This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
I’ve written on other mediums before about what to watch for with regards to scams and phishing attempts in email and also about cold call Telephone scams.
The latter is what caught “Peter” (not his/her real name) out and ultimately cost him $7,000 – virtually unrecoverable due to the circumstances. Read on for a timeline of exactly how it happened.
This story has been written with permission from the victim – identity protected by request.
The Phone Call
Several weeks ago, Peter, a middle aged trusting soul who’s not all that computer savvy got a call from someone purporting to be from Telstra, an Australian Telephone and Internet provider. His Internet Broadband connection is provided by Telstra so it tricked him into thinking the call was legitimate.
The scammer claimed that Telstra had been monitoring his connection and that lots of viruses were being sent from his computer. Using typical scare tactics, he was told he faced his Internet Connection being shut down unless he acted immediately and co-operated with their instructions.
According to Peter, the criminal on the other end sounded very professional and knew his first and last name.
In order to “rectify” the situation, the scammer claimed Telstra required access to his computer in order to install specialized security software. This was to purportedly install software that would not only deal with the infections, but also to catch the person who had put the virus’s on his computer in the first place. They claimed to be working with the authorities in order to shut this criminal ring down.
Remote Control of Victims computer
Peter followed the scammers instructions and went to a website which allowed the scammer complete control of his computer. They pulled up Windows Event Viewer (eventvwr.msc) on his machine, went to the Windows Logs section of event viewer and showed him a ton of errors and warnings which can be normally found in every Windows computer – most of which are benign and can be safely ignored.
They over-rode his antivirus protection and installed their so called security suite, which after careful examination by me after the fact, turned out to be a Time Bomb Trojan set to re-infect the computer in the event that the infection “they” installed (back door access) was terminated by other security software after the completion of the scam.
They then gave him a story that in order to catch the scammers who were putting all these infections on his computer, they would credit his Telstra Account with $1,000 – later with another $6,000 but in the meantime, he needed to send them $7,000 via Western Union or MoneyGram.
The scammers were relentless, going to the extent of keeping him on his mobile phone and warning him that he must not tell anyone what was happening lest the scammers got tipped off. They even went to the extent of keeping him on his mobile phone while he physically went to his bank and ATM and withdrew the cash they instructed him to withdraw and then walking him through the process of sending a MoneyGram using the credentials of a fake Gmail account they created in his name while they were connected to his computer.
Peter did as he was instructed and as soon as the money was sent, all communication suddenly stopped. Promised phone calls were not made so Peter rang Telstra Technical Support to inquire if it was OK to keep using his computer. It was then that he got that sinking feeling in his stomach when he was informed that Telstra had made no contact whatsoever and that he may have been scammed.
The REAL Telstra suggested contacting the Police and reporting the scam immediately. Unfortunately, there was little the Police could do to help, so that led to nothing.
They also offered him a 12 month deal whereby they logged into his computer and helped him change all of his passwords and do standard virus scans – and not very good ones as proven by the fact of the Time Bomb Trojan I was able to locate when Peter contacted me for additional assistance.
Peter went to the police and sympathetic as they may have been, all they could do was take down a report of what had happened. They advised the likelihood of being able to recover such a large amount of money that he’d sent was virtually nil because both MoneyGram and Western Union transfers are treated just like cash!
It’s extremely easy for scammers to fake identities to collect their ill-gotten gains in cash. Virtually untraceable to the real person who collects the money.
Peter is understandably devastated. $7,000 is a LOT of money to him (as would be to any of us as well) and he feels ashamed that he was so gullible. He agreed to have this story published to my client base in the hope that it might prevent someone else falling for the same trap.
Don’t judge Peter too harshly though – he’s a victim of professional criminals that take a lot of time collecting as much information as possible about you to make their calls sound legitimate. In hindsight, he wonders why he didn’t just end the call and contact Telstra himself, or telephone someone like me to ask for advice – but hindsight doesn’t help his drained bank account now.
- Never take cold calls to your telephone at face value – regardless of how much the caller appears to know about you. Get their Employee Identification number, end the call and call the company back on a number you “know is legitimate” – Ignore any number the caller may ask you use.
- Unless your intention is to send cash in an emergency to a family member or friend, hang up the phone immediately if the caller even hints that they want money or payment sent via “Western Union” or “MoneyGram” – 99.99% of the time, you WILL be talking to a criminal scammer! The words “Western Union” and “MoneyGram” should ALWAYS ring alarm bells for you and make you highly suspicious.
- Never click on links in emails regardless of how genuine the email looks. Anyone with a bit of computer savvy can easily recreate an email to make it look like it’s from your Bank, PayPal, your Credit Union, your Telephone or Internet Provider – read anyone. It truly is a trivial task for someone like me for example, to make an email look like it’s come from anyone you would normally trust and insert Phishing links into the email designed to gather information about you, passwords and so on.
Try clicking this link as an exercise.. Click here to go to the NAB Bank Website
– if you click that link, you’ll actually end up on my website. Try it, I promise it’s perfectly safe.
See how easy it is to be fooled?
- DO ask for help and don’t be embarrassed about doing so. If you get an email you think is legitimate but are not 100% certain that it is (in the event that you were expecting it for example) then get someone to look at it for you. Send a copy to your preferred IT Support person with a Subject of “Is this genuine or a scam” or similar if you like and have it examined by them to tell you whether it’s genuine or not.
- DO Ignore spam emails trying to sell you something, usually at highly attractive prices. Again, these can be scams and often are. Remember, if it sounds too good to be true, then it usually is.
I absolutely despise scammers, Trojan, Malware and Virus developers – they are the scum of the earth who prey on those that are trusting in nature and not very computer savvy to take them for anything they can get.
We can only hope that one day, the criminals that took advantage of Peter in the example above will one day be caught and put in Goal where they belong for a very long time – hopefully in a cell with a huge cell mate named Bubba that will torture them in a way not unseemlier to the way they’re tortured their victims.
Please feel free to contact me for additional information.
I wish you all enjoyable and above all – safe computing.