Remote access — for a scammer

Credit to Author: Leonid Grustniy| Date: Mon, 08 Jul 2019 10:42:15 +0000

Paradoxical as it may sound, a polite request is one of the simplest ways to get access to your computer. Intruders will use all sorts of pretexts — from technical troubleshooting to (ironically) cybercrime investigation. Learn what tricks they may use and why they are never to be trusted.

Fake tech support

One day you receive a phone call from someone addressing you by name and introducing themselves as a tech support specialist of a large software company. It turns out, they say, your computer has serious problems which must be dealt with urgently. For that purpose, you are to install a special utility program and give the caller remote access to your system. What could go wrong?

Well, in the best-case scenario, such “support” will perform some facsimile of troubleshooting activity and then charge you a fortune, like some shrewd folks from India did a while ago. Once remote access was established, they would install a useless piece of software on the target computer and demand to be paid for their “troubleshooting” work.

The clients of the British provider BT were not as lucky: Criminals were stealing their financial data and trying to withdraw money from their accounts. Curiously, in many cases scammers were targeting users who had really been plagued by connection problems and had previously contacted their provider for help. Sometimes the “tech support” would, for better leverage, wield their victims’ names, addresses, phone numbers and other private info.

Often enough, scammers do not call you but urge you to call them. For example, they may claim you need to renew a subscription for some of your software and then call support to help you install an update. And that’s to say nothing of the fake websites you may come across by mistake while looking for a solution to a real problem.

It’s the police, open remote access

Some scammers go even further and impersonate police officers in need of help to hunt down cybercriminals. They will claim your computer was used to send scam messages, and request access to your computer and online banking — allegedly to trap scammers. If you question their actions, they will threaten you with the consequences of disrupting the investigation.

But if you yield to pressure and allow scammers into your computer and online banking, they will effectively purge your bank account. They will play their part to the last, too, telling you over and over that the money transfer is what they need to catch the criminals.

We are from the FTC (not)

Threats aren’t the only trick scammers use — some of them trap victims with promises of easy money. Last year, the US Federal Trade Commission was a popular guise, with fake employees promising to refund any money victims spent on … fake troubleshooting services provided by a certain Advanced Tech Support company. No prize for guessing what they had to do to get paid. That’s right — just grant them remote access to your computer.

Now, the stolen money refund program did exist, but real FTC employees never called anybody. And they never demanded access to users’ devices. All they did was send written instructions to users’ e-mail addresses on how to apply for compensation.

The Federal Trade Commission did not disclose what exactly the scammers were doing when they gained access to target computers. Its employees limited themselves to a general comment about what the scammers could potentially do: trick users into useless purchases, steal personal data, or install malware on the devices.

To whom can one safely grant remote access?

Generally speaking, you should grant remote access to no one. In most cases, tech support reps will be able to solve your problem over the phone or through e-mail messaging. The police will never “search” your computer remotely. If you’re a suspect, they’ll visit you in person and with a warrant.

If you yourself have contacted the tech support service of a company you trust 100%, you do have a problem you cannot solve on your own, and remote access help is the only option available — then you might consider making an exception and giving a remote access permission.

But if someone calls you out of the blue and solicits access to your computer, you should never expect anything good to come out of it. Therefore:

  • Never listen to scammers and never give credence to threats — feel free to say “no.”
  • If advised about suspicious activity on your computer, scan it with a reliable antivirus product to locate and neutralize malware — if there is any.
  • Record the phone numbers calling you. Google them: You are likely to find information about the criminals on the Internet. If they’re not already listed, you may add such phone numbers to the database of scam and spam numbers. By doing so, you will alert other users to fraud in time and help them to avoid being trapped by scammers.


https://blog.kaspersky.com/feed/