Scammers try to connect me to the “Rescue Machine of Telstra”

It is a common scam for people to ring you up claiming to be from Microsoft or Telstra (or another major corporation that sounds plausible). They tell you your computer and/or internet connection has a problem, and it needs to be fixed or your internet connection will be cut off, or that something else bad will happen.

They then try to walk you through the steps to enable them to take over your computer, or install software that captures your credit card number, or a variation on these.

Microsoft has a good article on these scams.

I never get these, but M+J do on their number, quite often, and today I got to take such a call.

The man claimed to be from Telstra. The background noise of a call centre was audible (during one pause I heard another operator asking “Are you from Hyderabad?”).

I played along for a bit.

He said there was a problem with my “computer internet connection”, claimed “Telstra” had sent us a warning about it, and that we would shortly be disconnected from the internet if it wasn’t resolved.

He tried to get me to open a Windows command prompt and type ASSOC. This is something to do with file associations, no doubt as a first step to something more sinister, but at this point I told them that I was using Linux. (This was the truth — I had my old laptop in front of me, which dual-boots; I normally use Linux because it’s faster.)

At that point he said he’d transfer me to a supervisor. This took a minute or two, then a second man tried to get me to go to the Team Viewer web site and use the “Join remote control session” (eg install the Team Viewer client)…

He said I would need to connect to the “Rescue Machine Of Telstra” (very impressive-sounding — he used this phrase twice) which would provide protection for my computer.

He tried to convince me that once I connected, I would see a Telstra logo, proving it was legitimate.

Yeah right.

I moved into sceptical territory, and asked why, if as he claimed they knew all about my computer, his colleague hadn’t known I was using Linux instead of Windows.

The reply: “He’s my junior; he doesn’t know anything.” !

At this point I’d strung them along for about fifteen minutes, as I’d been interested to hear what they said, and it was quite entertaining. But I had a hot cup of tea waiting for my attention, so I terminated the call.

But no doubt some people fall for this. As the Microsoft web site notes, the consequences can be serious. They might:

Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.

Convince you to visit legitimate websites to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.

Request credit card information so they can bill you for phony services.

Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

So, be wary of any of these types of calls, and make sure your less-computer-savvy friends and relatives are also made aware.

In fact, to help limit any damage from any type of malware (be it via a phone scam, or a dodgy email, or an infected web site) it doesn’t hurt to ensure that home computers are set up so that no users have administrator access, and only an experienced computer user has the administrator password.

This week’s funniest spam email, and why a strong email password is good

I don’t normally see much spam thanks to the spam filters, but I did see this funny one a few days ago:

IMF APPROVED PAYMENT LETTER.

GOOD DAY TO YOU,

It is a great pleasure to contact you this day as i have just been appointed the new Chief of the International Monetary Fund (IMF) and on assumption in office i have seen your untreated transaction with my else while predecessor Dr Dominique Strauss Khan, i
have seen the records of all your payment made in the past to (IMF) and also have a complete files of yours here with me.

This mail is to inform you that i am here to release without any delay your outstanding contract payment of $10.7 usd as reflected here in my record to you within 24hrs from when you respond to this mail.

As i wish to inform you that there will be no fee needed for this transfer. but be informed that the only thing needed is the Affidavit of claim (AOC)of which you have to respond back to my e-mail and i will direct you to the right office for you to get the Affidavit of claim (AOC) so i advise you to get back to me as soon as you get this mail so that i can know what actually went wrong and why you weren’t paid along with others.

Re-confirm to me the followings information to enable the urgent processing of your payment.

1.Name
2.Phone,fax and cell number
3.Delivery Address.
4.Age,profession and sex.
5.Copy of ID.

Endeavor to call me as soon as you get this mail on my official number below in this mail.

Treat as top urgent.

Regards,

Dr.Mrs Christine Lagarde
Chief of the International Monetary Fund (IMF)
DIRECT E-MAIL: [email protected]

“Top urgent”! I didn’t realise the head of the IMF sent these emails out personally, and from an MSN account, but there you go.

Presumably this was sent from the IMF’s Nigerian branch office.

I can’t help thinking they meant to say $10.7 million usd — a mere $10.70 doesn’t seem like it’s going to convince many people to send in all their details.

On a more serious note, a friend of mine got his web email account hacked this week. Not only did his contacts receive an email allegedly from him, claiming he was on vacation (a term he and most Australians would never use) in Spain, had lost his wallet and his phone, only had email access, and was in desperate need of money — and could I please send funds via Western Union?

They also changed his Reply-To address slightly, so any replies were likely to go to the scammers (unless you noticed the change, which was quite subtle).

I rang him up, and he was quite definitely in Richmond, not Spain. He’s now changed his email password and Reply-To address.

It underscores the value of strong passwords, and also (if you are using a webmail provider that offers it, such as GMail) two-factor authentication — in GMail’s case, it means they confirm your logon once a month (or when you use a different computer) by sending you a text message. This means a hacker not only needs your password, they also need your mobile phone to get into your email, which makes things much safer. Here’s how to switch it on in GMail.

Domain Registry of America/Domain Renewal Group – scammers

If you have your own internet domain name, you may have come across the Domain Registry of America (DROA), also known as the Domain Renewal Group.

They’re a bunch of scammers who regularly and repeatedly send out letters which look like an invoice for a domain name, but are in fact custom advertisements for overpriced online services. If you blindly follow the form and send them money, you’ll transfer your domain name over to their registry, and pay a handsome amount for doing so — almost certainly more than you were already paying.

Domain Renewal Group scam

Their carefully worded FAQ (which is similar to the letters) tries to make out that at US$30/A$45 per year, they are cheap. They’re not. There are any number of domain registrars that will register a .com domain name for around US$10 (at the moment about A$10) per year — or even less.

So you might as well just chuck any letter from DROA into the bin.

Or, I pondered, could you go and harass them in person? You see, I noticed one of their offices is here in Melbourne: “189 Queen Street #209” — that’s US-speak for “unit 209”.

So I went along to see if I could find it.

Medina Serviced apartments, 189 Queen Street, Melbourne

I had a good look around, and couldn’t actually find number 189. There is an optometrist, which is supposedly 185-191. Next door to that is a Medina Serviced Apartments building, with no street number on it. I thought this might be number 189 (I checked later and found that it is indeed) so I went and looked inside. According to the list in the lift, there is no unit 209. There’s not even a level 2, unit 9 — levels 2-5 are the carpark. So it doesn’t seem to be there.

Little Bourke Street, Melbourne

185-191 is on a corner. I checked around the corner (in Little Bourke Street) for another entrance. I didn’t find one, but it’s notable there there’s a business centre there, though it has a Little Bourke Street number. Peeking inside the window, I did note that their letterboxes are numbered from 201, and there is a 209. I wonder if that’s them? Looks like it — a commenter here reckons he was directed from the Medina to the business centre.

So, 189 Queen Street #209 clearly doesn’t exist. Which is no surprise really — like I said, the whole thing’s a scam.