Social Engineering by Fake and Deceiving Support Calls

We have had a lot of talk about technical things and how to protect our environment from a technical point of view, however we still need to pay more attention to social engineering techniques that intruders use to penetrate into your computers and networks because honestly there is no patch for human’s stupidity.

It might be unbelievable but there are so many hackers who call people at home or on their cell phones and ask the person if they’d need support for any issues and they introduce themselves as technical staff calling from Microsoft or any other pretty well-known corporation. You may not believe how excited people (Especially those non-technical ones always looking for support) get to receive help from somebody calling them up from heaven and wanting to help them and I get frustrated when I see how easily people are deceived and will give away their personal information such as their computer’s username and passwords or credit card information or etc. Some even very easily click on a link to download a software on their computers to receive support from the person behind the phone.

Trustworthy Computing Team at Microsoft has conducted a survey of 7000 people and realized that more than 1000 of them had received such phone calls and nearly 22 percent of them (234 people) were deceived and 184 of them even lost money. (Something around 800 USD all of them in total)

It is always really easy to deceive people and much easier than hacking into a computer system which can be pretty up-to-date with all these automatic update services running on machines. I believe there needs to be more seemless training provided to people through different types of media because not all the people read security websites to get to know about such threats. After all, to keep people’s confidential information secure on the net is the main purpose of the professionals and authorities in charge of security and in order to do so, learning is the most fundamental thing to be done.

Above said, I have some very quick tips that I want to share with you people to keep you away from such fake calls:

  • In case of such calls claiming to be from a well-known company, ask for the person’s name and phone number on the other end of the call and ask him/her if you can call him/her back. Ask him to give you the company’s phone number so that you will call the company not his direct phone… (Do not be ashamed, you just want to make sure he is the right guy)
  • Remember Microsoft will never have such support services calling you without your request for any given on-the-phone services… I’m not sure about any other companies but well as far as I can remember I have never seen any company giving such services by cold calling people.
  • Never give the guy on the other end your name, username and password of your computer or any website you are a member of, your credit card information and other confidential information.
  • Ask the person upfront if you will have to pay for this service and try to realize why that person has called you.
  • Do not click on any link on any website that the caller gives you even if it seems to be a pretty well-known trusted website.
At the end, if you feel like you will never be deceived by these fake callers, at least try to increase the awareness about such threats by letting your friends and family members know about them.
Cheers