.

Malware via Social Engineering

<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Sat Oct 13, 2012 11:14 am

Malware via Social Engineering

Have gotten several calls from residential customers who get phone calls from scammers pretending to represent Norton or Microsoft. One woman was very scared that hackers got into her system, even though she hung up and never did anything with her PC.

The other customer fell for it. The scammer convinced her that he was from Microsoft, and that her PC was hacked. So she turned it on and went to the website he directed her to, and he established a remote session using showmypc. He then told her all her files were corrupt, and scared her by showing event log entries. Then he wanted her to go to Western Union send him $25. She refused and he hid her desktop icons, and hung up. She thought she lost everything and called me in a tearful panic.

She's all cleaned up now, and better educated about phone scams I hope.

Those of you who support end users, do you get calls like this?

I've seen videos posted by other forum members of pentesters using similar SE techniques to trick corporate users who should know better, pretending to be the Help Desk, or similar. Do you find that these sort of methods work better / faster than vulnerability scanning and exploitation? Or do you do both, and report the technical issues and the SE issues?
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sat Oct 13, 2012 1:01 pm

Re: Malware via Social Engineering

I don't have any experience to share regarding this, but this reminded me of an article I read the other day:

http://arstechnica.com/features/2012/10 ... t-scammer/
GSEC, eCPPT, Sec+
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sat Oct 13, 2012 2:07 pm

Re: Malware via Social Engineering

The audio for that IS AWESOME.
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Mon Mar 25, 2013 8:29 am

Re: Malware via Social Engineering

This is a common scam (at least in Europe) usually carried out by callcentres from India (or at least they have the accent and operate from whereever over VOIP). Haven't heared about any arrests but there have been multiple articles published in the media to warn the public.

Useless to say, this fails at some part of the population ;)
$25 seems pretty low, considering somebody will have to fetch hundreds? thousands? of these money orders.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software