{"id":72,"date":"2016-02-10T20:04:56","date_gmt":"2016-02-11T03:04:56","guid":{"rendered":"http:\/\/www.macsrwe.com\/blog\/?p=72"},"modified":"2016-02-10T20:04:56","modified_gmt":"2016-02-11T03:04:56","slug":"tech-support-scam-booming","status":"publish","type":"post","link":"https:\/\/www.macsrwe.com\/blog\/tech-support-scam-booming\/","title":{"rendered":"Tech support scam booming"},"content":{"rendered":"

Since my most recent posting,<\/a> the number of fake virus \/ tech support scam incidents I have been called to remedy\u00a0has\u00a0ballooned.<\/p>\n

They’re persuasive:<\/strong> the client featured in my\u00a0previous\u00a0posting has since let herself be victimized by a second\u00a0scammer, despite having already been burned once. (Thankfully, no damage was done to her machine this time around).<\/p>\n

They’re persistent:<\/strong> one of the scams recently encountered by a client involved not just a standard un-dismissable\u00a0dialog box claiming that malware was present, but also an audio file blaring a loop about how “this PC” (of course, it was a Mac) “is infected with the Zeus virus! You\u00a0must\u00a0call Microsoft at this number right now!” The carnival-barker behavior resumed (and locked up her browser)\u00a0every time she launched Safari.<\/p>\n

They’re opportunistic:<\/strong> a client signed a $400 “perpetual service contract” with a Massachusetts-based tech support company after dialing (probably misdialing) a tech support number on her Verizon bill.<\/p>\n

They’re intrusive:<\/strong> the same client complained to me that, “I literally can’t turn my computer on anymore without the phone immediately ringing and some accented fellow telling me a virus has been detected on my system.”<\/p>\n

What can you do about it?<\/h2>\n

The first rule, as we mentioned in our previous posting, is that neither Microsoft, nor Apple, nor anybody else is going to call you out of the blue and say they have detected a virus on your computer. If you get such a call, hang up.<\/p>\n

This goes double for anyone who, after phoning you, tries to talk you into using “screen sharing” or “remote logon” software to let him\u00a0onto your computer. If you let any stranger\u00a0onto your computer in this fashion, it’s like handing it to him and letting him drive away — he can do anything to it he pleases.<\/p>\n

Be careful of your typing\u00a0when you type URLs into your browser bar. Through a technique\u00a0known as “typosquatting,”<\/a> a fraudster can set up websites that respond to these misspellings and then take advantage of your trust in the website you thought you were at. Similarly, it’s easy to follow an outdated link in a perfectly legitimate (but old) posting on the internet, only to find that the website that used to house that page is now owned by someone much less\u00a0legitimate, offering\u00a0phony virus warnings or fake (infected) updates\u00a0of Adobe Flash to download. If you arrive at a website to find something unexpected, examine the URL bar at the top of your browser window carefully — if it doesn’t precisely match the name of the site you thought you were going to, leave immediately.<\/p>\n

Similarly,\u00a0this technique applies to\u00a0phone numbers\u00a0as well — you can\u00a0dial a valid tech support number but use the wrong area code, and be delivered to a tech support scammer. If the support activity you\u00a0are offered isn’t what you expected from your vendor, be very skeptical.\"TrustNoOne\"<\/p>\n

The best defense is a healthy paranoia.
\nNever take any caller (that you don’t already know) at face value, and don’t believe you have malware just because some intrusive (and usually illiterate) website says so.<\/p>\n

But they’ve already set the hook<\/h2>\n

The internet is a big place, and sooner or later anyone\u00a0(even me)\u00a0will\u00a0land\u00a0on a page festooned with barbs and claws, a page he wishes he\u00a0hadn’t. What do you do then?<\/p>\n

The hallmark of most browser-based malware scams is the warning box that just won’t go away. Clicking the red X (Windows close box) does nothing; trying to close the page does nothing; trying to quit the browser either doesn’t work or works only until you re-open the browser, whereupon the same warning immediately pops up.<\/p>\n

These scams make use of JavaScript controls to disable basic\u00a0operations such as back, close, and quit; and also benefit from Safari’s default behavior of re-opening the same website that was active when Safari was closed.<\/p>\n

Though it’s tempting when faced with a dialog box you can’t dismiss, and\/or an endless audio loop screaming in your ear, don’t panic<\/strong>.\u00a0<\/em>You can defeat all this.<\/p>\n

If you can’t\u00a0simply\u00a0quit Safari, force-quit it. Hold down the “option” key,\u00a0as you click and hold on the Safari icon in the Dock, until you see a menu appear with “Force Quit,” then choose that. \u00a0Alternatively, you can choose “Force Quit” in the Apple menu (or use the key combination “command-option-esc”), then select Safari.<\/p>\n

Once you have successfully quit Safari, hold down the shift key as you\u00a0click on the Safari icon in the Dock. This will defeat the “open the most recent page” feature and stop the attack from relaunching. You can examine your History if you’re curious where you ended up and how you got there, but don’t click on any part of it or you’ll end up back there.<\/p>\n

What about the money?<\/h2>\n

If you suspect you have been duped into giving a company your credit card number to pay\u00a0for phony tech support, you may be in luck. Use the web to research the name of the company you paid and\/or the company that appears on your credit card bill, if different. If you see a reasonable consensus that these folks are scammers, contact your credit card company and ask for a chargeback on the grounds of fraud. You have several months to make such a complaint; the earlier, of course, the better.<\/p>\n

If you paid for the phony service with a debit card, check, or (heaven help us) a wire transfer, this recourse is not open to you — the best you can hope for is to be able to talk the IRS into letting you deduct that amount as an “educational expense.”<\/p>\n

If all else fails…<\/h2>\n

If after all this advice you can’t free up your machine — Mac or PC — \u00a0from a malware attack —\u00a0real or<\/em> phony — give me a call. I can sort out the real threats from the imposters\u00a0(and on the Mac side, they’re practically all imposters), and disable either kind to get you back into operation expeditiously.<\/p>\n","protected":false},"excerpt":{"rendered":"

Since my most recent posting, the number of fake virus \/ tech support scam incidents I have been called to remedy\u00a0has\u00a0ballooned. They’re persuasive: the client featured in my\u00a0previous\u00a0posting has since let herself be victimized by a second\u00a0scammer, despite having already been burned once. (Thankfully, no damage was done to her machine this time around). They’re … Continue reading Tech support scam booming<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[20,21],"class_list":["post-72","post","type-post","status-publish","format-standard","hentry","category-service","tag-malware","tag-scam"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/posts\/72","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/comments?post=72"}],"version-history":[{"count":7,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/posts\/72\/revisions"}],"predecessor-version":[{"id":80,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/posts\/72\/revisions\/80"}],"wp:attachment":[{"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/media?parent=72"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/categories?post=72"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.macsrwe.com\/blog\/wp-json\/wp\/v2\/tags?post=72"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}