I work from home which has the very unfortunate result of me being home to receive a multitude of scam phone-calls. I regularly assist people to recover their WordPress Websites when they have been hacked so like to understand how scammers and hackers gain access to computers, software and Online services (as this often helps in resolving compromised systems).
One telephone call I get a few times every week is the well known scam where the person implies that they are from Microsoft Support and that my computer has been advising them that it has a virus (or is faulty). I usually ask the caller to hold; I then place the receiver down and go and do some work until I check back later and the scammer has hung-up. Today however I decided I wanted to understand what they were telling the unsuspecting recipients of their calls.
They know my address
One of the first things that the scammer does is advise you that your computer has been sending Virus warnings from your actual physical address. Of course the match between a phone number and address is listed in all sorts of publicly available places such as the phone book. The problem however is that unsuspecting people hear their address and the work virus and somehow get a ‘brain-freeze’.
The person phoning you then leads you through all sorts of fancy sounding stuff as proof of the virus (e.g. the warnings in the Windows Event log prove that the virus exists). Again, for the uninitiated this all probably looks and sounds very convincing.
Go to their Website?
I cut the call however when the ‘Microsoft Support Technician’ asked me to go to their Website (www.support.me) so that an engineer could provide remote support to my computer. The Website he asked me to go to is a login Page for LogMeIn which is ‘remote access and desktop control software’.
About an hour later I got another call advising me that my Microsoft Windows computer had a virus ….
Please see the Australian Government ScamWatch for more information