Thousands of Australians have been taken for hundreds of dollars each by cold call scammers pretending to be Microsoft but police, regulators and the software company are powerless to fight the growing problem.
The scammers, typically based in Indian call centres, cold call people claiming to be Microsoft staff informing them that their computer has a virus on it. They provide bogus evidence of a virus infection and after winning over the victim, convince them to allow the scammer remote access to their computer through an internet website.
The scammers then pretend to fix the machine and ask for a fee that is up to $400. They use a combination of high pressure sales tactics and social engineering to scare the victim into paying the fee and because victims willingly hand over their credit card details, there is little legal recourse
But the head of the NSW Police fraud squad, Detective Superintendent Col Dyson, said in a phone interview that in addition to taking payment the scammers also stole money and planted viruses on the victims’ computers.
“We’ve had quite a few people report this to us and it’s increasing all the time … you’re basically opening the door to your bank accounts to a criminal,” he said.
“We have strong indications that they’re looking at activity logs so they can pick up things like passwords and bank account details; some people’s computers have also been infected with viruses and keyloggers.
“People have had money taken from bank accounts, only because of that, it’s the only common denominator.”
This website first reported on the scam in June but since then a plethora of readers have written in to say they have been targeted.
Stuart Strathdee, Microsoft Australia’s chief security advisor, admitted the problem had grown in scale in recent months and Microsoft was receiving anywhere from two to 50 complaints a day from consumers.
“There’s a number of different organisations doing this and they’re changing their names almost constantly – we hear new names every week,” said Strathdee, who himself has been cold called by the scammers three times.
“We’ve had a number of situations where they seem to be targeting one region or one country town; I’ve got a number of examples where they’ve targeted one small town or one mining village in far north Queensland or Western Australia and things like that.”
As is common with internet crimes, Supt. Dyson said there was little police or local regulators could do to shut down the scams because the perpetrators are based overseas.
“All we can do is take the reports and liaise as closely as we can with the Indian authorities, but it’s very much up to them to investigate,” he said.
“These offenders when they do this don’t leave a very obvious trail, it takes a lot of investigation to track them down.”
Supt. Dyson said instead the police strategy was to alert the public to the scam and stress that under no circumstances should people give anyone remote access to their computer.
“People go to the trouble of having strong passwords, they have good virus protection and firewalls on their computer, but then allow remote access to someone – they’re basically allowing them into their computer without really knowing who they are,” he said.
Supt. Dyson said anyone who has allowed remote access into their computer should immediately change all of their passwords, scan their computer for viruses and, ideally, get a professional company to scan the computer as well.
Communications Minister Stephen Conroy would not comment, instead pointing to a joint statement put out by the Australian Competition and Consumer Commission and the Australian Communications and Media Authority in October this year.
When contacted, the ACCC and ACMA would not provide any new details on how they would beat the fraudsters, instead also pointing to their old statement that warned consumers to be wary about unsolicited phone calls.
The October statement said over the previous two months complaints about scam telephone calls to the ACCC and ACMA had increased significantly from 200 per month to around 2000 across the two agencies.
In September, Queensland Police also issued a warning to the public following a “dramatic increase in reports” of the fake Microsoft scam.
But the problem seems far from abating due to the scale of the problem and the inability of Australian police and regulators to charge or take action against overseas fraudsters.
Strathdee said Microsoft had reached out to one of the sites the scammers use for remote access, logmein123, which had implemented IP address filtering and examined misuse of their test accounts to prevent scammers from using the service.
“We were hoping to push them a little bit to put messaging up on their front page or their home page but they were concerned about impact on their real customers, so that’s ultimately their decision,” he said.
Asked whether Microsoft’s Indian office could take legal action against the call centres perpetrating the scams, he said “there’s a whole range of reasons why that’s much easier said than done”.
“I know that we worked with our legal teams up there quite extensively but actually proving who it is that’s doing it is extremely difficult and the way that some of these companies have set themselves up and they way they operate the scam makes it very difficult,” he said.
“There are a range of consent issues – the customer is consenting to allow the person to connect to their machine and the customer is also agreeing to a charge and providing their credit card details.”
Strathdee said any prosecution would be difficult as victims would need to have recorded the calls for use as evidence. Some havepublished recordings of the scam calls on YouTube.
The International Consumer Protection and Enforcement Network (ICPEN), which coordinates responses to global scams such as this, said in an emailed statement that “both ICPEN and other national enforcement agencies are aware of the scam that you refer to”.
However, it could not detail any specific measures taken to shut the scam down.
FedEx Spam Delivers Nasty Trojan
What’s this? Another FedEx email stating that a package was sent to me and in order to view additional information (including the tracking number) I must download the file attached to the email?
That sounds safe, right? …Wrong!
Despite malware-infested FedEx spam quickly becoming the oldest trick in the book, cybercriminals are still hell-bent on pumping it out and keeping their fingers crossed that maybe, just maybe, someone will fall for their trap and infect their computer with whatever malware they’re pushing.
It’s more than likely that someone somewhere WILL fall for these fraudulent emails – why else would spammers continue to send them? There’s a good chance that one of the recipients is actually waiting on a delivery via FedEx.
With that being said, if you see an email similar to this one arrive in your inbox, feel free to delete it without downloading the attached file:
Attached to the email is a file named, “FedEx document.zip,” which contains Trojan-Downloader.Win32.Anedl.g – which is a Trojan horse that is not to be trifled with.
Once Trojan-Downloader.Win32.Anedl.g infects your machine, it will download and install additional programs [/malware] and files onto your PC, inject malicious code into existing applications and system processes (making it difficult to remove) and modify numerous registry keys.
Therefore, if you receive a copy of this FedEx spam email, it’s recommended that you:
Avoid downloading or opening any attached files.
Delete the email immediately.
April Monthly Specials
————————————————-Hope you enjoyed reading it————————————–