Monthly Archives: October 2014
When we first heard about the CryptoLocker malware a year ago or so, I thought, as cybercrime goes, that’s about as bad as you can get.
CryptoLocker is a very malicious form of malware: unlike a virus infection, it totally blocks access to your data but leaves your computer and your software running just fine.
Then the demand, “Pay us $300 within three days, and you’ll get your data back. Otherwise… it’s gone forever.” The $300 payment buys you the 2048-bit RSA private key needed to unscramble your encrypted data.
But, as malicious as CryptoLocker and now CryptoWall 2.0 are, there is another contender in this game of hacker warfare.
Fake support calls
Fake support scammers are the people who phone you out of the blue (whether you are on the Do Not Call register or not) and, not to mince words, scare you heck out of you spouting lies about malware on your computer.
For $200 – $300 or so, the same price point as CryptoLocker, the scammers will fix your computer, but any “fix” you get is as bad or worse then the “problem” you didn’t have in the first place.
Many people have reported that these guys don’t just call once if you fail to cough up the $300. They often call again and again, with the calls getting more insistent – outright threatening, by many reports – and with no real hope that they will stop.
Dealing with the scam
It’s easy for us to say, “But all you have to do is hang up, so this scam could never work.” But it’s also easy to see how a well-meaning but not very technically savvy user, especially someone without a network of family or friends to ask for IT help, could be scared into paying up.
Imagine the questions that worried users might ask themselves:
- Didn’t the caller say he was from Microsoft?
- Didn’t he say that a virus on my computer was attacking his company’s servers?
- Didn’t he find evidence of it in my system log, just as he predicted?
- Isn’t most computer support done over the phone and online these days?
- Isn’t this the third time he’s called, with the symptoms getting worse every time?
- Can’t you get sued for a cyberattack because you didn’t have a virus scanner?
- Won’t it end up costing $300 anyway, or even more, if I go to my local shop instead?
Demanding money with threats is what it sounds like to me, amounting to extortion or blackmail. And these guys have your phone number!
With that in mind, it’s always a good thing when fake support callers get bagged and thanks to the Federal Trade Commission (FTC), Uttam Saha and Tiya Bhattacharya, who ran a company called Pairsys in Albany, New York, have been shut down by court order.
That may not sound like much, as I’m convinced that there are still MANY other individuals and groups perpetrating this scam but in this case, the settlement with the FTC will see the scammers’ operation shuttered and their assets frozen.
Indeed, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said: ”We are pleased that the court has shut down the company for now, and we look forward to getting consumers’ money back in their pockets.”
There’s a lot of money to recover: the FTC claims that the pair have pulled in about $2,500,000 in the past two-and-a-half years.
Is it real punishment?
Of course, just giving the money back isn’t really a punishment for these 2 crooks, because they weren’t supposed to have it in the first place. It’s still a direct result for the FTC’s internet crime fighting efforts, so, “Well done, Bureau of Consumer Protection.”
The next question should be – how do you think the courts should punish fake support scammers?
Dealing with fake support calls
So if you have friends or family who have been pestered to the point of worry by fake support callers, here’s a short podcast you can tell them about. The podcast makes it clear that these guys are scammers (and why), and offers some practical advice on how to deal with them.
Avoiding fake support calls
The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite their claims, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.
Let’s look at that a bit more in detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known have an identified signature so that anti-virus programs can detect the threat and get rid of it. This is called reactive detection. Then, there are threats that are still unknown, usually new threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.
This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry’s premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for “Reactive And Proactive”. They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all tested products. The proactive score is on the X-axis, and the reactive score is on the Y-axis.
The results are not pretty. One major antivirus industry player is routinely scoring no better than 75% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by malware. Check out the test results. Click here to see the most recent graph at Virus Bulletin: You can check there how your antivirus vendor is doing also. https://www.virusbtn.com/vb100/rap-index.xml
The bad guys know this and count on it. Simply having anti-virus protection alone creates a false sense of security. It’s just as important for all employees undergo regular Internet Security Awareness Training and to enforce compliance. Just one employee in a weak moment, clicking on a phishing email, can cause untold grief, losses of hundreds of thousands of dollars, and potentially massive legal bills. Businesses and consumers definitely need both an endpoint security software solution AND education on the perils of using the internet. We use and recommend Threat Tracks VIPRE Antivirus business edition as it scores very well in the RAP tests and isn’t a resource hog negatively affecting computer performance.
Whatever Antivirus product you ultimately use to protect your computer – remember, the protection is only as good as the updated virus definitions. ALWAYS check and verify that your AV has the most up-to-date definitions to maximize your protection.