Just got a phish by phone

[ianjohnson]

I just got a phone call from an offshore call center. The accent wasn’t Indian, maybe Pakistani or thereabouts?

“This is OnClick computer support, calling about a problem with your computer.”

“Okaaay”

“I can show you where the problem with your computer is.”

“Uh Huh”

“So if you will sit down at your computer…”

“Sorry, no remote access for strangers-”

“Ok bye.”
I wonder how often they get someone to let them in. People who are used to letting Dell or HP in for support my assume they are a 3rd party vendor. If these people could get leads that would let them correctly identify the brand the target bought, they could probably get a lot of success.

Can they install something that will let them get direct access later while the owner isn’t looking? If they want to root around for personal info, it might be hard to do that while the owner is watching the screen. If they want to install something that will cause the machine to participate in a botnet, it seems like a lot of trouble to do by hand what can be accomplished by virus or trojan.

What do you suppose their aim was, that is worth the time and effort of making calls?

[Defensive_Indifference]

Wow. Very interesting. You’re right that calling the victim up is a fairly labor-intensive way to install malware. My guess is that they would have gotten around to asking for a SSN to “verify your identity” or asking for a credit card to pay for their “support”. If he nets one or two credit cards this way, cold calling is probably well worth the effort.

Anyway, to answer your question, it is absolutely possible to install something that would let them have access later while you weren’t looking. They could say something like “You need to install this utility to fix the problem.” The utility, of course, would be the remote access tool.

[mhendo]

I would have stayed on the line longer and strung him out a bit, to see what they actually try to get you to do.