We have received a flurry of calls and tickets in the past few weeks, related to very personal phishing attempts.
In these instances, the computer user has received a phone call from a “friendly IT worker” who has allegedly noticed that your computer has a virus/malware/botnet and is bombarding the world with unwanted traffic. The friendly IT worker requests access to your machine to help remediate your problem and check your machine for lingering side effects.
The computer user is directed to a website to obtain a virtual connection with the IT worker; often this is Show My PC. The computer user might also be directed to another website that initiates a “drive-by download” and installs unwanted software on your machine.
The IT workers may show you a box on your screen to illustrate the number of unwanted objects on your machine, and begin their cleanup process. The cleanup process actually involves combing through your accounts and files to look for information that may further their actual goal: acquiring account passwords, learning your internet habits, gaining access to your email and contacts, etc.
Other times, the caller may show you the false evidence of problems with your machine, claim to perform IT services, and then expect payment.
First things first, be skeptical. Ask questions of the caller to ensure that they are indeed someone who should have access to your computer. The technicians at ITS do use Show My PC occasionally, and it is a valid remote connection tool, but the caller requesting access should be able to provide some basic information regarding your machine, place of employment, etc., before allowing a remote connection.
Change your passwords and check accounts. If you did allow remote access to your machine and later determined that the call was a hoax, change your online account passwords and audit those accounts. This includes email, banking/credit cards, and even social media. Check with your bank or financial advisor to determine whether you should place a fraud alert on your credit reports.
Teach others. In one scenario, a child at home accepted the phone call and was able to allow remote access to the family computer. Talk to family members, students, employees and coworkers about phishing attempts and online safety.