A Public Service Messsage from The Twelfth Fret

Recently, we’ve run into something that we feel you should be aware of, though it has nothing to do with our business or hobbies.

A con or scam has appeared in our area and it’s targeted a few people we know, mostly older computer users.

It uses quite convincing ‘social engineering’ and its end goal is to convince the target to submit credit card information or make payments.

As this is a time of year when many families come together, it’s perhaps easier to spread knowledge of this to those who need it.

What It Is:

This con involves a telephone call from someone presenting themselves as from “Microsoft Security” and suggesting that the target’s computer has been identified as somehow infected.

The caller directs the target to turn on their PC, download a piece of software – often the entirely legitimate and high quality TeamViewer – and provide some identification that allows the caller to take remote control of the PC. The caller then opens the Windows event logs, filtered to show critical errors. (While most systems can be made to show these at any time, the caller completely misrepresents their meaning).

This filtered log is used to convince the target to allow the caller further access to system and user data files. Some files may be deleted, or copied to a remote system.

The next step in the con is to tell the target that the caller can help resolve these problems, but first the target must go to a particular website and use a credit card to make a payment.

If the target suggests that they’d like advice from someone else, the caller will usually insist that they can only speak to the target to resolve these ‘issues’.

What To Do:

If you or anyone you know receives such a call, hang up. Do not follow any directions from the caller.

Unless you’re a Microsoft employee, no-one from Microsoft will ever telephone you.

If you have a number from the caller, telephone the police and telephone company to report the fraud attempt.

If the caller was successful in getting the credit card payment, call your card provider immediately to report your card as being compromised, so that the transactions can be reversed. Use the telephone number on the back of the card.

Additionally, if the caller was able to gain control of the system, consider that it *may* have been compromised and professional help should be sought to determine this. The installed remote control software should be removed, but with the system disconnected from the internet.

If information such as email passwords or bank logins was stored on the system, use another system to change them all, as soon as possible, and quickly notify the banks of the possible security breach.

These actions are inconvenient but may well prevent theft.

I should reiterate that the remote control software often used in this con, TeamViewer, is completely legitimate and useful, and TeamViewer has no connection whatsoever to the con.

The Twelfth Fret