It is a sad fact of life that as more and more business and financial transactions move online a greater number of conmen and criminals are taking advantage of this.
These people are growing more sophisticated and rely on the fact that not everyone is as tech savvy as they are.
Even if you keep all your software up to date and properly secured, the weakest security link on your network can be the human element - as we are all susceptible to social engineering to various degrees.
Those who are from older generations and did not grow up with computers tend to be most susceptible.
Recently my parents have received a number of phone calls claiming to be from their ISP and saying that there is a problem which needs to be fixed (the actual problem seems to vary).
I have an agreement with my parents where I have instructed them to pass such phone calls on to me or ask them to call back when I am around.
These scammers are so brazen that they have called multiple times.
The funny thing is they don't actually even seem to be that good at what they do but obviously they are not afraid of getting caught from halfway across the world.
I have only spoken to them a couple of times and despite them being quite obviously found out the first time it did not seem to deter them from trying again.
Here are how the phone calls went. I have tried to recall the conversation to the best of my ability but obviously it will not be exact:
Me: What seems to be the problem?
John: Sir this is John Smith. I am calling from [ISP Name Here] as you may know there are some problems with your parent's internet connection which I am calling to fix. Can you access this with a laptop or a desktop?
He doesn't really sound like a John Smith - his accent indicates he is likely calling from the Indian subcontinent. Nothing surprising about that, although the fake Western name thing has been abandoned by most legitimate companies nowadays as it just sounds dishonest.
Me: I can but I am not aware of a problem.
John: Sir there is a problem with the channels on your router [insert some technobabble gibberish that is complete nonsense here].
Me: Really that sounds serious?
John: Yes sir I will take you through the steps but I need you to log into your computer now. Do you have a laptop or a desktop? Is it a Mac or a PC?
John: OK I will need to hand you over to my colleague James who will take you through the steps on a Mac.
Pause as "John" whispers something unintelligible to "James".
James: Yes hello sir, this is James. Could you please turn your computer on?
James also has a very Indian accent - but OK maybe this place only hires people that have western names.
Me: It's already on. Do you want me to switch it off?
James: No please keep it on and log in.
Me: I'm already logged in, do you want me to log out. OK I just logged out.
James: No, no sir please log in. Can you log in now?
Me: OK I'm logged in now.
James: OK please now open your Safari browser.
Me: I can't do that.
James: Why not?
Me: I don't use Safari.
James: What browser do you use?
James: OK open Chrome then. Is the window open?
Me: OK it's open.
James: OK I need you to type in this address in the top address bar. Can you do that?
James: Please type in this address - I will spell it out - www - dot - t-e-a-m....
Me: www - dot - x-c-a-n......
So what basically proceeds is "James" trying to get me to enter the address to download the Teamviewer software so he can take over my computer and me "mishearing" the address as many times as I can.
After a while I get bored with this:
Me: OK James you are obviously an idiot. I know exactly what you are trying to do and I know exactly what Teamviewer is. I'm not going to download it and I will be passing your information on to the authorities.
James hangs up once he realises he isn't going to get what he wants.
It seems this did not scare them because my father received a few more calls and as per my instructions he told them to call back when I was around.
The second call I received was a lot shorter. Once again there was a similar spiel. This time the guy was saying there was a problem with my [ISP issued] router.
This is complete BS as my router is fine and I also don't use the ISP issued router since they are complete crap - I always buy my own and make sure it is kept up to date.
I couldn't be bothered to go through the same rigamarole as before so I straight up asked the guy on the other end for "reference number" so I could confirm he was from my ISP.
He immediately hung up.
That was yesterday and I would not be surprised if someone else from the same group rings back. They are obviously not scared of being caught.
The Modus Operandi For This Type of Scam
The basic idea for the scammer is to hope that they will get through to someone who is older and less computer literate.
They will then try to scare them by telling them there is an urgent problem that they need to fix (and they will help them to do it over the phone).
Part of this involves speaking very quickly and bamboozling the person on the other end of the phone with terms and language they don't understand.
By barking out instructions rapidly the person on the other end of the phone doesn't get a chance to think.
All they know is that there is a problem with their computer (or router) and that they are at risk unless they get it fixed immediately.
The scammer will also keep suggesting that the problem is serious and that they are at grave risk if the victim tries to resist.
They prey on people's fears and their ignorance and then use them to get the person to download a piece of software like Teamviewer.
Teamviewer is remote access software that lets you administer multiple computers remotely and is available for free - hence why scammers like to use it. Basically it allows you to completely control another computer from a distance.
It is a very useful tool when you have multiple machines but the average home user should not need to install it - further if someone else is instructing you to install it or any other software during a phone call you should be very suspicious.
Although I refused to install the software I have heard from various online sources what happens when people do comply:
Once they have installed the software the scammer will take over the victim's computer and put on a show that "fakes" some kind of malware infection.
They may then ask them to make a payment for removing it. If the person pays they will put on a show of removing it.
If the victim is very lucky that is all they will do and they will have been ripped off for removing something that likely wasn't there in the first place.
However the big risk here is that these people have taken over the person's computer and they could well have installed all kinds of software without them knowing.
This can include key-loggers and other tools for stealing their passwords and vital information so they can steal money from bank accounts etc.
Basically it is the equivalent of handing over all your information to a complete stranger who is already scamming you and hoping that they behave honourably.
How to fight this
There is no foolproof way to deal with this. The scams continue to evolve and they tend to get more sophisticated with time.
The people I dealt with were very inept and not very convincing but I can imagine there are some people who are more sophisticated.
I think it would be very difficult for these sorts of people to fool someone who is tech savvy and knows a bit about computers.
Those are not the kind of people these scammers are looking for though. They are looking for people who can use computers but aren't 100% confident with them.
Often these people will be older individuals - parents and grandparents.
I think one of the best forms of protection is to educate your parents/grandparents about these sorts of scams.
Here are some potential methods I can think of:
Instruct your parents/grandparents to tell any such callers that they do not deal with computer issues and ask them to call you or someone else who is more technically competent.
Get the full details of the problem from the person on the other end of the phone and write them down. They will normally disguise their caller ID but if not make sure you record it.
Ask them for a reference number - most legitimate calls will have one or an equivalent.
DO NOT download any software. Do not do anything on your computer. Get the details of the problem and then dig out the details for your ISP or whoever the call is meant to be from and contact them DIRECTLY yourself to discuss the phone call. You will soon know if there is a problem or not.
With most ISPS or other online services you can usually check on their website if there is a problem. They will also notify you of any issues using their internal messaging system. Do not trust emails though.
Even if you are having service issues with your ISP/other technology do not believe a phone call. I have heard stories of these calls by chance coinciding with someone actually having technical issues - don't lower your guard because of this. As far as I know it is not common for ISPs to call people when their connection goes down - these issues happen so often that it would be impossible for them to do that. Normally they wait for people to contact them. Similarly Microsoft do not call people when they are having problems with Windows. You call them.
If there is a really serious problem that needs to be fixed most legitimate companies will send out an engineer to do it. They will also be able to provide you with evidence that they are who they say they are. In cases where they won't send someone out, you might be able to pay a fee for them to do that. If they aren't helpful change your ISP/Tech service provider.
Finally if you yourself are unsure of anything discuss it with a more tech savvy friend or family member.
I'm sure there are other things I haven't thought of - please give your suggestions in the comments.
As a greater proportion of people rely on their computers for the purposes of banking, sending money and managing their finances, a greater and greater number of criminals will try to capitalise on this.
We should all be wary and on our guard for these scams. If you have older family members please make sure that you educate them about these issues.
What might seem obvious to you may not be so obvious to someone who is not as comfortable with technology.
I would be interested to hear if any of you have run across these type of scammers yourself or with family members?
Let me know in the comments.
Thank you for reading