. Some very important things to take away from this.
- The only times that you should get a legitimate call from someone telling you that your computer | server | network has a problem is from a) the person who’s computer | server | network you are attacking or b) the person that you pay to manage your computer | server | network. In the case of the former, the person on the other end is going to tell you to contact the person responsible for your computer | server | network security (and possibly your attorney), they won’t offer to fix it for you.
- Anytime that you get a call from someone claiming to be ‘tech support’ or, for that matter, your banker, credit card company, the IRS, the FBI, the NSA, etc., ask them for their name and number to call them back. If it’s a legitimate call, they should appreciate your due diligence and provide it to you. You then call a number that you know to be legitimate and tell them what has happened. If it was a legitimate call, they should be able to forward you to the appropriate person.
- With firewalls, antivirus, intrusion detection / prevention, proxies, etc. now protecting systems, attackers realize that hacking the human (social engineering) is often the quickest and easiest way to break in. Why bother hacking the defenses when you can just bypass them entirely. If you get a telephone call, email, pop-up, etc. and your spidey senses go crazy, error on the side of caution. If it’s an email, call the person or organization that supposedly sent it. If it’s a phone call, get a name and number to call back. If it’s a pop-up, don’t click *anything* on it but use the <ALT>+<F4> key combination to kill all open processes. Then, reboot your computer into safe mode and run a virus scan. This may be slight overkill (it’s entirely possible that you just visited a website or viewed an online ad that caused the pop-up) but it can save you and / or your employer a lot of lost time and money.