Phone Call from a Hacker
Published August 14, 2015
I recently received a strange phone call from a person named David claiming to be from Microsoft in Bradley, California (red flag #1). He had an accent I couldn’t quite place, but it was so thick it made him difficult to understand.
Part of what I love about my job as an I.T. executive is thwarting criminal attempts at duping people.
I couldn’t believe my luck: I actually had a hacker on the phone, talking to me, trying to fool me into believing he was from Microsoft! Naturally, I played along.
“David” wanted to connect to my computer to “fix errors” listed in the Windows Event Viewer. He then wanted me to go to an internet address and download software on to my machine to help “fix” the issues. In reality, this software would have created a connection to the computer from the internet, behind the scenes, with the user unaware that a connection had been made. Nothing would have been displayed on the monitor or screen to indicate they were connected, and the bad guys would have quietly gained access.
When I told him I needed to check with my IT Department, "David" quickly got off of the phone.
This is called “social engineering,” and is the oldest trick in the book. In social engineering, bad guys bring a human element to their cybercrimes. They call on the phone, or the especially brazen ones may actually pay a visit to a potential victim.
This particular criminal was working to gain remote access to my machine and grab information, or encrypt files on my computer and demand ransom for them. I read about one recent example of this type of social engineering: after gaining this sort of access, the bad guys stole login information for someone’s cell phone provider, ordered themselves a new phone, and charged it to the owners account. Pretty creative, huh?
Microsoft and other reputable companies should not be contacting you directly to ask for access to your computer or personal information.
Microsoft is certainly aware that their name is often used in these types of scams, and they’ve posted advice.
When most people think of computer crimes, they think of some computer genius, staring into a screen in a dark room. Sometimes, they just pick up the phone and give you a call. What to do? Hang up, and be careful out there!