8078890707 glenn@hartspace.ca

The anatomy of a Phishing Scam

Phishing Scams are occurring every day and are taking a toll. The number one thing to remember is – DON’T PANIC!

Hacking
Hacking is the act of a person or persons to infiltrate your computer using exploits and lapses in security on your computer. There is very little the average user can do to thwart a dedicated hacker, there is also very little the average user has that a hacker would be interested in.

Phishing
Phishing is the act of tricking a computer user into allowing someone into their computer through lies, tricks and misleading methods. This is by far the easiest and most lucrative method that scammers use to gain access to your computer, charge your credit cards and steal your information. This is how most people get their computer infiltrated, and there is a multitude of ways to combat it.

Phishing (“fishing”) scams are more common than you think.

MICROSOFT DOESN’T CARE ABOUT YOU!
In the grand scheme of things, the home computer user is irrelevant to companies like Microsoft (insert any technology company beyond your local computer technician).
Tech companies as a whole are interested in Business to business computing. Businesses with hundreds of computers, networks and large chunks of data that need protecting. That is where they make their money.

COMPANIES TRULY ASSOCIATED WITH MICROSOFT DO NOT CARE ABOUT THE HOME USER.
Other than you small local computer or technology supplier, assume the tech company is interested in money, and like Microsoft, they want those big companies.

NO ONE USES POP UP ADS ANY MORE!
Companies just don’t use pop-up advertising anymore, other than maybe a newsletter signup. Any pop up that says it’s from Microsoft or “Windows” probably is not.

$25 malware cleanup!

Suggested twice a year for regular maintenance for the average computer user. ($800 would allow for 16 years of protection)

Panic, your own worst enemy.

Computers are hard to understand, almost magical. All your lives are stored on your computer, and if you lose everything, it will be the end of the world. WRONG!

Phishing scams always follow the fundamental, primal fear that most computer users have of their computer – the unknown. By talking fast, with substantial loud alerts about being infected, pushy people on the telephone, email and even websites telling you all sorts of nasty things about your computer. This instils a sense of panic in the computer user, which opens them up for manipulation by the scammers. Fear is the scammers best weapon against you.

The above are actual examples of a more prevalent phishing scam, the tech support phishing scam. In these cases a user is innocently visiting a website and BOOM, a message like these take over your browser, there may be alarms sounding, very official sounding “YOU HAVE BEEN INFECTED…..” voices and more. These are just pop up ads that are configured not to close easily (causing more panic) and to put you into a panic mode.

The average computer user will not know how to shut this window and will, because they are panicked, call the phone number.

There is a simple way to make the message/popup go away, just hold the power button on your computer for 5-10 seconds, this will force a hard shut down at a level not affected by software. This kill switch is hardwired into nearly all computers and devices (smartphones, tablets). Then just turn your computer back on. If (very rarely) you reboot the computer, and the message is still there, call an actual technician, never call the number on the popup.

So what happens after you call the tech support number?

The first thing that the person you call will do is try to keep your panic levels up while appearing as someone who can solve the issue, they will just need to access your computer.

You will be asked to go to a website/page and download a file and do some things. – DON’T DO THIS!
This is where you are actually giving them access to your computer. What you are doing is downloading a remote access program and sending the scammer what they need to access your computer.

They will show you all the nasty things they find on your computer.
Most operating systems and programs work with numerous errors, incompatibilities and shortcuts that may make them look like there are significant problems, however, that is standard operating parameters. The scammer can show you all kinds of errors, sometimes the errors are real (but unimportant) and sometimes they merely cause errors or run programs on your computer that makes it appear as if your computer has serious issues. They at this point have full access to your computer and can do whatever they want.

They are not doing what they say they are doing.
The scammers may say they are going through looking for issues or even showing you things – that’s the distraction. They are going through your emails, documents, looking for passwords, credit card information, banking information and whatever else they can make money off of. They have full access to your computer and can do what they want.

The ask for money/service packages. 
Sometimes they will ask for credit cards up front, sometimes they will wait, show you some nasty stuff found on your computer when they take control, but at some point, you will be offered a “service” package that will keep your computer safe. These service packages can cost anywhere from a couple hundred dollars into the thousands. 

What do they install on your computer? 
So now you have a computer service plan all paid up, and now they install some excellent programs that will keep you safe. Well, not really. Typically they will install free programs anyone can download, the programs are outdated and usually don’t work. Commonly the programs are modified in some way – like maybe something that logs your keystrokes, records your banking websites, and many other evil things. 

An example of what $800 gets you.

A “service”  charge of $800 USD from a recent phishing scam victim got them six programs installed on their computer, three of which were free and designed for XP (they are using Windows 10) and one they already had installed because its free anyway. One program that I identified as a key logger (tracking keystrokes for passwords) and something I could not even recognise. 

This computer was running McAfee security centre and web security which did nothing to alert the user, so if you think your virus scanners will protect you, sorry they won’t.

The user also allowed an unknown entity into their computer with full access to do whatever they wanted. The only 100% way to make sure they did not plant something on the computer or open it up to future access is to wipe and start again. Loss of data, loss of time and a real technician can usually do all that for a fraction of the $800 USD the “service” company charged.

INNOVATION

CONTACT US

STAY IN TOUCH

21 Second Street
Nipigon, ON. P0T 2J0

807.889.0707

glenn@hartspace.ca

VISIT US ON FACEBOOK

Share This