By Rod Simmons, BeyondTrust
I was talking to a friend who is a pretty technical guy, and he told me about a call he got from someone posing as Dell technical support. Normally he would hang up on this type of call, but he had a couple minutes to kill and decided to toy with the caller. A few minutes into the call and his jaw almost hit the floor, because the caller knew too much information to be a classic "you have a virus" scam.
What made this call different was that the scammer offered to prove he was from Dell technical support. He was able to share the date of his last technical support call and details about what the call was for -- and surprisingly all the information was accurate. If that was not enough, they read to him his Service Tag Number and Express Service Code. All my friend could think was, "How do they know all of this?"
My friend realized this was not the normal scam call stating "this is Microsoft technical support." Companies like Microsoft and Dell never initiate support calls with their customers, so whoever was on the other end must have been using compromised information.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Now that my friend started the game with this scammer, he needed to run it to the end. He wanted to see what they wanted him to do. They walked him through looking at his system event log and said if he saw warnings or errors this was an indication his system was infected. After laughing, my friend unmuted himself and asked, "What should we do next? How many files are infected?"
Again, the scammer walked him through running commands and had him run prompt type inf virus location, which he knew would only open the INF folder. The scammer then explained that those were all the virus files he needed to delete. Trying to keep his composure and not burst into laughter, my friend again poked and said, "How do you recommend we remove the virus?"
It was at this point they tried to really infect his system. They tried to get him, from the run dialog, to type in a URL excluding the http://. This is when he started resisting their suggestions and the scammer pulled in a manager to try and convince him this would clean up the problem. He asked why the location was not a dell.com domain and they tried to assure him that this was a local computer task, similar to opening an event viewer and the folder with the virus files. At this point, he hung up.
This scam would get the vast majority of people because of the level of sophistication and personal information they revealed in order to win trust. Not to mention, they had a second person that was ready to act like a manager to try and move the scam along. I believe most of my colleagues and friends, not in the security space, would have fallen for these tactics.
This is not a story about Dell; it’s a story about stolen information. There are 80-plus million current and former Anthem customers that could fall victim to sophisticated scams based on someone using stolen information to engineer a plausible story and gain enough trust to access their data. Most people, when presented with enough identifying information from a caller, will assume the caller is legitimate.
5 Rules for Handling a Scam Call
Following are five rules I tell my friends to follow when they receive unsolicited calls by anyone purporting to be a company representative. Companies should share these rules with their employees, as well.
- Get the caller’s name and extension number and call them back, but DO NOT call the number the caller provides. Call the number on the company website, assuming this is a company with which you have a relationship.
- If you get a first and last name, try to look the caller up on LinkedIn. See if he has a profile and a history at the company he claims to be calling from.
- Treat every call as if it is a scam by asking probing questions that may or may not be true so you can gauge their response. Try to trip them up by providing false information. Remember Terminator 2: Judgment Day when the second terminator pretended to be Janelle but did not realize they provided the wrong name for the family dog.
- Ask them to call you back in five minutes. Use Google or Bing and search to see if there is any information on a scam like the one you feel could be happening. For example, a search for Dell Support Data Breach returned this article.
- Finally, listen to your inner voice and don’t be afraid to hang up.
Rod Simmons is product group manager, Privilege Identity Management, for BeyondTrust, a provider of privileged account management and vulnerability management software.