‘Good morning, I is Nigel from Microsoft – you has a virus!’

By Jason McNicholas
Cyber Security Apprentice

Phone scams are one of the many ways criminals steal money from people. It can be viewed as a form of vishing (voice phishing) since they are often masquerading as a legitimate organisation (usually a respectable authority such as; Microsoft or a branch of government).

They could be claiming anything from malware found on your computer, for which you must pay to get removed, to you’re being owed a refund and all you have to do is give them your bank details – it’s just like an episode of Fonejacker.

Tech support scammers will usually make a claim that they have detected malware or claim there is a fault with your computer. This is something that Microsoft, or any other organisation, would never do.

The scam starts by informing you that an issue has been detected and that the caller needs to have access to your system in order to apply a fix. In order to do this, they will direct you to a link to download some “remote control” software (often a product called TeamViewer) to allow them to use your computer.

Once they are on your system, they have an arsenal of ways to show “all the issues” with your computer by presenting scary looking information.

One of these is to open the computer’s “event viewer” and open the “systems logs” to point out errors and warnings, stating that they are due to the issue they detected (It should be stated that it is normal to see errors and warnings in this window).

Another way is running a command called “netstat” (which shows all the services your computer is connected to) and claiming that the computer addresses shown are malicious connections – even when they are legitimate.

They also may run the “dir/s” command in the command prompt claiming that they are running a scan, what this command actually does is lists directories on the system, while this list is growing, the scammer will be typing something along the lines of “Malware detected!!! Antivirus required” (often with spelling mistakes!).

From here they’ll open a notepad and give you prices to either try and get you to pay them to fix it or buy some non-existent antivirus software. If you refuse, they will likely try to lock you out of your computer and/or become abusive and aggressive.

Many of these scammers are not overly knowledgeable in IT and simply follow a script. Some people have started using this against them in order to “reverse hack” the scammers and record it. YouTube has thousands of videos like this, however, it is likely that many are fake.

One of the most popular heroes against scammers is Kitboga, a Youtuber/Twitch streamer who calls scammers daily with the aim of wasting as much of the scammers time as possible – since the more time they spend with him, the less time they spend scamming somebody more vulnerable.

Kitboga doesn’t hack the scammers like many others as it is still illegal to do so even though they are attempting to break the law themselves.

You can find his videos at https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw
and his livestreams at https://www.twitch.tv/kitboga

Takeaway points:
• If you receive one of these calls claiming to be from a real company, you can hang up and call the company directly (using a listed number) to report it to them as verify if it was legitimate.
• Don’t try to taunt or waste their time if you don’t know what you are doing, they may cause irreversible damage to your system. Also, if they suspect you are gullible, then your details my be sent to other scammers as a potential easy target.
• Never give personal information to the scammer.
• And finally, a note to any developers of screenshare/remote connection software: it may be useful to have a warning, on download or installation, stating users should not accept/make a computer connection with anyone that has called unexpectedly.