They have redirected the users to a specific website where they can pay for this "service" since their support contract has expired and once the customer has paid the funds, they complete the download of the malware and then terminate/disconnect the phone call. All in all, these types of "social engineering" attacks can be avoided by following a few easy rules.
1. Trust but verify
When someone calls you, it is okay to make them verify who they say they are. When you contact a bank or a credit card company, they always ask for different pieces of information for you to verify your identity. If a company states that they are Microsoft and have your computer under a contract, they should be able to identify your license key or product serial (without you providing that information first).
2. Treat your computer like your home
Would you let a random contractor come into your house from off the street? Would you allow him to tell you that you have a problem with your home without looking at it? Would you immediately let him do work without getting a second opinion? Well, if you said yes to any of those questions, then I have some ocean front property in North Dakota I want to sale you. All jokes aside, never let anyone use scare tactics to make you accept a service without getting a trusted source to verify/corroborate the initial assessment.
In short, if something does not seem right, it probably is not. Always follow your gut feeling when using your computer. If you did not purposely download a program, then do not install it. Remember, although a computer can be a great tool, it could be a dangerous one as well in the wrong hands.
Reference Article:
No comments:
Post a Comment