Welcome to the SecAware blog

I spy with my beady eye ...

11 Nov 2010

Vishing attacks on New Zealand

A neighbour called me yesterday about a suspicious phone call she received from someone claiming that she had a problem with her PC.  The caller, who apparently sounded Indian, asked her to switch on her PC so he could help her sort it out.  Thanksfully she had the awareness to notice something amiss.  The caller mumbled who he was working for and wouldn't clarify.  When she told him she needed to verify his identity, he terminated the call .... and presumably went on to try to scam some less-savvy sucker.

The NZ government's ScamWatch site is warning of this exact scam
"Scamwatch continues to receive a steady stream of reports from consumers about out-of-the-blue phone calls from scammers wanting remote access to your computer to 'get rid of viruses' or to 'fix' your computer ... The calls, which appear to be originating overseas, ask consumers for remote access to their PC to 'see if their computer is infected'.  The scammer claims to be from an IT support helpdesk, or some have even claimed to be from Microsoft.  If you give remote access, the scammer may go on to plant malware on the computer; or go on to offer to fix the computer for a fee – paid by credit card over the phone."
The scammers are presumably using Skype or some other free VOIP service to both conceal their origins and cut their costs, hence it's known as "Vishing" - phishing by voice calls. 

The scammer knew my neighbour's name and phone number - not exactly hard to find as she is listed in the phone book, but that little piece of information was nearly enough to catch her out ("How come he knew my name?" she asked me!).

Make sure your friends, family know how prevalent these social engineering attacks are.  Forewarned is definitely forearmed.


No comments:

Post a Comment