Wednesday, 15 April 2015 17:16

ESET warns on support scams


Consider yourself lucky if you haven't received a phone call from a scammer claiming to be from "Windows support" or "Telstra support."

Fraudulent calls from people purporting to be from Microsoft or another well-known company and claiming they have detected some sort of problem - typically a virus infection - with your computer and offering to fix it for you are all too common.

Most iTWire readers will hang up, but some will string the caller along just to waste their time.

Security vendor ESET has published a lengthy report describing how the scams work.

Your less tech-aware friends and family probably won't want to plough through all that, so here's a summary provided by the company, with iTWire's annotations in italics.

1. Don't trust anyone who cold-calls. If you live in a jurisdiction with a "don't call me" opt-out registry of some sort, consider subscribing to it.

Australia does indeed have a Do Not Call Register, but business numbers are not accepted. Another issue is that "fault rectification calls" can be legitimately made to numbers on the register. So the important part is "Don't trust anyone who cold-calls."

2. Terminating such a phone call rather than trying to find out more about it lessens the risks to you. In fact, any cold call should be regarded as suspicious until proven otherwise, and more so if it offers security advice. At the very least, verify the source and authenticity of any offer of service, and don’t be panicked by warnings of immediate threat into making unwise decisions.

Cold calls should be treated with the utmost suspicion. It is almost certainly best to hang up. ACMA's advice is "Always be vigilant when receiving any unsolicited phone calls to your number and if you suspect it is a scam simply hang up."

3. If someone says you have a virus problem – or other system problem – ask them how they know. There are circumstances under which a service provider may have the ability to identify the owner of an infected machine, but most people and companies – won't generally be able to do that.

It might happen that the scammer claims to be from your ISP. If they pick one of the big names - especially Telstra - there's a reasonable chance of being right. So hang up anyway.

4. If you think there really may be some truth to the call, find out exactly who is calling you. Support scammers tend to be evasive about who they really are and who they represent. But if they do give you details, don’t take their word for it. Verify.

Part of the problem is that companies have trained us to "verify our identity" whether we call them or they call us, so unless you're on your guard from the start there's a risk of letting slip some information that could be used against your interests. So if you get such a call and you really think you need to talk to Microsoft or Optus or whatever and you don't already know its phone number, obtain it from a non-internet source such as the paper White Pages or from a bill you've received. Definitely don't trust anything the caller tells you. The longer you let them talk to you, the more chance you're giving them to suck you in.

5. Anyone can claim to be anyone on the phone. And if you have caller-ID, don’t take it for granted that the number you can see is genuine, even if it looks ok. Legitimate callers do sometimes withhold their numbers or simply show as international.

And if you pick up the phone and there's 'dead air', just hang up. If the caller is not waiting on the line, they're very likely to be someone you don't want to talk to. A genuine caller would ring back, a scammer will move on to the next number.

6. Even if they are who they say they are, that doesn’t mean their intentions are legitimate, and it doesn’t mean they have a right to call you.

It depends what you mean by "a right". Having a phone is arguably an implicit invitation for others to call you, subject to restrictions such as the Do Not Call Registry and unlisted numbers. But you are definitely entitled to ignore a ringing phone or to hang up on a caller!

One final observation: the way these scammers use remote control/screen sharing applications to mess around with their victims' computers has given that type of software a bad name in some quarters. There are many bona fide businesses of various sizes that use programs such as TeamViewer to provide their customers with remote support to save the expense of an on-site visit. A big difference is that they don't phone strangers and claim to have detected a problem with their computers!


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments