advertisement
Facebook
X
LinkedIn
WhatsApp
Reddit

Anatomy of phone phishing: How one South African lost R7 800 to an online scam

“I received a phone call on my landline, from a lady saying she is from Microsoft and she wanted to inform me that my laptop had been invaded. She said they wanted to sort it out and then she got a man on the line who asked me a couple of questions and he then went into my computer.”

Tom Bakker is just one of an unknown many number of people who’ve lost substantial sums of money to online fraudsters. Specifically, he’s a victim of a scam which is so endemic it caused Microsoft to issue a very public warning about its use back in February

In purpose, it’s nothing more than the age old snake oil scam. Conmen dressed up as doctors who promise you riches and health, but whose medicine is worse than the disease it purports to cure. In practice, it’s relies on people’s general ignorance about how technology works.

On 3rd February, says Bakker, he received a call on his landline telephone from a woman he’d never met. She claimed she was calling from Microsoft and was calling to inform him that his laptop had been compromised and all his personal details had been lifted by online hackers.

“She didn’t explain how my laptop had been invaded but said they wanted to sort it out and then she got a man on the line.” explained Bakker. “He said he worked for a company called Global IT and asked me a couple of questions including my log in details and then went into my computer.”

“I had a Kaspersky security system on my laptop and the man said he will take it off and that gave him access to my laptop.”

The man from Global IT proceeded to ask Bakker’s for his bank account details and card sync, then told Bakker it would cost just R400 to cover his laptop for a lifetime’s virus-free guarantee. After Bakker paid up, the helpdesk operator used a remote desktop (RDP) feature to log into Bakker’s machine over the internet and take control of the computer, purportedly in order to disinfect the desktop of malware.

“Another guy came along and wreaked havoc on my laptop and when they were finished, my laptop looked normal with Microsoft icons and Microsoft security systems. I fell for it.”

Two days later, large sums of money began vanishing from Bakker’s account. At first, there was a withdrawal of R4 000. Then there was an attempt to take out an additional R4 000 and a further R3 800 in separate transaction. As the withdrawal notices came in, Baker realised something was wrong.

“I contacted my bank to do an investigation,” he says, “R3 800 was already pending for withdrawal but my bank had already blocked the other R4 000 .”

Bakker ruefully admits that he fell too easily for the scam and that he hadn’t heard of it before it happened to him. “These guys had American accents… I wouldn’t have fallen for it but because they were American, I took them seriously. I was just stupid enough to fall for everything.”

For the most part, giving over your credit card details to an unsolicited caller is enough to allow for someone to make withdrawals on your account – as appears to have happened to Bakker. But while logged into his machine, the callers also removed his security programs and installed their own malware designed to capture things like bank login details and other online passwords – all of which will be likely added to lists that are bought and sold among criminals.

In most cases, of course, the malware is designed to target PCs running Microsoft Windows, although the basics of the attack could work on anyone. Microsoft is very aware of the problem and says that it is trying to be as responsible as it can.

“There’s not much Microsoft can do,” says Natassia Badenhorst, account director for Microsoft at Fleishman Hillard. “We can’t give people their money back, but what we are doing is educating people as much as possible about this scam and how they can remove the spyware installed by the scammers on their computers to ensure they are safe, education is the key.”

As for Bakker, he’s still struggling to get his money back.

I am now waiting to see if my bank can retrieve the money that is pending,” he says, “In the meantime I’ve changed my email address and my cheque card.”

If you, or anyone you know of, have fallen victim to this scam, Badenhorst says that you can still contact Microsoft for assistance and advice. If not, you can read up on tips on how to spot this scam in our February post.

advertisement

About Author

advertisement

Related News

advertisement