By David Gracey
Today we take a trip back to Cynthia’s Corner. I hadn’t received any frantic phone calls from my mother-in-law Cynthia requesting tech help in quite a while. I was beginning to wonder if her land line was broken, when one day the caller ID on my phone displayed “Cynthia.” I answered the call with much trepidation but was relieved when I was greeted on the other end of the line by her husband, Mr. Cynthia. So picture this: Cynthia seated at her home computer yelling to Mr. Cynthia across the room (their land line cord doesn’t reach the computer desk) and Mr. Cynthia relaying “data” to me on the other end of the line. The information I was getting had me confused:
Mr. Cynthia told me Cynthia had been on the phone with Microsoft for an hour and they wanted $200 to unlock her computer and another $400 to install a firewall. At this point his antennae went up and he decided to call me. After hearing this part of the story, my Spidey senses began to tingle so I asked to speak with Cynthia directly so she could help me understand what was going on.
Cynthia launched right into it. “David, my computer files are locked up. Why don’t we have a firewall? Microsoft says I have been hacked.” Still confused I decided to dig in and ask a few basic questions. “Cynthia, back up and tell me what exactly happened.” She told me a popup screen came up telling her to call Microsoft immediately and provided the number. She called the number and the Microsoft representative told her all the files had been locked, her anti-virus software had been disabled and that they had no firewall.
Me: “So you are on the phone with Microsoft right now?”
Cynthia: “Yes, I’ve been on the phone with a woman for an hour and she’s getting a bit annoyed with me.”
Me: “Really? Did Microsoft call you?”
Cynthia: “No, I called them.”
Cynthia: “The number was on my screen. It said all my files had been locked and to call the number on the screen, which I did. She was nice at first but has been getting more agitated, especially since I told her I wanted to speak with my son-in-law first. She told me I didn’t need to call you. She also asked me lots of questions like if I did online banking or paid bills online.”
Me: “Cynthia, you aren’t speaking with Microsoft. You are talking to someone, probably in a former Soviet country, who wants to steal your money. She is a bad guy who has a special place waiting for her in the afterlife. Hang up.”
Cynthia hung up the phone and shut off the power to her computer and unplugged the Internets. Fortunately for Cynthia she doesn’t keep any pertinent data directly on her computer. Everything is in the Cloud or in her Google email. She does no online banking nor does she have any photos or documents on her computer. She was the victim of a hacker who, at some point, had installed a program on her computer giving a fake phone number to call “Microsoft.” With some basic computer skills, they created a fake splash screen message that included the Microsoft logo and official-sounding wording.
Cynthia probably received a fake email or visited a compromised website that carried a popup screen from “Microsoft.” There was no virus, only an official-looking message asking her to call Microsoft. Once “Microsoft” got on the phone, they directed Cynthia to a website that enabled the bad guy to take control of Cynthia’s computer. They encrypted her files and began trying to talk to her out of giving up her credit card information. We call this “Social Engineering,” which is the act of person-to-person contact in order to get information like banking or credit card info.
Cynthia’s computer was seven years old, so instead of trying to clean it up, everyone voted to buy her a new one. At the end of the day, no real harm was done, but it does shed light on how the bad guys are getting even more crafty. We must stay one step ahead of them.