Q. Someone called me from my internet provider and told me my machine needed to be fixed?

Posted on January 18, 2012 by quill

Hang up the phone immediately.  This is a scam.

(Never believe a phone caller. If your service provider really needed to contact you, you could hang up and call them back on their support phone number, which you can easily verify)

Outfits based in India are calling households claiming to be working on behalf of “your ISP” or “your service provider”. They will tell you that they have detected problems on your machine and you must fix them, or that your machine has been detected ‘making illegal downloads’ or ‘spreading viruses’.

They will then offer to fix it for you. They will either ask for a credit card right away for the fee to fix it, or they will ask you first to download some software or go to a website so that they can ‘fix’ the machine for you. They will try to convince you that this is required or you will be cut off by your service provider.

The software or website will install a virus or remote control software on your machine that allows them to disable your machine.  Then they will demand hundreds of dollars from you to ‘fix’ it.  It is blackmail.   Of course they are also free to abuse your credit  card information and to troll through your computer looking for passwords or banking information to steal.

If you have given out your credit card number, call your bank right away, explain the scam and cancel the card.

If you have downloaded any of their spyware / malware or visited their website, immediately pull out the cable that connects your machine to the internet, or turn off your wireless router.  Do not let them attach to your machine – they can’t do anything more if your machine is physically disconnected from the net.

Call your ISP or broadband service provider and report it to them, and ask for their advice. You may want to change your email address, and ask the ISP to assign you a new IP address for your broadband modem.

If they were active on your machine for any length of time, they could have downloaded private information from your machine.  If you use financial websites, or have your credit card information stored on the machine, or have other confidential logins and passwords, you may have to change all of those cards, numbers, login IDs and passwords as well. Ask your bank for advice.  Your local Better Business Bureau is also a resource for defending against frauds.

At the very least, take the time now to change all of your online passwords to something secure (a long password with a mixture of letters, numbers, Upper and lower case, and symbols if the site allows them.) Do not use the same password for every site, make them different.

Even if you were running antivirus software, by installing the software yourself, you have bypassed much of the antivirus protection. This is called a Trojan Horse attack, because you have explicitly invited the attacker in past your defenses.  Assume now that your machine is now virus / malware infected, and do not plug it back into the Internet until it is cleaned up.  Their software could ‘phone home’ to them as soon as you have a connection.

Without knowing the exact nature of the malware, you need to take a shotgun approach.  Here are instructions for removing the most common viruses

www.computer-answers.ca/2011/computer-questions/windows-questions/q-i-have-an-antivirus-message-popping-up-on-my-machine-and-it-is-not-letting-me-use-programs-or-download-antivirus-tools/

Note: ComboFix  – this powerful tool can do some damage if not used in the right situation, so it could be skipped in the first attempt

Install and enable a firewall with both incoming and outgoing detection

ZoneAlarm Firewall
www.zonealarm.com/    download free version

or Comodo Personal Firewall
personalfirewall.comodo.com/free-download.html

The malware may be a rootkit, here are additional instructions for removing one common class of rootkit

www.computer-answers.ca/2011/computer-questions/windows-questions/q-every-time-i-go-to-a-website-from-google-it-sends-me-to-some-different-website-with-advertising/

Obviously, you won’t be able to download the repair tools on your machine while it is disconnected.  Go to someone else’s computer and get the tools you need, and copy them onto a USB memory stick or burn them to a CD to bring them back to your infected machine.

Please let your friends and relatives know that these scammers are out there, and to hang up the phone (or delete the scam email without clicking on it).

More info on Scams

BBB Scam Source: www.bbb.org/canada/scam-source/

RCMP Scam and Fraud page: www.rcmp-grc.gc.ca/scams-fraudes/index-eng.htm

Canadian Anti-Fraud centre: www.antifraudcentre-centreantifraude.ca/english/home-eng.html

ABC Fraud quiz: www.abcfraud.ca/

Financial and investment fraud – BC Securities Commission:  www.befraudaware.ca/fraud-warning-signs?gclid=CKSr7uWFvrQCFQ_hQgodJ3IAMA

This entry was posted in Computer Questions and Answers, General Computer, Internet and Networking, Security, Viruses and malware and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.