Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Phishing attacks come in from all angles – sometimes when you least expect them…

Written by SRM

9th March 2015

Share this article

As a fairly seasoned security professional, I’ve seen a few ingenious ways of trying to separate unsuspecting members of the public from their personal data. Everything from shoulder surfing and physical tampering at ATM machines, to re-engineered PDQ terminals and pin-hole cameras in charity boxes on shop counter tops, not to mention the countless bits of Malware. Sometimes though, the old fashioned ways can be just as effective.

I took a call this morning from an International number, so I was already on alert for something out of the ordinary. The gentleman on the phone introduced himself as ‘Mark Thomas’, calling from Microsoft Customer Services in Manchester and he advised me that I had a virus on my Windows XP machine that was very dangerous. Why a Manchester telephone number would show as an international number again alerted me to something peculiar and I immediately thought of a telephone scam that was common several years ago, something I thought had died out….today I saw that it is back with a vengeance!

I did think that it was odd to quote Windows XP as the operating system, especially considering that XP stopped being supported by Microsoft in April last year. At this stage I obviously knew this was a scam but I was intrigued to see what they wanted me to do…..so I played along with it.

The caller then advised me that my Internet Service provider was BT, and they had been tracing my internet usage and had noticed a large amount of virus activity coming from my home computer. BT had allegedly reported this to Microsoft for action. It was a guess on his part but with roughly a third of the UK market, I suppose this is the default option for a scam. This was just another pointer that confirmed this to be a scam.

I was then asked to open up a command prompt and open the Windows event viewer program….which I did. I then got a rather mumbled statement loaded with garbage about how some of the security events showed virus activity, which of course they did not but to the un-initiated, they could be fooled into thinking this. At this stage, he was getting into his stride and wanted me to open up the ‘Prefetch’ folder and look at the “viruses” that are located in that folder. This is of course nonsense, as these files are only the quick start up config settings for commonly used programs.

It was at this stage that I was started to get even more intrigued and I asked a few questions about what I could do. I obviously spooked the guy and perhaps I sounded as though I knew what I was talking about, as he hung up as I was mid-sentence…….What a shame…..BUSTED!

I was hoping that I would end up being directed to a site to download some Malware or even try to get me to install Team Viewer and let them mess with my computer directly (which is what I have heard sometimes happens). I was interested to see how this scam has developed over the years.

All this goes to show that some threats come straight into your home, and are not viruses that you pick up from browsing. There are individuals out there that want to socially engineer their way into gaining control of your computer and installing ‘key loggers’ and the like. The worrying thing is that he sounded as though he was in a large call centre, so how many other operatives do they have running scams like this at any one time. I have logged this with ActionFraud on their website but I know that in reality, there is very little that can be done to stop these calls. I just hope that by engaging him for 15 minutes this morning, someone else was saved the pain of having their computer taken over and personal information stolen, deleted or even held to ransom.

So – it goes without saying but always be vigilant. You never know exactly where the next threat is coming from.

Paul Brennecker.

Paul is a Senior Security Consultant with Security Risk Management. Paul’s main area of expertise lies with PCI DSS compliance.