Fraudulent computer access with a "phone call"
I'm sure we've all had the experience of being called from India; someone who says they are Windows technical support and your computer has a problem. yada yada. If they aren't hung up on, the ones that I'm familiar with end up asking for a credit card charge of around $180 to help you fix all your problems.
Recently I've had reports of people who received a phone call ... probably much like the above ... and "the next thing I knew they were in my computer". "All I had to do was open my browser to its home page".
So, the mechanism for access is either wrong, obscure or scary.
I would expect that they would ask for some particular actions by the operator/user.
I read that going to particular web pages is one mechanism.
Does anyone have actual experience along the lines of "taking over the computer" as if a remote support session with no real "help" from the owner?
I seriously doubt it but when one seriously doubts, that's a good time to ask. :-)
Recently I've had reports of people who received a phone call ... probably much like the above ... and "the next thing I knew they were in my computer". "All I had to do was open my browser to its home page".
So, the mechanism for access is either wrong, obscure or scary.
I would expect that they would ask for some particular actions by the operator/user.
I read that going to particular web pages is one mechanism.
Does anyone have actual experience along the lines of "taking over the computer" as if a remote support session with no real "help" from the owner?
I seriously doubt it but when one seriously doubts, that's a good time to ask. :-)
santhoshu
Not possible. If some hackers are doing this, then this will amount to cyber crime.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, it certainly does amount to cyber crime!
As I suggested, the proper response to the normal thing is to hang up. No news there....
I don't know what this question has to do with legitimate remote support scenarios. It's not legitimate.
I believe the answers are so far:
"I have no actual experience with what's described. Not that I'm surprised by that."
I don't think it's completely adequate to doubt that such things can be done because computers do get infected by bad things. What's remarkable is the apparent synchronization with the phone call.
I did say I doubted it. Waiting for stories to the contrary.
As I suggested, the proper response to the normal thing is to hang up. No news there....
I don't know what this question has to do with legitimate remote support scenarios. It's not legitimate.
I believe the answers are so far:
"I have no actual experience with what's described. Not that I'm surprised by that."
I don't think it's completely adequate to doubt that such things can be done because computers do get infected by bad things. What's remarkable is the apparent synchronization with the phone call.
I did say I doubted it. Waiting for stories to the contrary.
because computers do get infected by bad things. What's remarkable is the apparent synchronization with the phone call. <-- I am not sure about this. We get these phone calls (very, very infrequent) and our computers have not (ever) been infected. So there is no relation there.
You might wait a while to get a post from someone who accepted the call.
I don't know what this question has to do with legitimate remote support scenarios. It's not legitimate. <--- You asked if a computer could be taken over without the user. If the computer is working right, no.
You might wait a while to get a post from someone who accepted the call.
I don't know what this question has to do with legitimate remote support scenarios. It's not legitimate. <--- You asked if a computer could be taken over without the user. If the computer is working right, no.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
tliotta: Yes, that's what I believe as well - help from the recipient is necessary. But, there is a need for the phone call in order to sell the "story" and to cajole out the credit card number/charge. It's an integral part of their scam scenario. But, certainly this could all be done "online" via web connections - but surely not as effectively.
rindi: I have had seemingly intelligent users fall for the calls. And, I have an 85 year old client who hung up on them! I don't understand either but as P.T.Barnum said: "there's one born every minute". It must be paying off because it continues.
Here's the best hypothesis that I can come up with if we assume up front without proof or knowledge that capturing remote control is possible. (e.g. let's say that the scammer can do it and has done it a priori).
Their "system" (drive bys, etc.) infects the computer - giving them control.
Then, as part of having taken control, they get the phone number. <<< maybe this is done through online cooperation from the user.
Then they make the telephone call.
rindi: I have had seemingly intelligent users fall for the calls. And, I have an 85 year old client who hung up on them! I don't understand either but as P.T.Barnum said: "there's one born every minute". It must be paying off because it continues.
Here's the best hypothesis that I can come up with if we assume up front without proof or knowledge that capturing remote control is possible. (e.g. let's say that the scammer can do it and has done it a priori).
Their "system" (drive bys, etc.) infects the computer - giving them control.
Then, as part of having taken control, they get the phone number. <<< maybe this is done through online cooperation from the user.
Then they make the telephone call.
You should make sure the computer has top grade Anti Virus AND Microsoft EMET both installed and set up. Further, of course, users should be Standard Users, UAC full ON, and "administrator" disabled.
This way, they are unlikely to be infected and then remote login without permission from the user becomes nearly impossible.
This way, they are unlikely to be infected and then remote login without permission from the user becomes nearly impossible.
No, the phone number comes first. They just try a bunch of numbers, and then assume the called people possess a Windows PC and they are dumb enough to visit the website they tell them to go to. That then is enough to get infected with the remote control software and keyloggers etc. They can then take charge and do whatever they want to do.
Yes, I have already said "always hang up" but there are concerns above about infected machines and so my post for setting up good protection.
ASKER
Oh if life were that simple!
I work on a lot of computers "after the fact". I don't have the luxury of preconfiguring them nor even to influence their owners. That's the case here.
So:
- hanging up is good advice but was not known/followed by the operator. One can give advice post facto but needs to fall short of being insulting. e.g. "How could you be so stupid/naïve!" is NOT good for customer relations. :-) and doesn't fix what's already been done. The reality is more like: "Oh no! I'm sorry to hear that. I'm afraid that's a common fraud."
- good protection is good advice but may not be "perfect" up front. Of course, once I get my hands on the computer this will be fixed (too late).
- the notion of getting a phone number first is a *technical hypothesis* that has nothing to do with our current common experiences. It *could* work that way couldn't it? But, I believe, this would be too tedious in comparison to the shotgun approach (as evidenced by calling Linux operators about Windows) which seems to be successful enough to keep this practice alive.
This question was about if anyone had seen the described scenario in action? It suggests a yes or no response. Of course, experience around the "no" answer as given is good information. And, there were no "yes" answers.
I followed up with the most recent victim and determined that indeed there had been some "interaction" beyond "just open your browser home page". Just what that interaction was is too hard to know. It is now reported to have started with: "Press the Windows button with one other button and........."
From all this, I conclude, and it seems we all agree, that the described scenario (remote control with no interaction) is:
- not technically impossible over the universe of internet-connected computer workstations
- not likely for a number of good reasons
- never seen by a few experts
(If you look, you can find demonstrations of unilateral access to remote control - whether limited to on a LAN is a question. So it surely seems technically feasible.)
I work on a lot of computers "after the fact". I don't have the luxury of preconfiguring them nor even to influence their owners. That's the case here.
So:
- hanging up is good advice but was not known/followed by the operator. One can give advice post facto but needs to fall short of being insulting. e.g. "How could you be so stupid/naïve!" is NOT good for customer relations. :-) and doesn't fix what's already been done. The reality is more like: "Oh no! I'm sorry to hear that. I'm afraid that's a common fraud."
- good protection is good advice but may not be "perfect" up front. Of course, once I get my hands on the computer this will be fixed (too late).
- the notion of getting a phone number first is a *technical hypothesis* that has nothing to do with our current common experiences. It *could* work that way couldn't it? But, I believe, this would be too tedious in comparison to the shotgun approach (as evidenced by calling Linux operators about Windows) which seems to be successful enough to keep this practice alive.
This question was about if anyone had seen the described scenario in action? It suggests a yes or no response. Of course, experience around the "no" answer as given is good information. And, there were no "yes" answers.
I followed up with the most recent victim and determined that indeed there had been some "interaction" beyond "just open your browser home page". Just what that interaction was is too hard to know. It is now reported to have started with: "Press the Windows button with one other button and........."
From all this, I conclude, and it seems we all agree, that the described scenario (remote control with no interaction) is:
- not technically impossible over the universe of internet-connected computer workstations
- not likely for a number of good reasons
- never seen by a few experts
(If you look, you can find demonstrations of unilateral access to remote control - whether limited to on a LAN is a question. So it surely seems technically feasible.)
Fred: It Is very simple.
1. You cannot stop the phone calls - that is out of your control.
2. You cannot prevent loose nuts behind the keyboard - that also is out of your control.
3. Secure the computer (AV and EMET)
4. Train people to hang up on the calls.
All done.
1. You cannot stop the phone calls - that is out of your control.
2. You cannot prevent loose nuts behind the keyboard - that also is out of your control.
3. Secure the computer (AV and EMET)
4. Train people to hang up on the calls.
All done.
ASKER
Thanks all!
Follow up. A person at home took such a call. "There is nothing wrong with our computer" . Pushback from caller. "Give us your number and we will call back"
866-774-3022 = some number in Texas but NOT Microsoft.
866-774-3022 = some number in Texas but NOT Microsoft.
ASKER
John Hurst: Really? The caller asked for the number he/she had just called? That's a real laugh!
The case I worked on most recently was very prolific about advertising the number to call back. There was a text file on the desktop and a prominent message in the task bar that included one of the numbers. Also, U.S.-sounding names.
The case I worked on most recently was very prolific about advertising the number to call back. There was a text file on the desktop and a prominent message in the task bar that included one of the numbers. Also, U.S.-sounding names.
The caller did not ask. The caller gave us the number because we asked for the number. They probably thought we were dumb enough to call back. Hardly! But now I can look up the number in Google. Lots of action there.