The Next Phishing Scam: Calling to Help Prevent Trouble


It starts with a telephone call from a company—let’s say Microsoft—and the caller identifies herself as a security professional who is following up on problems she has noticed through Microsoft’s remote monitoring service. This security specialist is named Tina, and she knows a lot about your system, but you’ve heard about the scams going around, so you ask for some more information.

“Oh, I certainly understand your concern,” Tina says. “Here’s my phone number and extension. Call me back to be sure.”

This seems reasonable, but as you dial you decide to dig a little deeper. You can never be too careful. Tina answers cheerfully with “Microsoft Tech Security!”

One thing you want to know is how it is that Microsoft would know about this problem, and without missing a beat, Tina explains. Any one of a number of explanations is possible, depending on how you phrase your question.

Explanation # 1:

“Whenever you have some program halt with an error, for example, Internet Explorer, you know those popup boxes that tell you what happened? Well, if you’ve ever clicked the button to send the error report, we get a copy of that. Over time, if we see a particular pattern, then that raises security issues, so we reach out to preemptively prevent what could become serious security problems for our users.”

Explanation # 2:

“We contract with Microsoft to monitor and improve security for a number of their products. You use Word, PowerPoint, and Excel, I see, and those are some of our charges.”

Explanation # 3:

“We are an independent security firm, and we get references from colleagues and contacts to perform spot checks on certain installations. Yours came up as one of these, so we’re following up to ensure that your systems are all as secure as possible.

Explanation # 4:

“Our business with Microsoft is to check by telephone with people in tech companies or other enterprises that rely on their software solutions and have them check their error logs. The security problems are so widespread that we very often find that even on random calls, people discover when they look at their logs that they have had compromises. We can help them fix these potential security holes right then and there.”

Explanation # 5:

“Your Internet provider has alerted us to abnormal activity on your network which could indicate a security issue, so we’re checking with all users to be sure that their computers are properly secured against threats.”

Let’s say that you’re not the most meticulous manager of your office computer—when was the last time you really combed through those old files and purged?—and it’s quite possible that something might have slipped your attention. Well, here’s the chance to make it all good, right? Besides, Tina has explained that you may begin to experience sudden unexplained crashes if these fixes aren’t made pretty soon. That is not something you can afford with the semester starting and all the pressure it brings.

All that Tina needs is for you to download some drivers that are missing from your Microsoft installation. These will plug the security holes that she is concerned about. And just to be sure that it’s all working properly, she needs to be able to perform a remote login, so she’ll need the administration account on your machine.

Any red flags go up yet?

Tina then asks for your credit card information so that she can clear the authorization to repair your computer. At this point, any number of alarms should have sounded.

Here’s the first. No one, ever, under any circumstances will call you from Microsoft or any other reputable company claiming to see problems on your computer. If someone does, take down the telephone number, name, the website URL for the company, and tell the caller that once you check it out, you may call back. Chances are the caller will hang up or go into some explanation that will not square with the truth.

Secondly, it is completely false that any error report sent to Microsoft or any other vendor contains contact information about you or your installation. Typically, this information is not included in error reporting—in fact this specific declaration may be in the dialog box you see when such errors occur. If someone makes this claim, it’s a good indication that he or she is scamming you.

Third, it is illegal for an Internet provider to release any information to a third party without your permission or a warrant issued by a judge. Again, a caller claiming to have found you through your ISP is lying.

Fourth, undoubtedly, you will have errors in your error logs. Any computer system may have glitches from time to time, caused through any number of normal or abnormal operations. The presence of errors in the log does not constitute proof of any security issue—it might, but that is not something that anyone on the other end of a telephone is going to be able to determine on a random call.

Fifth, anyone whom you did not specifically contact for help should ever request that you download files. If you call the NAU Solution Center, of course, then you are seeking help and you are also calling a known entity. This also applies to anyone asking to remotely connect to your computer. The Solution Center may need to do this on occasion, but they will only do so after you have made the initial contact with them to get help. They will never, under any circumstance, call you first out of the blue to gain access to your machine.

The consequences to falling for such human engineering ploys can be dire. For example, your computer may become a zombie “netbot” used remotely to send spam or relay malicious software or engage in any number of illegal activities. Your hard drive, and any drive to which you connect, may be scoured for banking or personal information, and from this identity thefts could be enabled. If you’re lucky, perhaps your machine will just crash a lot, or your hard drive will be wiped clean, but if you’re less lucky, you may be the gateway through which an intruder can infect or destroy an entire enterprise network of computers.

But let’s not dwell on dire outcomes when the solution is simple prevention. It isn’t necessary to dwell in the depths of paranoia, but be aware that crooks and liars exist on the fringes, continually searching for weak links in the security chain. No matter how carefully the technical side of computer and network security is constructed, the human element remains one of the easiest and richest avenues into systems. Any inquiries about your computer, software, network, users, and so on that you do not initiate should be treated with suspicion. There is never any problem so terrible and immediate that you must take action without first consulting Information Technology Services to help to determine the problem and the possible solutions.

And if, by some unfortunate series of events, you do feel that your system has been compromised, seek help immediately. There's no shame in it. We've all been there at sometime. If necessary, shut down and unplug your computer from the Internet. 

The easiest way, and this is good news for the lazier elements among us, is to do nothing anyone on a cold call tells you that you must do. You guard the gate.


Fall 2012
9/7/2012 12:49:16 PM