Consumers need to be wary of unsolicited PC-repair phone scam

17 Jun 2010

If someone calls you out of the blue offering to fix your computer, that isn’t good customer service – it’s a scam.

IT security companies are warning Irish consumers about receiving unsolicited calls telling them their computers have a virus and offering to repair them remotely for a price.

In recent weeks many people have been contacting reputable IT security companies to check if the offer is genuine, or posting their experiences on the discussion site Boards.ie.

“Unless you know the company you’re regularly dealing with well, such calls are bogus,” says Urban Schrott, communications manager with the antivirus firm ESET Ireland.

Robert McArdle, a virus analyst with Trend Micro, advises anyone who receives a call to treat the person as they would any other stranger.

“If someone came up to you in a café and asked you for your credit card details to fix your laptop, would you give it to them?” he says. “The second you hear the words ‘credit card’ on a call, get very suspicious very quickly.”

Several posts on Boards.ie detail how callers claim to be from “Online PC Doctors”.  A similar scam using the same company name has been reported in Australia.

There is a legitimate IT services company called Online PC Doctor, which was forced to put a disclaimer on its website distancing itself from the hoax.

How the scam works

Usually, someone claiming  to be from Online PC Doctors makes an unsolicited call to an Irish person. To make its offer seem more genuine, its website lists an Irish number which people can also call.

To find out how the scam works, researchers at Symantec’s Security Response Team in Dublin set up a dummy PC, and security operations manager Orla Cox pretended to be a regular computer user.

She called the number and discovered it is a voice over IP line originating in India.

The caller asked Cox to hang up and then he called back. “He said a virus on the internet was slowing down the machine, and then used a free tool called Log-MeIn which gives remote access to the PC,” she says.

The caller told Cox to launch the PC’s Event Viewer application and asked whether it displayed warnings or error messages. Anyone with some computer knowledge would know these messages are standard but the caller claimed they proved the PC was infected.

He first offered to clean up the virus for a subscription fee of €129, but then began to push a two-year deal costing €249.

Cox used a prepaid credit card voucher to ensure the number couldn’t be used for any other transaction if it was compromised. She also had to send an email authorising payment to Online PC Doctors to charge her credit card, and to include all of the card details in that message.

The Symantec team recorded the entire incident, while monitoring whether the dummy PC would be affected.

“We recorded it all on video to show that what they’re saying is absolute rubbish. A virus wouldn’t manifest itself in this way, and there’s no need to pay somebody to clean up your machine when there is software available to do this,” says Cox.

“They do things that, if you’re not computer savvy, look like they have made the machine run faster but in reality they don’t do anything.”

‘Social engineering’

The fake PC technician did not install rogue antivirus, keyloggers or Trojan Horse programmes while he had remote control of the PC, she adds. “It seems to be a very basic scam – it’s really just social engineering.”

However, some questions remain unanswered. For one, it’s unclear where the scammers are getting Irish numbers.

“We know they are calling mobile numbers and they know the names of people at the other end,” says Cox.

Symantec was also unable to establish whether the scammers used the credit card numbers just to get paid or if they are passing those details to other online criminals.

That is one of the potential dangers with such a scam, ESET’s Schrott warns. “Not only are you handing over control of your computer to total strangers who can copy any of your files from it, access your browsing history, get your stored passwords or banking and credit card details, you’re also handing your credit card numbers to them directly for any kind of possible abuse,” he adds.

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com