It starts with a telephone call from a company—let’s say
Microsoft—and the caller identifies herself as a security professional who is
following up on problems she has noticed through Microsoft’s remote
monitoring service. This security specialist is named Tina, and she knows a lot about your system, but you’ve heard about the scams going around,
so you ask for some more information.
“Oh, I certainly understand your concern,” Tina says. “Here’s my
phone number and extension. Call me back to be sure.”
This seems reasonable, but as you dial you decide to dig a
little deeper. You can never be too careful. Tina answers cheerfully with
“Microsoft Tech Security!”
One thing you want to know is how it is that Microsoft would
know about this problem, and without missing a beat, Tina explains. Any one of
a number of explanations is possible, depending on how you phrase your
Explanation # 1:
“Whenever you have some program halt with an error, for example,
Internet Explorer, you know those popup boxes that tell you what happened?
Well, if you’ve ever clicked the button to send the error report, we get a copy
of that. Over time, if we see a particular pattern, then that raises security
issues, so we reach out to preemptively prevent what could become serious
security problems for our users.”
Explanation # 2:
“We contract with Microsoft to monitor and improve security for
a number of their products. You use Word, PowerPoint, and Excel, I see, and
those are some of our charges.”
Explanation # 3:
“We are an independent security firm, and we get references from
colleagues and contacts to perform spot checks on certain installations. Yours
came up as one of these, so we’re following up to ensure that your systems are
all as secure as possible.
Explanation # 4:
“Our business with Microsoft is to check by telephone with
people in tech companies or other enterprises that rely on their software
solutions and have them check their error logs. The security problems are so
widespread that we very often find that even on random calls, people discover when they look at their logs that they have had compromises. We can help them
fix these potential security holes right then and there.”
Explanation # 5:
“Your Internet provider has alerted us to abnormal activity on
your network which could indicate a security issue, so we’re checking with all
users to be sure that their computers are properly secured against threats.”
Let’s say that you’re not the most meticulous manager of your
office computer—when was the last time you really combed through those old
files and purged?—and it’s quite possible that something might have slipped
your attention. Well, here’s the chance to make it all good, right? Besides,
Tina has explained that you may begin to experience sudden unexplained crashes
if these fixes aren’t made pretty soon. That is not something you can afford
with the semester starting and all the pressure it brings.
All that Tina needs is for you to download some drivers that are
missing from your Microsoft installation. These will plug the security holes
that she is concerned about. And just to be sure that it’s all working
properly, she needs to be able to perform a remote login, so she’ll need the
administration account on your machine.
Any red flags go up yet?
Tina then asks for your credit card information so that she can
clear the authorization to repair your computer. At this point, any number of
alarms should have sounded.
Here’s the first. No one, ever, under any circumstances will
call you from Microsoft or any other reputable company claiming to see problems
on your computer. If someone does, take down the telephone number, name, the
website URL for the company, and tell the caller that once you check it out,
you may call back. Chances are the caller will hang up or go into some
explanation that will not square with the truth.
Secondly, it is completely false that any error report sent to
Microsoft or any other vendor contains contact information about you or your
installation. Typically, this information is not included in error reporting—in
fact this specific declaration may be in the dialog box you see when such
errors occur. If someone makes this claim, it’s a good indication that he or she is scamming you.
Third, it is illegal for an Internet provider to release any
information to a third party without your permission or a warrant issued by a judge. Again, a caller claiming
to have found you through your ISP is lying.
Fourth, undoubtedly, you will have errors in your error logs.
Any computer system may have glitches from time to time, caused through any
number of normal or abnormal operations. The presence of errors in the log does
not constitute proof of any security issue—it might, but that is not something
that anyone on the other end of a telephone is going to be able to determine on
a random call.
Fifth, anyone whom you did not specifically contact for help
should ever request that you download files. If you call the NAU Solution
Center, of course, then you are seeking help and you are also calling a known
entity. This also applies to anyone asking to remotely connect to your
computer. The Solution Center may need to do this on occasion, but they will
only do so after you have made the initial contact with them to get help. They
will never, under any circumstance, call you first out of the blue to gain
access to your machine.
The consequences to falling for such human engineering ploys can
be dire. For example, your computer may become a zombie “netbot” used
remotely to send spam or relay malicious software or engage in any number of
illegal activities. Your hard drive, and any drive to which you connect, may be
scoured for banking or personal information, and from this identity thefts
could be enabled. If you’re lucky, perhaps your machine will just crash a lot,
or your hard drive will be wiped clean, but if you’re less lucky, you may be
the gateway through which an intruder can infect or destroy an entire
enterprise network of computers.
But let’s not dwell on dire outcomes when the solution is simple
prevention. It isn’t necessary to dwell in the depths of paranoia, but be aware
that crooks and liars exist on the fringes, continually searching for weak
links in the security chain. No matter how carefully the technical side of
computer and network security is constructed, the human element remains one of
the easiest and richest avenues into systems. Any inquiries about your
computer, software, network, users, and so on that you do not initiate should
be treated with suspicion. There is never any problem so terrible and immediate
that you must take action without first consulting Information Technology
Services to help to determine the problem and the possible solutions.
And if, by some unfortunate series of events, you do feel that
your system has been compromised, seek help immediately. There's no shame in it. We've all been there at sometime. If necessary, shut
down and unplug your computer from the Internet.
The easiest way, and this is good news for the lazier elements among us, is to do nothing
anyone on a cold call tells you that you must do. You guard the gate.