Fraudulent computer access with a "phone call"

I'm sure we've all had the experience of being called from India; someone who says they are Windows technical support and your computer has a problem.  yada yada.  If they aren't hung up on, the ones that I'm familiar with end up asking for a credit card charge of around $180 to help you fix all your problems.

Recently I've had reports of people who received a phone call ... probably much like the above ... and "the next thing I knew they were in my computer".  "All I had to do was open my browser to its home page".  

So, the mechanism for access is either wrong, obscure or scary.
I would expect that they would ask for some particular actions by the operator/user.
I read that going to particular web pages is one mechanism.

Does anyone have actual experience along the lines of "taking over the computer" as if a remote support session with no real "help" from the owner?
I seriously doubt it but when one seriously doubts, that's a good time to ask.  :-)
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Not possible.   If some hackers are doing this, then this will amount to cyber crime.
JohnBusiness Consultant (Owner)Commented:
Ask your users to observe the obvious. If they do not have a open case with Microsoft, Microsoft will NOT call, so have them hang up immediately. 99% of more of users will not have open Microsoft cases, so they can reliably hang up.

Does anyone have actual experience along the lines of "taking over the computer" as if a remote support session with no real "help" from the owner?

Cannot be done. All vendor software to do remote sessions offers a key the user must enter. True for Microsoft, for Lenovo, for Symantec and most others I know and have used.
Fred MarshallPrincipalAuthor Commented:
Well, it certainly does amount to cyber crime!

As I suggested, the proper response to the normal thing is to hang up.  No news there....

I don't know what this question has to do with legitimate remote support scenarios.  It's not legitimate.

I believe the answers are so far:
"I have no actual experience with what's described.  Not that I'm surprised by that."

I don't think it's completely adequate to doubt that such things can be done because computers do get infected by bad things.  What's remarkable is the apparent synchronization with the phone call.
I did say I doubted it.  Waiting for stories to the contrary.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JohnBusiness Consultant (Owner)Commented:
because computers do get infected by bad things.  What's remarkable is the apparent synchronization with the phone call.  <-- I am not sure about this. We get these phone calls (very, very infrequent) and our computers have not (ever) been infected. So there is no relation there.

You might wait a while to get a post from someone who accepted the call.

I don't know what this question has to do with legitimate remote support scenarios.  It's not legitimate.  <--- You asked if a computer could be taken over without the user. If the computer is working right, no.
IMO, it's not (currently) possible without help from the recipient of the phone call. Otherwise there'd be no point to needing to make the call.
If you are directed to a certain Website, then that is definitely possible. That website is infected by some virus which infects the PC just by opening it. I think that's called "Drive by" infection or something similar. Your PC then has a remote control tool like teamviewer and probably also some keylogger and trojans installed. Once the bogus caller has the teamviewer alike tool installed he gets all your personal info that is on the PC. meanwhile he acts as if he is "repairing" the PC, while actually adding more malware.

NEVER answer to phone calls when you don't know who it is that is calling, or if your phone doesn't show the calling number, just hang up if someone unknown is at the other end. That should be common sense, and personally I can't understand how people can fall victim to such phony m$ calls from India.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fred MarshallPrincipalAuthor Commented:
tliotta:  Yes, that's what I believe as well - help from the recipient is necessary.  But, there is a need for the phone call in order to sell the "story" and to cajole out the credit card number/charge.  It's an integral part of their scam scenario.  But, certainly this could all be done "online" via web connections - but surely not as effectively.  

rindi:  I have had seemingly intelligent users fall for the calls.  And, I have an 85 year old client who hung up on them!   I don't understand either but as P.T.Barnum said: "there's one born every minute".  It must be paying off because it continues.  

Here's the best hypothesis that I can come up with if we assume up front without proof or knowledge that capturing remote control is possible.  (e.g. let's say that the scammer can do it and has done it a priori).
Their "system" (drive bys, etc.) infects the computer - giving them control.
Then, as part of having taken control, they get the phone number.  <<< maybe this is done through online cooperation from the user.
Then they make the telephone call.
JohnBusiness Consultant (Owner)Commented:
You should make sure the computer has top grade Anti Virus AND Microsoft EMET both installed and set up. Further, of course, users should be Standard Users, UAC full ON, and "administrator" disabled.

This way, they are unlikely to be infected and then remote login without permission from the user becomes nearly impossible.
No, the phone number comes first. They just try a bunch of numbers, and then assume the called people possess a Windows PC and they are dumb enough to visit the website they tell them to go to. That then is enough to get infected with the remote control software and keyloggers etc. They can then take charge and do whatever they want to do.
JohnBusiness Consultant (Owner)Commented:
Yes, I have already said "always hang up" but there are concerns above about infected machines and so my post for setting up good protection.
Fred MarshallPrincipalAuthor Commented:
Oh if life were that simple!

I work on a lot of computers "after the fact".  I don't have the luxury of preconfiguring them nor even to influence their owners.  That's the case here.  

- hanging up is good advice but was not known/followed by the operator.  One can give advice post facto but needs to fall short of being insulting.  e.g. "How could you be so stupid/naïve!" is NOT good for customer relations.  :-)   and doesn't fix what's already been done.  The reality is more like: "Oh no!  I'm sorry to hear that.  I'm afraid that's a common fraud."
- good protection is good advice but may not be "perfect" up front.  Of course, once I get my hands on the computer this will be fixed (too late).
- the notion of getting a phone number first is a *technical hypothesis* that has nothing to do with our current common experiences.  It *could* work that way couldn't it?  But, I believe, this would be too tedious in comparison to the shotgun approach (as evidenced by calling Linux operators about Windows) which seems to be successful enough to keep this practice alive.

This question was about if anyone had seen the described scenario in action?  It suggests a yes or no response.  Of course, experience around the "no" answer as given is good information.  And, there were no "yes" answers.  

I followed up with the most recent victim and determined that indeed there had been some "interaction" beyond "just open your browser home page".  Just what that interaction was is too hard to know.  It is now reported to have started with: "Press the Windows button with one other button and........."

From all this, I conclude, and it seems we all agree, that the described scenario (remote control with no interaction) is:
- not technically impossible over the universe of internet-connected computer workstations
- not likely for a number of good reasons
- never seen by a few experts

(If you look, you can find demonstrations of unilateral access to remote control - whether limited to on a LAN is a question.  So it surely seems technically feasible.)
JohnBusiness Consultant (Owner)Commented:
Fred:  It Is very simple.

1. You cannot stop the phone calls - that is out of your control.
2. You cannot prevent loose nuts behind the keyboard - that also is out of your control.
3. Secure the computer (AV and EMET)
4. Train people to hang up on the calls.

All done.
Fred MarshallPrincipalAuthor Commented:
Thanks all!
JohnBusiness Consultant (Owner)Commented:
Follow up. A person at home took such a call. "There is nothing wrong with our computer" . Pushback from caller. "Give us your number and we will call back"  

866-774-3022  = some number in Texas but NOT Microsoft.
Fred MarshallPrincipalAuthor Commented:
John Hurst:  Really?  The caller asked for the number he/she had just called?  That's a real laugh!

The case I worked on most recently was very prolific about advertising the number to call back.  There was a text file on the desktop and a prominent message in the task bar that included one of the numbers.  Also, U.S.-sounding names.
JohnBusiness Consultant (Owner)Commented:
The caller did not ask. The caller gave us the number because we asked for the number. They probably thought we were dumb enough to call back. Hardly!  But now I can look up the number in Google. Lots of action there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.