A spate of scams in which criminals use technology to take over victims’ computers has been reported by an anti-fraud group. Financial Fraud Action, a body set up by the financial services industry, said that fraudsters were impersonating major companies to steal money. They claim they are fixing a slow internet connection, but trick firms into allowing funds to be transferred. Some claim to be calling as a result of recent high-profile data breaches. While “working” on the internet fault, the fraudster claims the victim is entitled to compensation and asks them to log into their bank account. The scammers still have access to the computer and will put up a fake screen which makes it appear the money has arrived. Working in the background, they will take money from the victim’s bank account.
Mark James, Security Specialist at IT Security Firm ESET :
What is happening?
“We always see a flurry of fraud activity surrounding high profile data breaches and that’s why the public need to be very aware of what’s happening in the cyber world. When companies get hacked or compromised it’s not just the stolen credit card or password info that causes others to be scammed, it can be simply a case of using that info as a tool to gain access to your machine.”
How do attackers carry out this attack?
“With the likes of TalkTalk in the UK, with a subscriber base of over 4 million, it makes no difference if your details were actually taken or not, if someone phones you up and masquerades as a concerned staff member offering to help you in this time of need you could easily be tricked into taking that help. If they then slide in the offer of compensation then the chances are you would be well and truly hooked. By asking you to turn your computer on and logging in remotely to help you, it could easily lead to malware being installed on your machine with all manner of things happening in the background, including financial access if they manage to persuade you to log into you banks real time.”
How can people protect themselves?
“It is very important that people understand that any good organisation will accept the fact that you need to verify who they are. If you’re entitled to some compensation it will be the same amount tomorrow or this afternoon as it is now. Putting the phone down and checking on a confirmed number or even a mobile device if you are overly concerned could be the difference in being scammed or not. Always step back, take a few minutes to get your head around the situation, and do not let anyone force or fluster you into doing something in haste.”
[su_box title=”About ESET” style=”noise” box_color=”#336588″]
Since 1987, ESET® has been developing award-winning
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.