Most Internet users are familiar with those annoying pop-ups you can get when surfing online that claim you have a virus and that you need to call a phone number to get rid of it.
As most of you will know, these are scams. The pop-ups are created by cyber crooks who want you to call them so they can trick you into infecting your computer or paying for software you don’t need. (We discuss the scam here.)
And if you want to know what sort of things can happen if you do happen to call the phone number, then you may want to listen to the phone recording from William Tsing, a security professional working for antivirus company MalwareBytes. Tsing decided to call one of these numbers to see how their scam worked, which we go into below. (Tsing’s original article is here.)
Sponsored Content. Continued below...
Pretending to be an IT novice, Tsing calls the number on the phone and is greeted by the scammer identifying himself as technical support. After asking Tsing a number of questions, the first thing the scammer is keen on doing is gaining access to Tsing’s computer (Tsing is using an uninfected, test machine) using remote desktop software.
The call, which we’ve included below, lasts around 30 minutes. If you haven’t got that sort of time, we’ve broken it down underneath as to what happened…
Just after the 11 minute mark, the scammer has instructed Tsing to install remote desktop software onto the computer which now gives the scammer full control. The scammer can now remotely control the computer from his location.
Less than a minute later, the scammer has installed another piece of software onto the computer.
The scammer asks Tsing a number of questions about the pop-up he saw that contained the phone number, but Tsing uses a story that it was his son that had actually seen the message, not him.
At the 18 minute mark the scammer attempts to use some default password credentials to access Tsing’s Wi-Fi router, but the password is incorrect (Tsing wisely changed the password from the default setting.) The scammer then tells Tsing that his computer has “low security” and he should install some security software.
At the 21 minute mark, the scammer installs ToolWiz Care. This is actually a legitimate program that can scan a computer for threats. The scammer runs a scan of Tsing’s computer with this software, which finds 196 benign and harmless files it recommends removing like Registry Keys. However the scammer attempts to trick Tsing and claims these 196 files are dangerous threats (repeat: they’re not.) that need to be removed.
Sponsored Content. Continued below...
At this point, the scammer recommends to Tsing that he should purchase and install Webroot, an antivirus program. He goes through the different options with Tsing, but the noteworthy part is that the scammer attempts to charge Tsing $249 for the Webroot software, when the software is actually only $39/yr for the premium version, as Tsing points out after Googling the software.
Tsing points this out to the scammer, who proceeds to lie about what features his version contains when compared to the version Tsing pointed out on the Internet.
So in this version of the scam, the scammers are attempting to trick victims into thinking there computer is infected with malware (when it’s not) to lure them into purchasing antivirus software at an extortionate price, making the scammer a profit.
It is important to note that these scams can work in a variety of different ways. In other cases, scammers may try and install malware posing as antivirus onto a victims computer after gaining access, and subsequently demand money to remove it. Alternatively the scammers could install spyware onto the computer in order to steal the victim’s credentials for their – for example – social media or online banking accounts.
In any case, phoning the number on random pop-ups on your computer is never a good idea. If you think your computer is infected, run a full scan with your own security software or take it to a professional.