So my Grandparents were targeted with a scam today and I thought I might write about it to raise awareness, although it is a pretty well known scam. Basically, our household was called and we were told that as a Telstra Customer one of our machines was being targeted by malicious hardware that was putting stress on the whole of Telstra's internet system and unless we sorted it out with them on one of our machines they would disconnect our internet.
1) A problem to the whole internet?
Like one malicious machine could cause problems to the whole of Telstra's internet structure. Do you know how many machines have malicious software on them? Like all of them. As in probably yours unless you virus check it regularly and don't watch porn or go onto dodgy websites. We're only human.
2) One Machine?
Like we could fix a problem like this from ONE of our own machines out of a household that has so many computers in it we might burst. It's hard enough identifying network problems ourselves with access to all of our machines, let alone fixing them with one.
3) We don't use Telstra!
Sure, they tell you that Telstra controls all of Australia's internet infrastructure but that's not true. For example, our ISP has it's own infrastructure, fibre optic cables and satellites. We have had nothing to do with Telstra since they were customer service dickwads to us a few years ago. But that's another story.
Despite my concerns I continued with the call to see how it would play out. This is the convincing bit. After throwing up a bit of a fuss he OFFERED me his name, employee number and office address in North Sydney (all fake I'm sure). Also, in my own frustrating experiences of dealing with telco companies, I have never known any telco employee to OFFER this type of information without requesting it from them. This information however really does give an air of authority, all relying on the fact that you probably won't check any of these details. The office address is pretty easy to check (just Google it), however, I could barely hear "Harry" and when I couldn't hear the exact address a second time, I let it go. This brings us to point number 4:
4) Looking out for Try-Hards
It might seem like legit info that these "employees" give you but if they give it to you too easily you should be suspicious. Also, if they do give you an address, do a quick google map search. If you want to buy time just tell them you're finding pen and paper or some other lame excuse. I did this and was gone for a good 5 mins, checking things and making phone calls to family members to see what ISP we had and they were still there when I came back. Losers.
Now it gets dodgy again (well... dodgier). They try to make it seem technical and fancy by getting you to open a program by using windows+r (btw, he's assuming you're using a windows machine and not a Mac or Linux. If this happens to anyone I would love for you to tell them that you're using Ubuntu and see what they do with that). This command, if you're unfamiliar with it, simply gets a program to run, as if you double clicked it or opened it some other way. He then asked to run Event Viewer. This is how Microsoft describes Event Viewer:
"Event Viewer is a tool that displays detailed information about significant events (for example, programs that don't start as expected or updates that are downloaded automatically) on your computer. Event Viewer can be helpful when troubleshooting problems and errors with Windows and other programs."
He got to then open Window Logs for my Applications. He then assumed I had error messages (which I didn't unless I scrolled down for an eternity). But even if I did, here's the issue with that:
5) Legit Errors
Computers log errors all the time, and the type of errors you'll find here are things like applications failing to open or launch, shutting down unexpectedly, etc. It's not uncommon and it's generally not an issue. These people are just trying to get you to find little red flags and freak out.
I continued to play along, lying that I had loads of errors and I was unsure how they could've got there and would the big brave Telstra technician please-oh-please save me, my computer and obviously the whole of Telstra's internet infrastructure! He took up the challenge, getting me to windows+r again and to try and put in a website. This is where I had had enough. It was about to get malicious. I'm not trusting a website some scammer is trying to get me onto and of which I know nothing about. So I got him to wait another 5 mins (for the lols) and then said that none of this made sense, I was with another ISP (without naming it) with its own infrastructure and while I'm sure he was legit I would not be continuing until I talked to my ISP.
Moral of the story is that these scams are surprisingly believable and effective so be aware of them. I'm lucky in that I'm pretty computer literate. My grandparents, other family members and many of my friends aren't and would probably not spot this as easily as I did or at all. There are other similar scams where these people come to your house without warning to "service" your internet, etc. Watch out for these too as they can be even more damaging (leading to property theft in addition to the usual identity theft and phising scams). Don't admit telco or other service people into your house without organising it prior to the event. Be suspicious of overly keen maintenance or tech employees: why trust people trying to get into your house when they barely come when legitimately organised. "We'll be there between the hours of 9-12?" More like "maybe this week if you're lucky."
If you are victim to one of these scams here are some things you can do:
The first step is to identify that something is a scam, using indicators and other tid-bits like I did above. If you're ever in even the slightest bit of doubt, just tell them that you won't go any further without calling your service provider. Then you can call your provider and check the legitimacy of the call / message / employee. It's a reasonable action to take, despite what they might say or threaten. Seeking the advice of family and friends who may be more knowledgeable than you is also a legitimate option. There are some great websites too that can help you identify, protect yourself against and report scams. Probably the best in Australia is SCAMwatch.
I did report this to Crime Stoppers but got the feeling that they thought I was a bit daft and that they knew this was going on already so why should I be wasting their time? Ok, they were a bit more polite than that but that was the jist of my brief conversation. If someone has tried to scam you or someone you know (successfully or unsuccessfully) I would report it to SCAMwatch first. If they didn't take anything from you (identity, money, etc) I would stop there. But, if you have had money or your identity stolen you should report it to the Police. There's usually not much they can do about it but it's worth the try. If you are victim of a "person coming to your door" scam, the police can generally do more about it as they're not hiding in other countries or behind false phone numbers and thus are more easily identified. Heck, if you could sneak a photo or number plate, that has to be worth something!
Between 2010 and 2011 "[t]he ABS found that almost 6 million people are exposed to scams and frauds during any given year, with over 800,000 falling victim in some way. The financial losses are of major concern – with almost $1 billion in losses – a good part of which will go out of the Australian economy."
- Ms Louise Sylvan
Chair of the Australian Consumer Fraud Taskforce
Scams are still effecting a huge amount of people everyday. As well as reporting any scams you may come across, it's worth passing the message around to your friends and family, particularly those who may not be as capable as spotting these scams as you are. Some scams are almost impossible to stop but by being aware of them, spreading the word and protecting ourselves as best we can reduce the effectiveness of them making those scum criminals suffer.
