Cybercriminals can learn a great deal about you from public source—Facebook, white page directories, Twitter, Instagram—and from these cobble together a script that can be quite convincing to the unguarded that they are receiving a call from a legitimate entity. If you are not alert to such scams from the very beginning, you might be persuaded into installing malicious software that spies on you or captures confidential data, or visiting websites that seem legitimate for entering credit card or other personal information. What's most galling about these attacks is that the criminals convince you to do it to yourself.
Here's an example of a conversation, paraphrased, that actually took place during one of these calls:
Cybercriminal (CC): Hello, Mr. Pivot. This is Serena from Microsoft tech support. We've noticed your computer is running more slowly than it should and we'd like to help you restore performance to optimal for you. Is this a good time?
Pivot: Um, yeah, sure. It did seem to be less responsive, now that you mention it.
CC: Then we called at just the right time! To be sure we're seeing things correctly, could you bring up your Windows error log? Do you know how to do that?
Pivot: Sorry, no. I'm not real tech savvy.
CC: Okay, go to your Start button, then click Control Panel. Once that's up, click Administrative Tools. Then double-click Event Viewer.
Pivot: Aha! Got it.
CC: Great! Now click the plus sign next to Windows Logs and then click System.
CC: Now in that middle pane you'll see a bunch of log entries, and I want you to scroll down through those.
Pivot: All right...
CC: Do you see and red exclamation points or yellow warning triangles.
Pivot: Not yet...oh wait! Yes, there are quite a few!
CC: This is what we were afraid of.
Pivot: Is it bad?
CC: Well, Mr. Pivot, even a few of these can corrupt your computer. And if you have more than ten or fifteen, it could well mean that your machine has been taken over by remote netbots or worse.
Pivot: Oh, that is horrible.
CC: That's why we call customers when we notice these slowdowns. I know we can help you. I'm going to turn you over to our technical advisor, Brandon. He'll guide you through it. I just want to say that you've got nothing to worry about. We deal with this all the time and we do a good job of staying ahead of the bad guys. Here's Brandon.
Pivot: Oh, thank you so much!
Brandon: Mr. Pivot? I understand you've got some malware on your computer.
Pivot: I guess so.
Brandon: Please don't worry. I'm here to get this all fixed. Now, unfortunately I see that your security software licenses are expired. Could you do something for me? Go back to your Administrative Services window and double-click System Configuration. Once it comes up, click on the Services tab.
Pivot: Okay, I'm there.
Brandon: Do you see any stopped services?
Pivot: Oh, my goodness, I see a whole bunch of them.
Brandon: Can you name the first few, please.
Pivot: Um, Application Experience, Application Layer Gateway Service, Application Identity...
Brandon: (interrupting) Okay, you can stop. You've definitely got one of the bad ones there.
Pivot: What do I do? How bad is it?
Brandon: If you're lucky, no damage is done yet, and even if there is some, we can most likely recover from it. I will need you to authorize a new security software license, however.
Pivot: Of course!
Brandon: What I'd recommend, given that you have an expired license, is to get the lifetime license which will cover you not only for this computer, but for any computer you buy in the future. It never expires.
Pivot: That makes sense. But how much is is?
Brandon: We have a pretty good deal going this month. It's only $299 for lifetime.
Pivot: That's expensive.
Brandon: Up front, I'll admit it seems like a lot of money. But imagine all the computers you'll own, and if even one gets compromised, it could cost you thousands and thousands of dollars to recover from the damage caused. Do you have homeowner's insurance or auto insurance?
Pivot: Of course.
Brandon: This is essentially the same thing, and I'll bet it's a lot cheaper than those policies.
Brandon: And this one is lifetime. Lifetime. Where else do you get that safety? At Microsoft, we want to be absolutely sure you feel secure always.
Pivot: I can see your point.
Brandon: Okay. So if you'll go to this website (gives URL) and then click the download button and let that install, we can get started. It's called TeamViewer and it permits me to clear your problems.
Pivot: Okay. (A few minutes pass)
Brandon: You'll see that I've brought up a Web page on your screen now, using TeamViewer. If you can just fill in the banking information for your PayPal account, we can get your security software activated and clean up this mess.
Pivot: Just a minute...uh...okay...I think that's it.
Brandon: Okay, once the payment clears...aha, there it is. All right. I'm going to kick off your new security package and you should be good for life!
Pivot: Wow! That's a relief.
Mr. Pivot at best is now out $299, and at worst...well, there's no limit, really.
There are any number of red flags in this conversation that should raise suspicion, and it's a good bet you've seen all of them here armed with knowledge that this is a scam. But under the psychological pressure that can come from such a call, we often don't have the objective distance to see how phony all of this is.