A quarter of internet users have received a cold call from cyber criminals falsely claiming their computer is infected with a virus, the government said today. The con is designed to obtain banking credentials and control of the target machine. Victims are told they need to download software that will remove the infection, but …
"Despite press reports on the scam going back more than a year, the security minister Baroness Neville-Jones said today that 80 per cent of internet users are unaware."
I was unaware of the issue until this report, however that doesn't mean I'm likely to fall for it.
Isn't this just government, again, using Big Scary Numbers to imply something that isn't actually the case?
I had one of these calls last year, a few days after my mother-in-law. What if there was a simple method to report to my telco - 'that last call I received, [I think] it was a scam'.
These things could then be closed down within days (or hours). Yes, they'd keep popping up again and again, but it might make their life a little bit harder.
The only case I know of is one of our little old lady users, who smelled a rat and hung up on them. Yet they still keep trying to call her!
Not really news
My father had one many months ago, to then ring me up in panic of course.
I'd like to try and get one of these calls myself so I can keep them on hold as long as possible then say I'm using Linux or a Mac and see what their response would be...
1 in 4?
I don't believe the 1 in 4 statistic.
Let's say only half the UK are 'web users'. That's about 30 million, 1 in 4 of which have allegedly been cold called in an anti-virus scam.
In other words, they reckon 7.5 million people have answered the phone and it was a call about a fake AV. Even using autodiallers and professional outbound call centres, that's still going to require a lot of manpower and outlay.
While I'm sure the scam exists in many forms, I call shenanigans on the stats.
It's alarming to think that there are people who will fall for a scam involving a phone call to tell them they've got a virus on their pc, but I can't say that it's surprising. Technofear will always exist and, despite the amount of safe usage information available, folk will still fall for scams of this type. I'm interested to know how the scammers can manage to convince someone that they've got a virus when they ring up. I mean, how would they know*???
As an aside, I remember back in the 80s when our school got its first Research Machines 380Z. We were told not to put floppy disks within 25cm of each other in case they 'caught' viruses that may be on the other disk.... Crazy, but true!
*Just thought of one.. The scammers could claim to be from the mark's ISP.. Still a long shot, though.
I feel I need to confess, because while I can't understand how anyone can be so dumb as to fall for these scams, I myself was once dumb too.
My first computer was an Amiga 500. I'd read in Amiga Power (or was it Amiga Format...) that a virus was going to be relased on a specific date. We didn't have a network connection.
To avoid my poor little Amiga 'catching' the virus, I didn't turn it on all day. Worked, though...
Actually, they already do.
I work tech support for Virgin adn have had many calls from people who said that Virgin had called them to tell them they had a virus.
Fortunately most of them had the sense to disconnect the call but there have been several who allowed them to do their thing and then the scammers ahve the cheek to charge them £90 for infesting their PC.
I always tellt eh customers thatno ISP would cold call a customer to tell they had a virus, they woudl need a call centre the size of Milton Keynes if they wanted to do that.
P.S. Had the the joy of watching my boss call one of these outfits up as they had given the customer a contact number and get ripped into the callers supervisor.
Firstly, we have been "poo-poo"ing scares and fake warnings about online crime for so long now that when there is a *real* threat people are just zoned out. First time I heard about this I assumed it was another one of those fake bogey man stories.
I'm also unsure about the figure of 1 in 4 internet users have been called by these people. 1 in 4? Really? Straw poll in my office suggests otherwise. 25% of all internet users in the UK is a lot of people.
See point 1.
Over-egging a threat which is real but low incidence makes people less likely to believe you next time around.
1 in 4 ? Doubt it. But then the Government is well practised at making up stats.
I got one of these calls on Saturday. The guy was clearly in a foreign call centre and could barely pronounce my surname.
I hung up on him as he broke my 5 second rule. That is, when you ring me up you've 5 seconds to explain why I want to talk to you. After 4.9 seconds he had only managed to explain that he had noticed my PC was "running slow". He said some other stuff but I couldn't understand what he said.
Obviously after the event you always think of funny stuff you could have said. I hope he rings back!
Don't think of something funny to say, think of something plausible and time-consuming. I kept one of these guys on the line for an hour or so (I wasn't on for all that time - there was a lot of "oh, it's starting up now, it always takes a while, I'll be back in a few minutes when it's done" so I could actually get on with something useful). He really wasn't happen when at the end of all that I suggested that the reason it wasn't working was because he was trying to get me to run a Windows executable on a Linux machine...
anyone who falls for this is an idiot.
It's hardly aimed you, you plank. It's aimed at folk who are not IT pro's, so get off your milk and drink your horse.
Had one here...
Unfortunately the kids picked it up rather than me. My record for keeping these dreamers on the phone is 24 minutes (you've won a free mobile/double glazing etc etc) and I would have loved a chance at this but I've trained my little buggers too well and after a couple of minutes of the caller continually saying 'we're from your ISP' (co-incidentally mentioned above) but not being able to name which one that was, they rang off.
Have to say though that this does rather clash with comments which come out when Spambots are located which suggest the SIP tell the poor innocent that their machine is infected.....
Post your own message
I get a call on my work number about once a month from the same auto-scammer. A recording tells me that the govt has introduced a fantastic new scheme to eliminate all my debts, with no obligation, and all I have to do is press a key to speak to an operator. I normally press the key, and wait for the retard at the other end to say 'hello' a few times, at which point they hang up. When this happened last week, though, I played along, and spoke to the guy at the other end for 10 minutes. I added a few decades to my age, and made up a lot of debts, as he got more and more excited. He gave me his company name, and then passed me on to his supervisor, who gave me a different company name. There was no government scheme, of course, but at the end of it I'd agreed to let this company contact all my fictitious creditors and reschedule all my fictitious debts, at a cost of only £100/month. He then sent me all the papers to sign, which I got a couple of days later.
A total waste of my time, of course. I don't think he's even done anything illegal, so there's nothing I can do with the papers.
Signing up to the TPS is the way forward
If you sign-up to the Telephone Preference Service (TPS) then a company cannot legally cold-call you by phone. Since I've been signed-up, (over a year) only one organisation has contacted me in an attempt to sell me a service. As soon as I realised that it was a sales call I interrupted the caller and asked them how they obtained my personal data and what right do they have to cold-call me when I'm registered with the TPS. I reported that particular organisation to the ICO and told them that, should they contact me again, I would pay to have their phone number blocked and recover the cost via the small claims court. Needless to say, I have not heard from them again.
The point is though, once you are registered with the TPS no one should be cold calling you. So the first question you ask is how have you obtained my personal data. Often this is enough to deter the criminals.
Get your facts right.
1. It only applies to UK business, they have no juristriction to your run of the mill Indian call centre.
2. If you have business with them it no longer applies. i.e If you have boiler that was fitted by British gas, then can call you (unless you schoose to opt out).
3. It does not stop market research, they are exempt (as are some others).
FINALLY AND MOST IMPORTANTLY.
If they are trying to scam you for cash, do you honestly thing they give a flying fuck about the TPS?
These guys are based overseas, so probably havPS, let alone give a fuck about it. Clue: they're THIEVES, they're not all that good with following rules.
Had two of these recently, but as I wasn't all that busy I managed to string them out for a good 5 minutes before swearing at them and hanging up :-)
Oh and the number stored when I tried 1471 was "0123456789".
Had one of these calls at the weekend
Caller ID said "Out of Area" ie. overseas.
Foreign-sounding woman asked for me by name and said she was "responding to my computer problem".
Kept them on the line for a good 30 minutes claiming I couldn't get their downloaded fix to run, before I told them that I was using Linux!
I got this
My girlfriend got one of those calls and passed it over to me.
It went something like this (add thick accent for "him"):
Me: Can I help?
Him: You computer is infected. We wish to help clean it before you lose your data.
Me: How do you know? What's the name of your company?
Him: It dialled us to tell us. We are a computer fixing company.
Me: I don't believe that, infact I know that's a lie. How did you get our number from the computer?
Him: The computer. It sent us your details.
Me: I work in IT; I know for a fact you're lying.
I was pretty taken-aback at the pure check of it, to be honest. Even though he clearly had less-than-rudimentary knowledge of computers, I can see a fair few people being fooled by this type of thing.
Just a thought
Any bank executives looking? (Well, one can hope)
What about issuing, on request, a genuine fake credit/debit card number, for use in fake situations like this, or at the very least a number which flagged the systyem immediately the moment is was used?
Would give an immediate flag as to the route taken by specific transactions and a chance to choke off the cash flow.
Heard about this one
Heard about this one from several of the staff at the school whose IT I manage (the phone call was for their home machines, not the school's). They often claim being from Microsoft and some people are genuinely caught out (but luckily JUST suspicious enough to ask me first) because they always hear about how MS has antivirus now and how they are trying to help people keep their computers clean etc. Alarm bells tend to ring when they ask for money but there are other, much more subtle ways to get money from people - like that mentioned here of just getting people to run a program ("I just need to run a diagnostic... could you just type in...").
One member of staff said that they offered to clear up the PC if he paid them £60. He told them that the computer wasn't worth that, even if he did think they were genuine. Again - it's the little old ladies, the confused, and the vulnerable who will be falling for this scam, not the average guy.
We *really* need a way to phone a number and say "the last call I received was an attempt to defraud me, or an unwanted call, etc.". Most of the time BT say that they don't keep records (funny how they would be able to tell who phoned me if I were a terrorist) and have to "intercept" the line only after lots and lots of shouting and then you have to hope they call back during the period that your phone line is completely useless to yourself. Had a bank sending me fax's every ten minutes once and couldn't get them to stop for HOURS because of that - turns out they were sending the bank statements via some internal fax service and it dials my phone number if you miss off a few digits - the bank were horrified, but it took BT ages to actually stop anything, start intercepting calls and then get in contact with the caller.
Shareholder lists are in the public domain. Although I sold out years ago I still get unsolicited calls from people with thick accents, usually called Clive, who want to make my/their fortune. These start off "May I speak to Mr. ******* ". I generally reply, "No, but I have a message from him. Go stick your head in a pig." To my knowlege this only really worked once with a lady with an American accent who became incoherent with rage even before I had outlined the advantages and disadvantages of the choice of end.
With Paris the choice would be easy of course.
Let me guess...
I bet the report also says they can also deploy a new scam in only 45 Minutes.
I now almost wish...
...I'd answered that 'Out Of Area' call which was ringing on the house phone when I walked out the door this morning. Oh, well, hope the cat had her fun with them!
My Mum got one of these calls last year. On paper she might look like your perfect mark (retired, not techie etc.), but she's no dunce and I've trained her well - she played along, kept the scammer talking for as long as possible and got as much information out of them as she could (whilst taking comprehensive notes for me), before merrily informing them she didn't even own a PC so they must be spinning her a pack of lies.
From what she told me, I don't think the overseas gentleman on the other end of the phone appreciated her line by line refutation and demolition of his carefully rehearsed script... ;)
Education Education Education...
I would be ashamed to know anyone stupid enough to be duped into this scam.
@ Tigra 07
perhaps you should wander over to http://www.scamwarners.com/ and read a while, these victims deserve your knowledgeable support not your derision
What these people need is education about not giving out personal information to strangers.
so be part of the solution - sign up and help educate then
there are people who spend some of their own time talking to and educating various groups (really, there are, I know some of these people)
or if you feel so strongly about this subject you could get into hurting these low life ***** back, 419eater.com is a good place to start and to get help to learn how to do this effectively but ethically
but please leave your attitude at the door eh?
TPS won't help you here
TPS only prevents legitimate businesses within the UK from cold calling you. My parents are plagued with boiler room scammers calling from various overseas locations, on the occasions my parents have mentioned that they are TPS registered they have either been laughed at or just given a load of verbal abuse. And called back later.
I say "plagued", on a good day they get 2 or 3 calls. They may go a few days with no calls. Its a moderate annoyance.
For overseas calls...
Keep an airhorn next to the phone.
better than airhorn
i have a child under one year old.. does a better job
The benefit of TPA...
... Is that you KNOW that any commercial call is a scam.
I therefore unload all my pent up anger and bile on anyone calling me. My ISP/telco took 4 requests (each responded to with a request to give them 28 days grace to cease) and finally a threat top refer to the ICO for ignoring a "do not call" stipulation. The last call from them claimed to be the "accounts" office, (but was from their Sales number), that my contract had finished and i needed to renew it. I pointed out that my contract was open ended and that this seemed like a scam not worthy of a company licensed as a telco Increasingly bolshie A*hole at far end became quite abusive at this point and as i replaced my receiver said that my line would be cut off. 4 months later the line is still functioning.
I solved this issue completely...
No more scams, no more harassment, no more wrong numbers, no more telemarketing.
1) get a Google Voice number or equivalent.
2) set the defaults such that ALL calls go directly to voice mail without ringing any lines.
3) set a generic voice mail greeting indicating something like "Due to excessive marketing and scam calls on this number, all calls to this number are screened by an electronic system. You MUST speak your name and then leave a voice mail to be called back. If no voicemail is left at this number, it will be impossible to have your number added to an approved caller list. If you believe you are receiving this message in error, please contact the owner of this number through another means."
4) add all your family and friends to approved caller lists. Set the default such that the caller name is spoken by Google when they call in case you answer without looking, but have caller ID passed through so you can see without answering. Some specific people you always want to answer from put in separate groups if you don;t want to have to accept the call after answering.
5) Have voicemails forwarded to your e-mail, and if possible change your Google voicemail to be the default voicemail system for your phone (this can be done on iPhones and many others) If you get a voicemail from a name or number you do not recognize, Google the caller's number to ensure they're not scammers calling.
6) on Google voice, go to history. For numbers of people you like, or companies you actually want calling, add them to lists to pass them through to your phones. For each number you want blocked, click the "more options" link near the number and select "block this caller" and they'll never get to your voicemail box again.
I sync my google contacts with my phones, so anyone with approved numbers has a contact on them. I set a ringtone and vibrate option for all of them. My default ringtone for all other numbers is silence (a null ringtone), and I have vibrate set to off. This way if someone calls my cel directly (not google voice), i don't know they are, and ignore them. I have my cell phones set to not use their own local voicemail, but instead forward all calls to my GV number after 4 rings. This way, they show up in my google history even if they don't call my google number. My GV number is the ONLY number I give out for any reason, so over time less and less people and companies are calling my cell. AT&T is also nice enough to offer me an option to do call filtering, so only calls from a few area codes can even ring my cell phone at all (I was getting abusive amounts of texts from non-normal formatted numbers when i got this line, so they added that option to me for free, most people have to pay for it though). 800, 866, etc numbers simply can not call my cell phone (they have to call the GV number).
I went 1 step further... I have a dry line with the phone company for DSL. My home phone is Vonage and we have cells too. The dryline actually HAS a phone number. So, i called the phone company and asked them to do me a favor, and I had them redirect calls from that number to another one. They charged me the call forwarding feature, but no actual line charges. ($3 I think?) I used the web site to set up forwarding for that number to the FCC abuse hotline! Calls i don't want get blocked, but marketers who abuse the do-not-call list, and scams, get redirected RIGHT TO THE FCC!!!! I love it.
1 in 4...
Those who doubt the stats on general principals (Disreali) are of sound mind. However, after I mentioned to my local beer garden a recent call I had recieved and finding I wasn't alone, it seems that 1 in 4 is not completely unreasonable. Yes, it was a very small sample, but still...
I might suggest that many Reg readers might underestimate the number of these calls because I suspect that Reg readers are the type to, rightly, say "FAAK OFF!" immediately upon receiving an unsolicited call, and thus not know what kind of phone pest was calling 'em. : D
For my part, I kept em on line for a while trying to get clues to pass on ( local constabulary >> national fraud action squad - BT were useless). At the mention of 'Whois' they hung up.
Strange one though: my landline is not in my name, yet they adressed me by name... I don't know how, only thing I can think of is my dealing with DELL's tech support earlier in the year but I'm by no means certain. Anyone any ideas?
If the phone's not in your name
If the phone isn't in your name but the caller called you by name then obviously that information is available on line somewhere and you likely put it out there.
Sorry to be stating the obvious.
I delay them as long as possible
More fun that way, as they try to get you to run various programs. Just always not quite understand what they are saying. I went through a run of these calls in August. The final one lasted just under 45 minutes after which I told them I didnt want to do it because it was a scam.
Their reply was "why are you wasting my time then sir?" to which I replied "well, you called me. I thought you were lonely or something"
Not had one since.
Happens in the States too
My wife got a call early last week from someone claiming her computer was infected. The caller wanted her to log into the PC and visit a 'special' web site.
I'm not sure if she would have cooperated or not, but she can't get into my PC and her laptop wasn't available. She finally hung up and called me.
I told her not to ever do something just because someone calls and tells her to. She had suspected it was a scam, but didn't understand the full implications.
I wish I had been able to take that call, it might have been entertaining to fuck with the crook.
I suspect that the 1st line callers don't know they are scamming since they tend to hand the call off to someone else. Either way, keeping them on the phone will cost the scammer.
Some people want to get scammers off the phone... some of us want to make them cry. If I'm doing something like putting tile in my bathroom, I'm happy to talk to them as long as they stick around. It seems these guys are happy with Windows XP and want you to run an event viewer which shows scary logs... next they want you to download a remote control app. If you play dumb, you can stall them for about 20 minutes before they wise up. The ones calling here start by asking me to turn the computer on which helps waste a bit of time since its slow... Stall until you can say you have a XP DOS or something that hits their buzzword list. Ask them how to spell everything and even ask where that key is on the keyboard. It appears that the more computer illiterate you are, the more they are willing to stay on the line to scam you.
Some friends have a telemarketing game. You get points for getting them flustered, yelling or making threats. Extra points for hitting up on them or getting them to quit. Lots of extra points if you can pull a reverse 419 scam. Munchausen bragging is expect so its not awarded points unless they have heard of you or it leads directly to another point. You also get points for a calling location and then you can get points later if a buddy uses that info to get points.
titles = badgers
Had a series of calls here from an obviously sub-continental but articulate lady claiming to be from the MS securitycentre. As I'm in the phone book, being addressed by name was no surprise. She claimed that " they " had been receiving many error messages from my computer ( not so ) and having recently visited and admired the work of the scam busters I did my best to delay/harass/frustrate. It took her 3 calls and ~30 phone-minutes to get me to open a CMD window then type in ASSOC. Then the BS started, focusing on the .ZFSendToTarget=CLSID.... line. Strung out some more ( acting the doddering old fool some think me to be ) to be eventually passed on to a " supervisor " with whom I lasted another 15 minutes. They wanted AU$110 for whatever it was they were selling and didn't get it from me.
I can only hope that while I buggered them about, other not-so-savvy folk were spared their malicious attentions. Least one can do.