Articles

Phishing Confidential - My Personal Conversation with a Scammer

Cyber Safety Cop Sunday, October 19, 2014
I had a very interesting conversation with a person who was trying to steal my money last week. I wanted to share it with you and give you some tools so that you can protect your identity and financial information from scammers.

I received a phone call from a man that sounded like it was in an overseas call center. I could hear other people in the background making calls. The man identified himself as Microsoft's Security Team with a slight Indian accent (nothing too unusual so far). He told me that they received an alert that my computer had been "hacked by an online intruder." I immediately knew that this call was bogus for several reasons: 1) Microsoft NEVER calls you, you have to call them, and 2) I don't have a PC running Windows or their Security Essentials software package. The "Microsoft Security Team Member" then asked me if I was in front of my computer. I replied, "Yes." He then asked me what key was to the right of my "Control" key on my keyboard. I knew he was asking me this to determine what kind of computer I was using. I asked the question that no phishing scammer wants to hear, "What is your call back number?"

I expected him to hang up, knowing that I was on to him. What followed was truly surprising. The helpful "Microsoft Security Team Member" persona changed, he began spewing one of the worst swearing/cussing tirade I have heard in a long time. I listened patiently. I was very interested in where this was going. After awhile I was able to interrupt him and started a very educational conversation.

I asked him if I could ask him a question, and to my surprise he said, "Okay."

I told him that I teach people how to be safe online and I was wondering if he could explain what he was trying to do. He said his basic script was to get people to believe him that their computer was taken over by a hacker, and that he could fix it. He would have them do some inconsequential things on their computer's settings or task manager and then declare that their computer was fixed. He would "update" their user information which would include the victim to provide their credit card information. He would then charge their credit card $400.00.

He said his name was Roger, and he was calling from India. I asked Roger how he felt about stealing money from people. He said he felt "bad" about it but he needed a job. He said he gets paid $200 a month and could not find a job that pays that good. I have no way of knowing if he was telling me the truth, but he did give me some chilling information that I do believe. 

I asked him on average, how often do people freely give him their credit card information. He said, "70 to 80 precent of the time." That is too high!

Basic Security Rule of Thumb:

1) Never blindly trust an unsolicited phone call or email that wants to know your personal information. Always ask for a call back number, and go to the legitimate company's website and call their customer service number to check it.

2) Never click on a link in an unsolicited email, even when the email looks legitimate. Type in the address yourself and go to the legitimate company's website.

For more tools and information on phishing and other online scams, go to the following link:

http://lifehacker.com/5420356/the-complete-guide-to-avoiding-online-scams-for-your-less-savvy-friends-and-relatives
share this page