Wave of scam "tech support" calls hits UK - but one expert fights back

A new wave of particularly nasty cyber-scams has his Britain - “tech support” calls, where the callers phone victims at home, pretending to be experts called in to help with a computer emergency.

The scams are expertly done - the con artists use fake websites, often working out of other countries, and make it look as if they ARE fixing a problem on your screen. Millions have fallen for such cons in Britain alone.

When “PC experts” called Dale Pearson, 34, from Worcester, they had chosen the wrong victim.

Pearson had not only already read warnings about scam calls in his local Worcestershire paper. He was also well-equipped to fight back - and an expert not only in IT, but in the “social engineering” tricks used by cybercriminals.

Pearson says, “I thought, ‘This is funny - they never call me,’ then I thought I can set up a fake machine, record what they do on video, and maybe warn others of what it looks like - so they can check their credit cards if they’ve had a call like this.”


                               [New cyber-threat to shoppers from tills that 'steal']


The scams are highly profitable - with 15% of Britons having fallen victim, and 22% handing over credit card details, according to Microsoft research.

Pearson recorded the entire call - and what was really happening on his machine, as a hacker installed software while a smooth-talking ‘expert’ kept him calm.

“There were three of them,” says Pearson, whose blog Subliminal Hacking often deals with the tricks used by cybercriminals. “The first guy, I call the Convincer. He tries to hook you in, make you believe there’s a problem. I had to keep him talking -  I connected him to a “virtual computer”, a fake test version running on a real PC, and a fake computer address in Manchester. Then I told him I was ready.”

“The second guy who came on the line, I could hear he was more experienced at ‘social engineering’ - convincing you it was all legit,” Pearson says. “Then there’s a third guy you never see, the hacker who goes into your PC.”

On the ‘virtual PC’ he had set up, Pearson was able to watch what the criminals were actually doing.

"Most people think they’re just after your credit card details,” says Pearson, “But there’s three parts to the scam. When they ‘fix’ the problem, they get full access to the machine - and that stays there, for them to use later.”

“They actually asked me, during the call, whether I did online banking, whether I shopped online,” Pearson said. “Even if I had not handed over my card number, they could have installed a keylogger - spy software to steal card details, which they can sell on.”

Pearson says that while such criminals might ask for £200 for an expired warranty, that is not all that their victims will lose. Norton Antivirus by Symantec offers some advice on how to deal with such scams in a blog post here.

As the criminals “fixed” Pearson’s PC, they warned him not to reinstall Windows, or the problems would return - actually a way, Pearson says, to ensure their malicious software stayed on his PC.

Pearson videoed the entire encounter, to show how the scam works. He finally typed on screen that he knew they were stealing information.

“The guy who was the Convincer was on the phone straight away, saying that they were a reputable company, and getting quite irate. But they still thought they had got inside my PC, when they hung up.

“They said I’d regret doing this,” said Pearson, “If it had been a real machine, they would have been right - they could have destroyed or locked up my files, anything. But it wasn’t. I gave the numbers they used to the paper, and put them on my blog - I hope it helps others realise they’re being scammed.”

Orla Cox of Symantec’s advice is simple - “Hang up.” Reputable companies won’t contact PC users this way. Microsoft advises users to be suspicious of all unsolicited calls - and never to hand over personal information or bank details, or visit websites, type in details or install software.