The dangers of phishing

A cautionary tale of a very convincing fraud

One of our engineers recently received a support call from a customer who’d been caught out by a telephone call. The caller, phoning around 9.00 o’clock one morning, claimed to be from Microsoft. Our customer was understandably grateful to “Microsoft” for telephoning them to “help them” with the “problems their computer was experiencing”. Although initially sceptical, the caller “proved” who they were by confirming a so-called licence code that they quoted over the telephone, which (unbeknownst to our customer) happened to be a standard Windows code shown on all computers running Windows.

This trick gave the caller credibility in our customer’s eyes, and so they handed over complete control of their computer to the caller via a freely-available and normally perfectly legitimate online remote access system. They watched, phone in hand, as all their documents, files and emails were “scanned”. Ultimately, after over two hours, they were told that their Windows licence was corrupt. To resolve this, they were offered three payment options:

  • a one-off “for life” licence, at several hundreds of pounds,

  • a year’s licence, for around £150, or

  • a shorter-term licence for £50.

Suspicion growing once more, they were warned that if they hung up the phone then they would lose everything on their computer. At this point, they decided it best to risk the minimum charge of £50 to avoid losing their files, and handed over the details of their first credit card. The payment apparently failed to go through twice, so they then gave the caller a second card’s details, which again apparently failed.

At this point, late in the afternoon, having spent all day on the phone with someone remotely accessing and controlling their computer, having cancelled appointments and meetings to remain on this “important” call from “Microsoft”, they told the caller that they would have to contact their bank to find out why the payments weren’t going through.

Upon calling one of the two banks involved, they were told that the payments (which had been attempted multiple times) had been blocked because the bank’s automated system did not trust the transaction. They were told to immediately cut up all their cards as the bank would be issuing them with new ones.

At this point, it became clear that things were not as they had seemed. They then telephoned us for help. We found their computer in a seriously damaged state – the contents of their documents had been deleted, and their email boxes emptied. There was evidence of additional software having been installed, presumably to capture any future work done, or passwords entered, and to send this information to the perpetrators of the initial call.

With the use of sophisticated file recovery tools, and only after a great deal of time, we were able to restore the vast majority of their documents and emails. We then analysed their system for further threats, removed any suspicious programs, and increased their security settings. We also helped them change all their passwords and advised them to make further contact with their banks regarding ensuring no payments were made.

The moral of this story is simple: Microsoft will never call you to help you with a problem! Never trust anyone you don’t know to access your computer over the Internet.

If you would like help protecting your systems from such potential attacks, please do not hesitate to contact us for advice and practical support.