Computing scams and how to beat them

Features James Hunt Dec 6, 2012

James Hunt looks at some of the scams trying to get to you through your computer

The constant barrage of spam emails and barely-legitimate advertising on the Internet can make it seem like everyone’s out to trick you, and a pretty substantial proportion of those people actually are. Computers have brought many conveniences into our lives, but they’ve also made it easier for scammers, confidence tricksters and criminals to get their hooks in as well, often protected by the veil of online anonymity we’re all afforded online.

The best way to prevent yourself from becoming a victim is to be prepared. That’s why we’ve compiled this list of scams, tricks and traps that you might encounter because of your computer, whether online or offline. To give you a fighting chance, we’ll also explain the strategies you can use and preventative measures you can take to ensure that your computer – and the personal information kept on it – remains as far away from the eyes of the scammers as is possible.

Scam #1: Tech Support Calls

The tech support phone scam has been going around for over four years now, and shows little sign of letting up. Part of the problem is that the calls originate abroad, so there’s little that phone companies – or law enforcement agencies – inside the UK can do.

The scam itself is simple yet blisteringly effective: you receive a phonecall from someone purporting to represent Microsoft – or possibly some other trustworthy name in the computing industry – who claims that there is a problem with your PC; one which they will help you to fix. These problems tend to be described in generic techno-babble, and you’ll hear claims such as “We’ve received reports which indicate a high number of errors” or “evidence of virus activity”. Sometimes they tell you that their data indicates that your PC will soon fail entirely.

If you accept their ‘help’ repairing your computer, you’ll be asked to follow a set of instructions so that they can remotely correct the problem for you. In actual fact, if you follow their instructions you’ll end up installing malware that could steal your passwords and card details or be used to disable your computer entirely. What’s more, if you go through this process, you’ll then be asked to pay a couple of hundred pounds for the help – but you will at least get a ‘lifetime subscription’ to their support services. Isn’t that thoughtful?

There are no errors being broadcast, and no need to pay any money for phone support. The claims, of course, are little more than lies perpetrated by those who target the computer illiterate. Follow their instructions and you could end up in all sorts of trouble - ironically, your PC will be in worse shape than ever before. At the absolute minimum, you’ll be down a few hundred pounds for no good reason.

It’s not hard to see why this is happening. The rising popularity of call centres hosted abroad (particularly on the Indian subcontinent) means that the labour is cheap, the infrastructure is in place, and means the necessary information is available to them. Not to mention the ease with which the computer-illiterate are quick to trust those who know say they know what they’re talking about!

Much like scareware, this scam is designed to exploit people’s trust. The big difference is that where scareware asks you to trust a dialogue box that mysteriously appears on your computer, this scam asks you to trust a person. It’s a form of social engineering, which relies on people’s goodwill towards others. You can’t simply click it away like you can a dialog box, and that makes it harder to just ignore.

Naturally, Microsoft has distanced itself from the actions of these scammers, and has issued a statement on their website which specifically addresses the scam. The relevant notice is headed ‘Avoid scams that use the Microsoft name fraudulently’ and can be found online here.

How to protect yourself

Protecting yourself from this scam is easy. You just have to be aware of it. And now you are. However, not everyone is tech-savvy. If you know any computer users who might be vulnerable, make sure you warn them about these calls. If nothing else, tell them to note down the number and check with you before they do anything the caller asks them, just so they don’t get caught in any doubt.

If you pick up the phone only to find yourself the receiving end of this scam, there are also things you can do that might help the bigger picture. Don’t simply hang up – let them talk a little, take a note of any web addresses they tell you to visit, then get in touch with the relevant hosting providers to convey your concerns. Ask for the name of their company, and publicise it online. Or indeed, just string them along for no reason. After all, while they’re talking to you, at least you know they’re not out pulling the same grift on some easily-intimidated pensioner or gullible teenager.

If you (or someone you know) are taken in by the scam, there’s no need to panic. First, inform your bank so that your credit card or the bank account you paid with can be watched for unusual or suspicious activity. Next, scan your computer for malware using an appropriate piece of software, then change all of your passwords to make sure the scammers can’t get access to your private and confidential information. It's as simple as that, hopefully.

As a general rule, you should already be using your credit card for any remote purchase (i.e. one where you are not physically in a shop) because credit cards have built-in insurance - but if you pay the scammers on your debit card, it’s possible the money cannot be retrieved. Be wary of anyone requesting payment to an online payment system when other methods should be available, though. Think about it – would Microsoft really want you to pay with PayPal?

Scam #2: Social Media Phishing

Phishing started off on telephone networks and quickly spread to emails and IM with the advent of the Internet. The current popularity of social media sites like Facebook and Twitter gives scammers yet another form of communication to try and falsify. Many of us think nothing of receiving the occasional email from a social media site, so when one arrives purporting to be a notification of some kind, it’s easy to trust it.

Scammers exploit this trust by imitating emails from social media sites and sending fake notifications claiming that you’ve been friended, tagged or mentioned. Often, this will be accompanied by a message designed to set off a panic response, such as “Have you seen what this person has been saying about you?” or “I can’t believe they posted this photo of you…” – the idea being that when panicked, you’ll click first and ask questions later.

When you click the link, you normally get taken to a login screen which will hijack your details and use them to post spam messages or retrieve your contacts, and may even lock you out of your account. Some variants encourage you to download an attachment containing your message, which will actually be a zip file containing a Trojan, allowing external parties to control your PC.

How to protect yourself

One way to easily remove any doubt is to turn off all email notifications from the social media sites you regularly frequent. That way, even if you get an email that looks like one, you’ll know it’s false and can just ignore it completely.

However, if you don’t visit the sites frequently enough to make that a viable option, then the alternative is just to be vigilant. Make yourself aware of the standard protocols for dealing with Phishing: check the target of any links you plan to click on, and if in doubt, enter the website via your usual route and look for the message yourself, rather than simply believing that the email link is legitimate.

If you get stung, but still have control of your account, changing your password should be enough. If you find yourself locked out, you can try account recovery by answering your security questions, but there’s a chance whoever controls your account will have changed them as soon as they got into your account - you may be lucky, though. If that happens, get in touch with the support team and explain the situation, and they should be able to return control of your account to you.

Scam #3: Met Police Malware

One of the most common pieces of malware affecting Windows PCs over the last 6-12 months, the Ukash virus, is sometimes known as the ‘Met Police Virus’ for its prominent and fraudulent attempt to impersonate the London Metropolitan Police, but it’s also possible to encounter it in other variations which mimic everything from regional UK polices forces to the FBI.

The virus is characterised as ‘ransomware’, because it prevents access to your PC until a fee is paid for its removal. Windows loads as normal, but the login process is hijacked to display nothing but a fraudulent warning purporting to be from some law enforcement agency. It usually claims that the computer has been blocked due to the presence of illegal material (everything from copyright infringing videos to terrorist activity) and demands a fine, in Euros, to be paid through either Ukash or Paysafecard. There are two specific variants of this virus going around, one named Win32/Weelsof and another called Win32/Reveton.

The former is specifically designed to target UK computers, with the Metropolitan Police logo stating that “this computer was locked to stop your illegal activity” and making some fairly scary accusations, including the presence of child pornography, zoophilia and “emails with terrorist motives”. It then demands a penalty payment of €100 (as if that’s the fine you pay for accessing child pornography or being a terrorist). The software itself is also a Trojan that allows external users to manipulate your computer, so there’s a good chance that if you pay once, you’ll be bombarded with messages again and again.

The latter variant normally claims to be from the “Specialist Crime Directorate” and makes much milder claims (downloading and distributing copyrighted work) and quoting “Article 128” of the Criminal Code of Great Britain, which doesn’t exist. It also claims that this entitles them to fine you “two to five hundred minimal wages” or institute a “deprivation of liberty for two to eight years”. Which, of course, are common punishments you’ll be familiar with if you live in Brit... Oh no, wait... I mean they’re complete nonsense.

Quite audaciously, it can also suggest that you’re being charged with being infected by malware, and are being charged with “Neglectful Use of Personal Computer” (an offence that doesn’t exist). Pretty ballsy, that. Despite the smaller charges, this malware can ask for a fine of up to €100,000, which is clearly a completely ludicrous amount.

If you try to pay the fine, you’ll be taken to the “Police Central” website, which employs various tricks to make you think you’re being monitored, including showing an image from your webcam (if you have one). It claims to be recording, but obviously the input isn’t actually leaving your system, just being piped straight back to the screen in an attempt to scare you.
Like many scams, this one plays directly on your fear to try and extract money from you. The idea is that the prospect of fighting false accusations of criminal activity in court (a potentially life-wrecking experience) is so worth avoiding that the prospect of paying a small fine to make them go away instantly seems like a bargain – although if you pay once, chances are you’ll be targeted over and over again, since the software will still be on your system and the crooks now know that you’re gullible enough to pay!

How to protect yourself

Protecting yourself from Ukash-based malware and its variants is simply a case of having a good enough virus scanner installed. The infections tend to come via ‘drive-by’ downloads, which install the software onto your computer as soon as you visit an infected webpage. A good virus scanner will be able to prevent the drive-by installation, and indeed, may even warn you in advance of your visit to an infected page, if the browser blacklist is up to date enough.

If you’re infected, though, you have three main options, two of which are very simple. The first is to roll back your PC using Windows’ built-in system recovery features, which will restore an old version of the registry and prevent the software from running, allowing you (or a virus scanner) to easily locate and delete it. The second is to install an anti-malware program which will remove the infection for you.

However, you may also be able to remove it manually, which may be necessary if you don’t have a virus scanner available and can’t get one onto your PC due to the presence of the malware. The varying styles of infection mean it’s difficult to offer a one-size-fits-all removal solution, but the steps here should, if nothing else, allow you to determine where you should look. To access system restore manually, follow these steps:

1. Reboot your computer and enter the boot menu by tapping F8 before the Windows splash screen appears.

2. Choose ‘safe mode with command prompt’.

3. When the prompt appears, type “explorer” and hit enter. You need to be fast to do it before the ransomware screen appears!

4. If Explorer loads, type the one of following commands, depending on your OS version.

In Windows XP, type:
cd C:\windows\system32\restore\

In Windows Vista/7, type:
cd C:\windows\system32\

5. In this location, type “rstrui” and press Enter. This allows you to roll back your system.

Or you can remove the virus without rolling back by following these instructions:

1. Follow the previous steps 1-3.

2. Type “regedit” in the command prompt, then press enter.

3. In the registry editor, browse to the following key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

4. In the right-hand pane, look for the entry ‘Shell’. Right click on it and choose ‘modify’ from the context menu. Make sure it reads ‘explorer.exe’, and delete or rename any other file the registry key was pointing to (that’s the virus). Next time you reboot, the virus will not run and you can install a virus scanner.

Scam #4: Various 419s

At this point, we’re probably all familiar with the 419 scam. Even if you’ve never had a 419 email yourself, you’ve doubtlessly read the warnings or seen people joke about it on TV.
The premise is simple: you are due a large amount of money, either as inheritance or as an incentive to help someone else receive a large sum through a bureaucratic loophole. All you have to do is agree to help. And that, of course, means you have to send a little money in advance to unlock the fortune that awaits. No prizes for guessing how it ends.The average victim loses $3000 - but some have literally lost their lives chasing the promised rewards.

The name originates from the Nigerian law under which the practise is banned due to the prominent Nigerian provenance of many of these emails (although the US and UK actually originate more than Nigeria does).

Now, while you might not be taken in by this kind of trick, it’s important to realise that 419 scams are a subset of something called “Advance Fee Fraud”, where you pay a small amount of money to get a larger amount back. Few people reading this are likely to get taken in by an unsolicited email, but in some places – like social networks and dating sites – scammers will attempt to snare victims by playing a longer game, befriending them online under an assumed identity before asking for money to help release more, either through investment or fees incurred. Obviously, this money is never released, and the person you lent to will disappear soon after.

There are other, less common variants too. Some scammers hijack email accounts and ask for money from people’s friends directly with the promise that you’ll be paid back. This is normally under the pretence that they need help in an emergency (e.g. they’re stuck in a foreign city and have lost their wallet/ID, they’ve been wrongly arrested and need bail…) so don’t believe a word of things until you’ve spoken to them! Other variants include a “lottery win” which requires you to pay an initial release fee to access your millions of dollars. Again, in both cases, any money you send is gone.

How to protect yourself

Follow one simple rule: never send money to anyone you don’t know well using the Internet. Without exception. There are always more sob stories out there, and while they may look incredulous in a poorly-translated email from Nigeria, they could look very credible coming from your “online friend”, so if you find someone asking you for money, take a step back and think how well you know this person. And even if it’s someone you think you do know, double check: is it definitely them asking?

Avoiding this scam is just a case of deleting the e-mails or communication once you get them. The most obvious are in poor English, often in thundering all-caps, and full of unlikely claims.
If you do get taken in, there’s little chance of recovering your money unless the criminal is caught – and in most cases, that’s going to take some serious international detective work. It’s far better to spot straight away when things look fishy than to try to undo your actions, so keep an eye out!

Scam #5: Work From Home

If you’ve ever wondered about those “make money from home” adverts, we can tell you this: the idea of working from home is a tempting one, especially when it seems to be easy money, but it’s fairly telling that none of these adverts go so far as to say what it is you will be doing.
Respond to one of these adverts and you’ll be asked to install some software which helps with email marketing. You’ll then be paid based on the number of emails your computer sends.

Effectively, you turn your computer into a spamming node to help spammers avoid being easily blocked by their targets. You will make some money, but only at the expense of exploiting other people. If you send too many emails, you might find your Internet connection gets disabled by your ISP, or that your IP address is blocked by major servers.

Another variant of this scam uses software that serves huge numbers of adverts to the victim (i.e. you), which need to be clicked on in order to earn a micropayment of a few cents. Do this enough, and the idea is that you make a lot of money – but a daily payment limit ensures that you can’t make any serious amounts, even though you have to have the program running constantly. Any cash you make will probably be offset by electricity costs!

How to protect yourself

Again, protecting yourself is a case of not signing up in the first place. If you do, you can expect to see your computer’s performance plummet, as well as Internet speeds drop as the connection gets flooded with dodgy requests. The most unscrupulous versions might even install backdoors on your system!

Once the software’s on there, you’ll probably find it almost impossible to uninstall. If you’re lucky, a virus scanner or anti-malware program will be able to get rid of it for you – but because the software is opt-in, it may still be considered legitimate. Don’t expect the uninstall program to do the job.

If you do get tricked, a system roll-back might be able to remove the program. Keep an eye on any credit card, Paypal or bank accounts that you may have provided details for, too - it’s unlikely they’ll be abused, but not impossible.