Welcome to our fully functional beta site. We welcome all comments
The Informatica blog - Authored by Claudiu Popa

‘Tis the Season for Telephone Scams

Report phone scams and fraudIf you haven’t already received a call from a ‘Microsoft Windows Center’ insisting on helping you get rid of ‘lots of hacking file in your computer’, chances are that you will, and soon.
This unfolds according to a pattern that has been in use for the past few years and begins with a long distance ring. Sometimes it’s from 19999100103, other times it’s from 02033183026 or any number of other fake Caller IDs. It’s almost always an informational message from a somewhat assertive caller indicating that your computer is spewing malware and it needs to stop.
Helpfully, they offer to work with you to clean it up, and if you’re lucky enough for the supervisor to be available, that individual will take you through the steps of liberating you of some cash in exchange for the support call, or remotely accessing your computer for further diagnosis. Either way, don’t feel too special as they account for up to 80% of all reported fraud.
They’re likely to be:
  • telling you they’re calling from a Microsoft Call Centre or from a specific nearby location
  • running eventvwr to support their claim that there are events taking place in your computer,
  • "verifying" your Windows CLSID (perhaps by running ‘assoc’ from the command line (after explaining that you need to press Winkey-R) to make sure they have "the right person".
You’ll then be invited to go to a site (such as www.support.me or www.irssupport.net but really, it could be anything as they’re created and dismantled all the time) to set up an incoming remote access connection (usually through LogMeIn or Teamviewer).
1.    Don’t stress. There’s not much you can do about it, so either have fun with them, or simply hang up.
2.    Report it to Phonebusters at http://www.antifraudcentre-centreantifraude.ca. They build statistics that track the scam and post advisories, but that’s about all they can do. This is a global scam that’s easy to pull off.
3.    Don’t panic. Although they want you to believe they can ‘see’ your computer, all they have is your name and sometimes your address, likely from a stolen database. The aforementioned CLSID is not a unique number, but a code common to different versions of Microsoft Windows.
4.    Don’t get angry. They’re only lying to you. It isn’t the first time it’s happened and it certainly won’t be the last. You’re likely talking to a hungry minion working in a call centre. The big shots are probably busy trying to extract profits from the credit cards and computer access entrusted to them by uninformed victims.
5.    Don’t bother asking for their information so you can "call them back". They're obviously going to give you a fake number or site (such as TurnerProtect.com).
6.    Understand the process. It’s simple and systematic. If this is your first exposure to social engineering, it’s a good opportunity to observe the mix of urgency, legitimacy, discipline, persistence and insistence that accompany the human connection. If the whole thing didn’t set off so many alarm bells, it would be comical.
Unfortunately more and more people are falling for it, according to recent information released by the Canadian Anti-Fraud Centre.
Ultimately, as long as you avoid doing 2 things, you will be safe:
1.    don’t visit sites, don’t run software, don’t open emails and don’t allow remote access
2.    don’t provide any real information, no credit card numbers, no accounts, no tidbits of information.
Enjoy the holidays and if you’re still shopping online, stay on the beaten path.

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on