In the antivirus cold-calling scam, call centers contacted users claiming to be support staff from Microsoft calling to make sure “the system is okay,” Graham Cluley, a senior technology consultant at Sophos, told eWEEK. The scam has other variations, with the caller pretending to be from the user’s internet service provider or a “security consultant.”
Criminals are renting out cheap call centers in India to randomly cold-call users to make sure the latest malware wasn’t effecting their computers, said Cluley. The callers follow a script that has users look in the low-level “techy” areas within the Control Panel, Event Viewer, or the registry, with a number of scary-sounding errors, cryptic messages, and warnings, he said. As the user confirms seeing certain messages, or reads back various parts of the screen, the caller explains those are problems, and then springs the trap, he said.
Improved security products are making it harder for Web-based attacks and scams to succeed, but “telephones bypass the technology and go straight to the weakest link in the chain, the user,” wrote Fraser Howard, a principal virus researcher in Sophos Labs, in a blog post.
Anytime anyone calls you about anything, verify their identity. If they ask for money, re-verify their identity, and if it’s any place where you’d have an account, call them back on their public 800 line and get transferred back to whatever department supposedly called you.