How Telephone Scams Work

We have seen hundreds of our customers affected by telephone scams, now in ever increasing numbers. Awareness that this type of criminal activity is a "thing" is the best defence. No amount of internet security software or login/password strategies work if you are using your computer under instructions from the scammer. This advice is designed to give you a heads-up as to how the typical phone scam works

The ACCC provides a lot of useful information on their ScamWatch page

It starts with a phone call

  • Typically, you receive a random phone call from the scammer, ie they have no idea who you are, they just have your number
  • There will usually be a short delay before anyone speaks
    • This is because they use computers to make the calls and when someone answers it gets assigned to one of the scammers
  • It is also possible for a message to be displayed on your computer screen suggesting you call the displayed number for support
      • These messages can pop-up at any time through ordinary browsing of the internet
      • Scammer routinely place their scam messages within paid advertising links
    • The message will specifically instruct you not to switch your computer off (because it clears the message completely)
    • If you do call the number on the screen as suggested, it is even more likely you will be scammed

The scammer will pretend be calling from a company or organisation you are familiar with

The scammer will convey a sense of urgency

  • You may be told your internet connection is about to be disconnected for several days/weeks/months
  • You may be told your internet connection is slow and they will help you make it faster
  • You may be told that "hackers" have tried to access your computer and the scammer asks for your assistance to catch them
  • You may be told that your computer is being used to send email spam
  • You will be told that you have to take action immediately (with the scammers help) there is no time to lose!

The scammer is ready for any objections and/or suspicions

  • They will have an answer for pretty much everything you ask or say
  • They may give you an Australian sounding name
    • It is no longer unusual to hear a foreign accent from a genuine support call centre which is often located overseas
  • They may give you a familiar physical location they are calling from, usually an Australian capital city
  • They may give you a genuine support number to ring where they know you will just hear a familiar recorded message
  • They will tell you they are your only support option and you must act quickly
    • They will reject any suggestion that you might call or visit your regular IT support people

The scammer will attempt to convince you that there is a problem with your computer

  • They will ask you to run one or more commands on your computer
  • They may lead you to an alphanumeric expression where they read out exactly the same expression
    • They will tell you this is the "serial number" of your computer
    • The expression they show you is the same on ALL windows computers, ie it is not all unique to your computer
    • This is a very convincing though becuasde you are left wondering how they could possibly know the expression!
  • They may lead you to a screen which displays a list of "error messages" on your computer
    • Again, these messages are on EVERY Windows computer, they vary sightly, but the list looks exactly the same
    • They will try and convince you this is prrof your computer is failing, or it is evfeidence that hackers have tried to access your computer
    • Either way, the intention is that you become more alarmed as the conversation goes on

The scammer will try and convince you to allow them to login to your computer

  • Sometimes they will state this plainly so you knowingly allow them to do this
  • Sometimes they just get you to browse to a web page and then relay the numbers on the page to the scammer
  • Either way, they will then have remote access to your computer and be able to observe and control anything you can see on the screen
    • It is at this point that most people bail out of the conversation

Once logged in to your computer the scammer may attempt to show you further proof there is a problem with your computer

  • Your mouse cursor will move by itself, windows will open and close and you will see numbers and text typed on the screen
    • Again, this is usually the first warning that the whole thing no longer seems like a good idea

The scammer will now try and relieve you of a small amount of money

  • Depending on the scam being used, they will come up with a reason for you to pay them some money
  • The pretext will be quite plausible
  • It will generally be a small sum, ie you can afford to lose it
  • It may be postage for a new modem to be sent to you to "fix" your internet connection
  • It may be a few hundred dollars for "servicing" your computer for an extended period of time

What the scammer really wants is for you to login to your internet banking while they have remote access to your computer

  • In the cold light of day, this is very alarming
  • But in the sequence described above it may seem quite a reasonable request
  • They will be very reassuring if you state any doubts or objections, after all, you can trust Telstra/Microsoft/NBNco et al
  • If you login to your internet banking while they have remote access to your computer, they will then have your banking credentials

The scammers know how the internet banking system works

  • They know that only the first internet banking payment needs authentication
  • Each subsequent payment to the same payee does not need authentication up to a certain limit (say) $5000
  • So the scammer will encourage you to authorise a small amount and then use your credentials to transfer larger sums
  • They even know how to request an increased limit for the new payee
  • Online payments above the lower limit still need an SMS authentication
  • The scammers are known to have convinced the target to tell them this code under the pretext of fixing the computer/internet etc
    • Under no circumstances ever give out an authentication code which has been sent to your phone

The scammers may ask you to go out and purchase (say) iTunes gift cards up to a certain value

  • This is requested under the pretext of "catching" the hackers
  • They will pretend to pay you a sum of money to do this
    • This seems quite reasonable because you will be using "their" money to buy the gift cards
  • Trouble is, they simply transfer money from one of your other accounts to your credit card (or vice versa)
    • They are hoping you do not notice where the money bhas come from
    • They will then show you the higher balance in your account
  • You then go out and buy as many gift cards as you can find
  • You then return and verbally advise the scammers of the code on each gift card
    • Once this is done the money is gone and cannot be retrieved
  • They will often ask you to leave them logged into your computer while you go out and buy the gift cards
    • On the pretext that they will check and remove any traces of the "hackers"

And then the scammer disappears....

  • Having successfully completed the scam and pocketed their ill-gotten gains, they just disappear
  • It is quite likely that the remote access software which was used is still installed on the computer
  • It is possible that the computer has been exposed to malware and other unwanted programs

Recommended Actions

  • Just hangup whenever you get an unsolicited call from any organisation
    • The genuine callers will find another way to contact you
    • You could state "this call looks like a scam" before you hangup
    • Don't engage in any conversation where the caller tries to convince they are not a scammer
  • If your computer has been accessed remotely as described above, switch the computer off
    • Or just pull the plug, you will not harm your computer
    • On a laptop, just depress the on/off button for approx 8 seconds to kill the power to the computer
    • Immediately contact your preferred IT support people for advice
    • Do not restart the computer until it has been professionally checked
  • If you logged into your bank account while the scammers were remotely accessing your computer
    • Contact your bank immediately
    • They will shut down your internet banking, change your passwords and wait for an all-clear report for your computer