Anti-virus scams: be afraid, but not very afraid

Dodgy cold callers may not be after your bank details after all

Anti virus scams

Any PC user listening to BBC Radio 4 or 5 this morning would have been struck by interviews publicising Get Safe Online, a government-backed campaign to raise awareness of computer security risks.

The headline item was a warning that organised gangs from Eastern Europe are cold-calling users and inviting them to install fake anti-virus software which then harvests personal data such as credit card details, enabling identity theft and fraud on a massive scale.

Worryingly, one in every four UK users surveyed was said to have received such calls.

Both the survey results and the ID theft claims are credible. The problem is, as Get Safe Online has now acknowledged to TechRadar, they relate to two completely separate phenomena. If someone cold-calls you offering tech support, they're very unlikely to be from Eastern Europe - and while they're certainly out to get your money, they operate by much more straightforward, less sinister, and often rather farcical methods.

I know this not only from having researched the issue, but from first-hand experience.

Tech support telephone scams have been reported sporadically by users over the past few years. This summer, the Guardian reported that police had closed down several associated websites and even tracked down one of the companies allegedly involved. Its spokesperson insisted that it was in the legitimate business of selling support services, and if users were unhappy with what they got for their money, it was simply because mistakes had been made by staff.

This sounded unconvincing, but hard to disprove. So when I got a cold call at home that sounded exactly like those reported, I took the opportunity to find out what was really going on.

What malware?

Playing the role of an uninitiated user, I let the caller walk me through an hour-long process during which he gained complete control of my Windows 7 laptop (Mac and Linux users don't appear to be targeted) over the internet, claiming to show me evidence of malware infection before inviting me to buy a support contract that would enable him to "clean up" my computer.

What was notable was not so much what the caller did as what he didn't do. After instructing me how to view a perfectly normal Windows activity log, and wrongly explaining why it indicated the presence of "serious" amounts of malware (none was present), he walked me through giving him - or rather a "Microsoft certified technician" working "on another floor"- access to my computer via the remote access service LogMeIn.

This person was completely free to read any file on my system or install any spyware he pleased. He didn't do any of that. Instead, he began by creating a restore point to ensure he could return my PC to its original condition later. Then he did a search for temporary files, scrolled through the results and deleted a few.

This had, of course, absolutely no effect. It was just for show, giving the impression, to a non-technical user, that something had been done.

The remote operator also popped up a chat box into which he asked me to enter my name and address. Having established that I was clueless, he could have asked for my credit card details too, or my bank account number, or my PayPal login, but he didn't.

Support contract

After messing about for a while, he offered to take my order for a support contract on a website, The site is still there, if you want to take a look; the domain is registered to a web design company in Kolkata. This is a pretty ordinary ecommerce website and appears to be backed by a pretty ordinary call centre. It's just that the "service" it's selling is, based on my experience, worthless.

I still get two or three of these calls per week. The Kolkata accent and script are almost identical every time; the websites vary, but look similar. For what it's worth, I have yet to get a caller that sounds European, or hear of an identity theft or credit card fraud resulting from a similar call.

Tony Neate, MD of Get Safe Online, isn't surprised. "We wanted to give the whole picture, but on radio you get 30 seconds," he explained to TechRadar this afternoon. The Eastern Europe story referred to a single gang recently taken down by Soca, the Serious and Organised Crime Agency, for which Neate worked in his previous incarnation as a police officer.

Operating via webmasters who were paid to host malicious code, this criminal network netted around £2.8m from unwitting users who clicked on browser pop-ups offering anti-malware software that was, in fact, malware. Quite different, Neate confirmed, from the sub-continental phone-based operations.

Get Safe Online is right to recommend that, if you answer the phone to someone who says they're "calling about your computer", you don't let them get any further.

But if you told me you'd already allowed these people to access your system, I'd advise you not to panic. Think twice before cancelling your cards, calling the police, unplugging the modem and wiping the hard disk. Chances are, you're the victim of nothing more sinister than the online equivalent of a dodgy market stall.

Still, I'll give Tony a very sensible last word on the subject: "Don't put yourself in a position where you have to worry about it. Just hang up."

Article continues below