<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Social Engineering and Hacker Attacks

Posted by Cathie Briggette on Wed, Jan 27, 2016


Last week we received 2 phone calls from consumers in Missouri and Tennessee asking about our Techs calling them on the phone and trying to charge them from $250 to $350 to reset their passwords and fix their IP addresses, because they were unable to connect to Netflix.  Our receptionist, talked to the first person, who thank goodness hadn’t given the scammers her credit card, and explained that we did not work in Missouri, nor did our techs call consumers about broken computers.  The woman was relieved that she did not share her credit card information.  The receptionist shared this information with me and I asked her if anyone else called, please route the call to me.

The second caller was a gentleman from Tennessee, when the receptionist received his phone call, I was not available, but she got all the information from the gentleman, and I called him back to interview him on exactly what had happened.

It seemed there was a company out of New York that was using a version of NSK’s name, and calling unsuspecting consumers after they were unable to log into their Netflix account.  The company took control of their computers, and downloaded and changed services on the computers, and then acquired the consumer’s credit card information charging their credit card anywhere from $250 to $350 for a service that did not fix their computer. Nor did it reset their password for Netflix.

Security and pop upsI called the gentlemen in Tennessee and asked him to explain what happened, here is his explanation: He was trying to connect his computer to Netflix, after some time on the computer and not being able to connect, a number popped up on his screen (Pop Up), for him to call support.  The consumer dialed the number and was told that his IP address for his computer had security issues, and quite a few of the services that were running on his computer were not working correctly, and would it be okay if a tech called him back to fix the problem.  At that point a supposed technician from “NSK Tech Inc” phoned him and connected to his computer.  He didn’t really know what the person did, and he still is not able to get onto Netflix.  He was asked for a credit card which he gave the caller and received an Invoice for the amount of $249.00.

After getting the information I called Netflix and explained to them what had happened, they said they believed that the gentleman’s internet connection and computer had been hacked and would I please send all the information to their phishing site, because Netflix never charges users to reinstate their password or help them get onto their application. I sent Netflix the information and I also called the Better Business Bureau in New York and the Attorney General’s office with the information and issued a claim with the Federal Trade Commission.

Social Engineering Attacks

Our Clients are not “computer people”.  That is why they turn to us as their MSP and IT Solution provider – to not have to worry about pesky security matters.  The fact of the matter is that security is everyone’s business.  Sure we remotely monitor and back up their networks, but it is the day to day human errors in judgment that can lead to bankruptcy – level security breaches.  Aside from making sure clients have a strong security policy and response plans in place, it is our job to make them tech savvier users.  That being said this article is to educate our clients and prospects on the importance of establishing an enforceable security policy, one in which all of a business’s staff is held accountable for security. 

Microsoft has also spoken out regarding hackers and scammers calling unsuspecting consumers: They have a detailed list of best practices for users and how to respond if they believe they have become the victim of a social engineering hacker scam. 

Avoid tech support phone scams

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor NSK Inc will make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you're using.

Once they've gained your trust, they might ask for your user name and password or ask you to go to a legitimate website (such as www.ammyy.com) to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:

  •   Windows Helpdesk
  •   Windows Service Center
  •   Microsoft Tech Support
  •   Microsoft Support
  •   Windows Technical Department Support Group
  •   Microsoft Research and Development Team (Microsoft R & D Team)
  Help Microsoft stop cybercriminals by reporting information about your phone scam.

Report phone scams

Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at NSK Inc, 877-303-0480 or the Microsoft Answer Desk

How to protect yourself from telephone tech support scams

If someone claiming to be from Microsoft tech support or NSK Inc for that matter, calls you

  • Do not purchase any software or services
  • Ask if there is a fee or subscription associated with the "service." If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is one of the Techs @ NSK Inc using LogMeIn or is a legitimate representative of a computer support team with whom you are already a customer.
  • Take the caller's information down and immediately report it to your local authorities.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:malware-1

  • Change your computer's password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
  • Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
  • Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)

Note: In Windows 8, Windows Defender replaces Microsoft Security Essentials. Windows Defender runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn’t working properly or you clicked a suspicious link online or in an email message.

Learn more about Windows Defender

Will Microsoft ever call me?

There are some cases where Microsoft will work with your IT Services Provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

More information

For more information about how to recognize a phishing scam, see Avoid scams that use the Microsoft name fraudulently.

If you need help with a virus or other security problem, visit the Microsoft Virus and Security Solution Center.

To help protect against viruses and other malicious software, download Microsoft Security Essentials.

Windows 8 includes antivirus protection that’s turned on by default.


Prepare for a Disaster  5 Steps



Tags: Data Security

Subscribe to our BLOG

Recent Posts