During my upcoming DerbyCon talk, I will be going into detail on user security education and defensive methodologies. I will be posting more about this after my talk, but for this post I want to focus on how much you care about your users security on their personal systems. Yes, I know, you are not their tech support and you are tired of getting asked why they have a virus when they only downloaded pirated software, music, and they click on every link that they see. However, your defense at the office is best implemented when your users have a security awareness of how to stay safe while they are online.
Krebs just posted an article about an uptick in technical support phone call scams. Now some of you may just read that, realize it would never work on you, and close the article. However, have you thought of how many of your users would find this information useful? Did you do anything about it? Do you show the users that you actually ‘care’ about their home systems, and the systems of their friends and loved ones?
Showing that you care by sharing is a simple and easy way to get your users more in tune with your security practices. Here is an email I sent to our employees this morning in response to Kreb’s article. It doesn’t take much, and I’ve already received several “thank you” messages showing their appreciation for my concern. Feel free to copy, change, and use!
Sent: Friday, August 03, 2012 6:45 AM
Subject: Tech Support Phone Call Scams
Have you ever had someone call you to tell you that they detected malware, a virus, or trojan on your computer? Well there have been several people reporting lately that there is a huge increase in tech support phone call scams. Here is how they work. Bad guy calls you and tells you that they are from “Windows Helpdesk” and they have detected that your system is infected with a virus. They just need you to download some software so they can “help” you remove it from your system. So, you download the application, they connect, and they tell you that you do indeed have a virus and they would be happy to remove it for you… for the low, low price of $49.95.
Now, I know some of you scoff at this and think it won’t be that successful. Well, they are making a fortune with this. They are targeting seniors who are not as technically adept and are “afraid” of viruses. Little do they know that the program that they download for the tech support is a remote control application that allows the bad guys connect to their system at any time. Their computer may have been virus free until they downloaded the application.
If you have loved ones and friends that may not be as technically adept, please have them visit http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx. Microsoft has listed some things to watch out for with a tech support call. The biggest thing is, if they ask for money it’s not Microsoft! I have also posted a copy of this on the bulletin board that you can make a copy of to hand out.
If you believe your computer is infected, or are not sure if the technician is legitimate, turn off your computer and feel free to contact our Information Systems department here. Be sure to keep the phone number that called you, and as much information as you can. We can quickly tell you if this was legit or a scam.
Here are some great points from the attached bulletin:
- Do not purchase any software or services.
- Ask if there is a fee or subscription associated with the “service”. If there is, hang up.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team of whom you are already a customer.
- Take the caller’s information down and immediately report it to your local authorities.
- Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
Be safe out there. The bad guys are stepping up their game in hoping to con you into giving your hard earned money away.