Using persuasion instead of viruses: How scammers convince users to grant them remote access to their computers.
As paradoxical as it may seem, one of the easiest methods to gain access to your computer is through a friendly request.
Intruders will use all kinds of pretexts: from solving technical problems to, ironically, investigating cybercrimes. We explain what strategies they can use and why you should never trust them.
The fake technical service
One day you receive a phone call from someone who refers to you by name and introduces himself as a technical support specialist for a large software company. According to him, your computer has serious problems that require urgent solution. To this end,
You have to install a special utility program and grant it remote access to your system. What could go wrong?
Well, at best, the “tech support” will pretend to solve the problems and then charge you a fortune, like some very smart guys in India did some time ago. Once remote access is established,
They would install useless software on the victim’s computer and demand payment to remove the “problems.”
Customers of BT, a British telecommunications provider, were not so lucky: criminals stole their financial data and tried to withdraw funds from their accounts. Interestingly, in many cases,
The scammers targeted users who had been experiencing connection problems and had previously contacted their provider for help. For a better result, the “technical service team” used the victims’ names, addresses, telephone numbers and other private information.
Often,
Scammers don’t call you but rather urge you to call them. For example, they may inform you that you need to renew a subscription for some software and then you will need to call support to install an update.
And not to mention the fake websites that you may come across by mistake while looking for the solution to a real problem.
“We are the Police, grant us remote access!”
Some scammers go so far as to pose as police officers asking for help in catching cybercriminals.
They claim that someone has used your computer to send fraudulent messages and request access to it and the online banking portal, supposedly to set up scammers. If you question their actions, they will threaten you with the consequences of hindering an ongoing investigation.
But if you give in to pressure and give them access to your computer and online banking account, they will clean your accounts. They will stick with the script until the end, telling you over and over again that they need a transfer to catch the criminals.
“We are from the FTC” (Lie…)
Threats are not the only trick of scammers: some trick their victims by promising easy money. Last year, many cybercriminals in the US used the US Federal Trade Commission (FTC),
with fake employees promising to refund any money victims spent on fake troubleshooting services offered by a company called Advanced Tech Support. Guess what they had to do to get the money…. Of course, grant them remote access to your computer!
However,
The stolen money return program does exist, but FTC employees never called anyone, nor did they demand access to the devices. They simply sent instructions to users’ emails on how to request compensation.
The Federal Trade Commission did not disclose what exactly the scammers did when they gained access to victims’ computers. They only limited themselves to commenting on what they could have done: encourage users to make useless purchases, steal personal data or install malware on devices.
But who can you safely grant remote access to?
In general, you should not grant remote access to anyone. In most cases, technical support is able to resolve your issue by phone or email. The police would never “search” your computer remotely. If you are suspicious,
They will visit you in person and with a court order.
If you’ve contacted technical support from a company you fully trust because you have a problem that you can’t solve on your own and remote support is the only alternative available, perhaps you could make an exception.
But if someone calls you and asks for access to your computer, don’t expect anything good from this. Therefore:
Don’t listen to scammers or believe their threats. Just tell them “no.”
If you are alerted to suspicious activity on your computer,
Perform a scan with a trusted antivirus product to locate and neutralize malware, if any.
Record the phone numbers that call you and search them on Google: you are likely to find information about criminals on the Internet. If they are not already on the list,
you can add them to the database of scams and spam numbers. By doing so, you will alert other users of the fraud and, consequently, they will not fall into the scammers’ networks.
