• Insights

Anatomy of a Scam

Chris Owens

2 min read

All Insights

A new, believable scam in which “IT Support” tries to infiltrate your system.

The bait

I received a phone call on my cell from someone in a call center (I could hear multiple people in the room) with a Hartford, CT number (1.860.951.7532).

Scammer: Our servers have picked up a lot of malicious activity coming from your computer and we just want to verify a few things.

Chris (warily): Okay…

The giveaway

Scammer: Please go into Event Viewer so we can see all the errors being generated.

Many people will find this convincing and believe that their machines are compromised.

He would have had me believe that the errors were indicative of a problem with my system, which is totally false. They are full of benign events like GPO-related stuff, which is normal for a laptop. I wanted to play along though.

Scammer: I’m just going to have you go into MSConfig to validate that the malicious code has stopped a bunch of services that should be running because they are from the Microsoft Corporation, the manufacturer of your computer.

More red flags. There are dozens of services I can expect to be stopped on my laptop, like Hyper-V functionality, Internet Connection Sharing, and Fax. Those are not signs of malicious activity.

The response

Finally we got to what I was interested in: how they planned to connect to my machine and start doing something illegal. The caller had me go to the LogMeIn Support site www.support.me and provided a code. I took that code but instead of letting him connect, clicked “Report Abuse.”

Scammer: What are you seeing on your screen now?

Chris:  If you believe someone might have used LogMeIn software maliciously during your session, you should report it here.

This is where he hung up on me.

Beware of this new technique and don’t let strangers connect to your machine.