Using persuasion instead of viruses: How scammers talk people into granting remote access to their computers.
Paradoxical as it may sound, a polite request is one of the simplest ways to get access to your computer. Intruders will use all sorts of pretexts — from technical troubleshooting to (ironically) cybercrime investigation. Learn what tricks they may use and why they are never to be trusted.
Fake tech support
One day you receive a phone call from someone addressing you by name and introducing themselves as a tech support specialist of a large software company. It turns out, they say, your computer has serious problems which must be dealt with urgently. For that purpose, you are to install a special utility program and give the caller remote access to your system. What could go wrong?
Well, in the best-case scenario, such “support” will perform some facsimile of troubleshooting activity and then charge you a fortune, like some shrewd folks from India did a while ago. Once remote access was established, they would install a useless piece of software on the target computer and demand to be paid for their “troubleshooting” work.
The clients of the British provider BT were not as lucky: Criminals were stealing their financial data and trying to withdraw money from their accounts. Curiously, in many cases scammers were targeting users who had really been plagued by connection problems and had previously contacted their provider for help. Sometimes the “tech support” would, for better leverage, wield their victims’ names, addresses, phone numbers and other private info.
Often enough, scammers do not call you but urge you to call them. For example, they may claim you need to renew a subscription for some of your software and then call support to help you install an update. And that’s to say nothing of the fake websites you may come across by mistake while looking for a solution to a real problem.
It’s the police, open remote access
Some scammers go even further and impersonate police officers in need of help to hunt down cybercriminals. They will claim your computer was used to send scam messages, and request access to your computer and online banking — allegedly to trap scammers. If you question their actions, they will threaten you with the consequences of disrupting the investigation.
But if you yield to pressure and allow scammers into your computer and online banking, they will effectively purge your bank account. They will play their part to the last, too, telling you over and over that the money transfer is what they need to catch the criminals.
We are from the FTC (not)
Threats aren’t the only trick scammers use — some of them trap victims with promises of easy money. Last year, the US Federal Trade Commission was a popular guise, with fake employees promising to refund any money victims spent on … fake troubleshooting services provided by a certain Advanced Tech Support company. No prize for guessing what they had to do to get paid. That’s right — just grant them remote access to your computer.
Now, the stolen money refund program did exist, but real FTC employees never called anybody. And they never demanded access to users’ devices. All they did was send written instructions to users’ e-mail addresses on how to apply for compensation.
The Federal Trade Commission did not disclose what exactly the scammers were doing when they gained access to target computers. Its employees limited themselves to a general comment about what the scammers could potentially do: trick users into useless purchases, steal personal data, or install malware on the devices.
Source: Remote access — for a scammer