Cyber-Criminals are targeting Sheffield Now!

In recent years, we’ve seen exponential growth in the use of technology. On the whole, we’ve embraced that, and it’s totally changed the way we live and work, in most cases for the better. However, it is unfortunate that, as the benefits have grown, so have the risks.

Today’s post is about a subject very much on the rise; cyber-crime. The risks have never been higher, but it doesn’t mean we should stop using technology, far from it. I’m one of its biggest advocates – I see on a daily basis how it makes us more efficient and make lives better. For some people, it’s the only way they keep in touch with the rest of the world.

So what's the answer?

In short, we need to be smarter and exercise more caution. It’s important to think twice before we enter those keystrokes or make that click. Many of today’s cyber-criminals run their organisations like professional enterprises, investing in people, equipment and infrastructure. They’re well organised and well financed.

What is cyber-crime?

Cyber-crime is defined as a crime in which a computer is the object of the crime or is used as a tool to commit an offence – Techopedia.

Frankly, it’s a massive subject and I could write a book on it, but today I’ll be focusing on one method of cyber-crime in particular – computer takeover scams. Mainly because I know that Sheffield, like the rest of the world is at risk. I know this because in the last few weeks, I’ve been targeted twice myself. Several of my customers living in the city have been targeted too. Fortunately, I didn’t fall for the scams but some of my customers weren’t quite as lucky.

Right now, you might be thinking, you’d never fall for a scam like this. But what I would say is, I’ve seen well educated, intelligent people fall victim to these methods. Make no mistake, the methods the scammers use are getting more sophisticated and convincing by the day.

What is a computer takeover scam?

The crime usually starts with a phone call. The caller will generally introduce themselves as a person of authority. Perhaps they’ll tell you that they’re calling from your Internet Service Provider, Microsoft or another well-known organisation. They do this, because they know most people are conditioned to respect these organisations, so are more likely to be compliant to their requests.

The first call I received was from someone claiming to be from my Internet Service Provider about a problem with my internet connection. The second caller claimed she was calling from OFCOM, and tried to tell me they’d detected hackers on my home network. One of my customers received a call where the caller claimed to be calling from the Information Commissioners Office about a problem with his broadband supplier. Another customer received a call, where the caller claimed they were calling from Microsoft because they had detected a virus on his computer.

In my case, I instantly knew that the calls were malicious. However, I decided to let them play out for a while. I was curious and wanted to know where the callers would go with this, after all the more I know about the techniques the bad guys are using, the more equipped I am to help my customers. Also, as an IT professional, I knew how far I could let it go without putting myself at risk.

Ultimately, the goal of each caller was to take control of my computer. However, they didn’t lead with this, they were clever enough to spend some time building up to it. They worked on building trust and giving their scenarios plausibility. Both callers asked me to perform different tasks on my computer. The tasks were actually harmless in themselves and they didn’t make any changes to my PC. However, I can see why some users would be really concerned when they saw the data being churned out on their computer screens, which is exactly what the cyber-criminals wanted, for their victims to feel scared and worried.

The first caller had me perform a task which generated a screen similar to this:

Cyber-Criminals are targeting Sheffield Now!

The task wasn’t harmful, and it didn’t give the caller access to my computer, but it was the point they had been building up to. The caller used the screen to try and justify their call. I can see why it could deceive some people – after all they were calling about problems with my computer, and here was a screen showing errors and warnings. The thing is, the screen was showing historical events that weren’t even an issue anymore. Whilst I know this, I’m aware many others might not.

Once this screen was up, the caller advised me that I needed to follow some instructions to resolve the matter, which started with me typing some text into the address bar on my browser. It was at this point I ended the call, because that would be when I became vulnerable, so it was no longer safe to continue.

The second call involved me performing a different task, again it was harmless in itself, but it generated a screen similar to this:

computre takeover scam

The caller asked me to count entries in the Foreign Address column, before advising me each of these entries represented a different hacker on my computer. Of course, I knew none of these entries had anything to do with a hack or a breach. It was at this point in the conversation when I was asked to visit a web address. Once again, it was where I ended the call, because I knew following this instruction would put me at risk.

How do they get access to my computer?

Once they’ve spent a little time manipulating you and building some trust, they’ll usually ask you to visit a website and download some software. This might be a website they’ve set up themselves, or even the website of a legitimate company. You might be thinking, how can I be at risk, if I visit the website of a legitimate company.

The thing is, quite often these criminals will use legitimate tools like Team Viewer or Supremo for their illegitimate activities. Once you’ve installed the software, the caller might ask you for some credentials on your screen, before using them to take control of your system. Alternatively, if it’s software they’ve had you download from their website, they might not even need you to install these. They might have you visit a website which has automatically installed some malware which gives them access to your computer.

Once they have this kind of access, not only can they see everything you do on your computer, but they have full control too, so they can install malware, spyware, or even ransomware. They could also make changes to your security configuration and leave back doors open for future attacks. They might also steal your data.

Why do they want access to my computer?

The simple answer is financial gain, they want to steal from you. The methods used will vary from victim to victim. Once the scammer has access to a computer, they’ll spend some time looking around for opportunities to exploit you before deciding on their next step.

Ultimately, the attackers preferred option is to gain access to your bank account so they can start sending payments from your account to theirs. You might think, that they wouldn’t be able to do this without your login credentials, and you’d never be silly enough to give them those. But in most cases, they wouldn’t ask you for them. A common scam is to tell you that you are entitled to some compensation, and ask you to log in to your bank account to check you’d received a payment.

They’d then display a fake screen on your computer (because they still have control of it) showing a fake payment. This is all without actually sending you the promised ‘compensation’. Whilst you’re looking at this screen, they’d be busy working away in the background making fraudulent payments from your account.

They might even have convinced you to inadvertently help with this, by providing a security code generated by your bank. It could be from a mobile phone app, text message, card reader or similar. Whilst many would be suspicious at this stage, others might not be quite so concerned, thinking it is of no use without the other credentials. However, they’re already logged into your online banking account in the background. Even if they’re not, they might well have installed a key-logger and screen recorder which has already obtained the other information they need or they will do so when you login at a later date.

Remember, these people are in no rush, they’ll wait it out until they have everything they need – they might even call you several times, asking for different information. You might even be called by different people, because just like any other organisation, different members of their workforce will have different skills, so someone else might be better equipped to exploit you.

The bank scam isn’t the only one the criminals are running, after all there are plenty of people who don’t use online banking, but there are other ways to exploit us. Many of us keep our passwords and credit card details stored in our browsers, or we might stay logged in to PayPal. Criminals can use this information to steal from us. Equally, many of us have data on our computer which could be used for identity theft.

Another technique used by criminals is to lock you out of your own computer, holding your precious documents and photos hostage until you pay a ransom fee. Of course, there are other risks, but you get the picture.

How do I avoid becoming a victim?

As with any kind of cyber-risk, the best defence is always to educate ourselves, stay vigilant and be cautious. It’s also a good idea to try and educate family members who might not be as tech savvy as we are, or might just be a little more trusting.

The first thing I would say is, never take an unsolicited caller at their word. If you receive a call from someone claiming to be from your bank, credit card company, internet provider, e-mail provider, mobile phone provider, Microsoft, Apple, Google, Government Agency or similar, then it’s a very good idea to be overcautious.

Of course, some of these organisations may have a legitimate reason to call you, but if they ask you to perform any tasks on your computer or provide any personal information, then ask yourself – does this seem like a genuine request? If you’re in any doubt whatsoever, tell the caller that you need to verify that it’s a genuine call and that you will call them back. If the call is genuine, they’ll understand. It’s really important though, to make sure you are calling the organisation on a number you can trust, so get their telephone number from the company’s official website, or from another source you are certain is genuine.

Never use a number provided by the caller, or the number they have called you from. Equally, you should also be aware, that some scammers use techniques sophisticated enough to manipulate Caller ID so it looks like they’re calling from a legitimate organisation.

The best policy really is to call the organisation back on a number that you’re 100% certain you can trust.

Here’s some takeaway messages:

An Internet Service Provider, bank, credit card company, government agency or similar should NEVER:

  • Tell you that your service or computer has been hacked
  • Try to remotely take control of your device
  • Tell you they’ve found a problem with your computer

The FFA (Financial Fraud Action) Organisation recommends the following:

  •  Be wary of any unsolicited approaches by phone offering a refund or compensation
  • Avoid letting someone you do not know have access to your computer, especially remotely
  • Do not log onto your bank account while someone else has control of your computer
  • Do not share one-time passcodes or card reader codes with anyone
  • Do not share your PIN or online banking password, even by tapping them into a telephone keypad
  • If you think you’ve received a scam call, stay calm and don’t give out any information. Remember you are in control, so if you’re unsure, just end the call immediately.

What should I do if I think I have been caught out?

If you think you’ve been compromised and someone has had access to your computer, the first thing to do is to shut your computer down. I also recommend switching off your router too if possible. This will prevent any further access to your computer and other devices on your home network until they’ve been made safe by an IT professional.

If you had credit card details stored on your system, or feel as though your bank account is at risk, contact the relevant organisation to tell them what’s happened – they’ll be able to implement the relevant stops if necessary. It’s also a good idea to change all of your passwords after such an event.

I hope this first post has been useful. Please consider subscribing using the box underneath this post. Alternatively, you can follow us on Facebook or Twitter where we’ll be sharing all new posts.

The next post will be about why you need to upgrade from Windows 7 to Windows 10, if you haven’t done so already. For more details visit Tech Hallam.

Get In Touch