寄件者: Jon Clay (MKT-US)
傳送日期: Tuesday, August 03, 2010 11:37:12 PM
收件者: David Perry (MKT-US); Newsbank
主旨: RE: ::NEWSBANK:: from the symantec blog....
As an FYI, we are blocking their webpages using WRS, so hopefully our customers use web reputation and try to connect to their website first before calling!!
Sr. Core Technology Marketing Manager
Technical Support Phone Scams
June 22nd, 2010
We've posted many articles discussing misleading applications and the tricks and techniques that are used to get them onto a user’s computer. Typical techniques employed include repeated, often aggressive, warnings about serious computer problems such as malware infections and system errors. Typically these warnings are fake and are used to scare the user into parting with their money in order to correct the "problems".
In recent weeks we started hearing chatter about what sounded like a new misleading application. The usual scare tactics were employed. However, instead of using applications to convince users that their computer was in trouble, this particular group was phoning users directly to tell them that they had a virus on their computer—but thankfully help was at hand. The company in question, Online PC Doctors, offers to remotely connect to your computer to clean up the infection. All for a fee of course.
At first glance, the website for this service looks pretty legitimate: www.onlinepcdoctors.com. However digging deeper, the poor English used is a bit of a giveaway that something is amiss here. We decided to look into this further and avail of their offer of assistance. I assumed the guise of a computer novice and had a clean installation of Windows XP ready for them to work their magic on.
Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, "Brian", proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there. Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though.
Brian could arrange for a "certified Microsoft technician" to fix these problems for me. They set up a remote session with my computer and proceeded to take action to "fix" it. This entailed running Checkdisk, Diskcleanup, and emptying various temp folders. Brian came back on the phone to tell me that I had a lot of malicious files on my computer and this was the source of the problems I had. To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.
In order to pay for this service I had to send them an email with my full name, address, phone number, email address, and full credit card details. I also had to write in the email that I authorized them to charge my credit card. In addition to all of this I also had to fax them a copy of my driver's license. They now had a lot of my personal details. Thankfully the information I provided was all fake, with the exception of the credit card—they made sure the payment went through while I was on the phone with them! Once the payment was made, they could proceed with cleaning up the infection. This involved clearing out the event viewer and turning off event logging so that I would no longer see any warnings in future. The technician assured me that the malware infection had now been cleaned up. At the end of the conversation they read out some small print explaining that they weren't affiliated with Microsoft in any way.
There are a lot of worrying points here. Firstly, this company had lied to me by telling me I had a malware infection. I then had to pay 129 euro for them to clean up this so-called infection. I also had to provide them with a number of personal details, including my credit card number. Unfortunately security software can't protect against this type of social engineering. If you get a call from the "Online PC Doctors", just hang up and advise your friends and family to do the same.
Check out our video to see the Online PC Doctors in action:
Many thanks to Ben Nahorney for his help in putting together this video.