Phone Social Engineering

Posted on by Darril

Criminals are increasingly using phone social engineering tactics. They attempt to impersonate some official sounding company, tell you your system is doing something suspicious, and then lead you through the process of “fixing” it. However, the fix is the installation of malware so that they can control your computer remotely.

Last June, I was called by a criminal trying to get me to install malware on my system. I blogged about it here.

The same thing happened again today though the call was a little different.

First, I received a call from “Out of Area.”

When I answered a woman with an India accent stated “I am from the Windows department and I am calling about your Windows computer.”

However, her accent was so thick, I had to ask her to repeat it a couple of times before I understood.

Finally, I exclaimed “My Windows computer.”

Click. We were disconnected. That’s odd.

In a moment, another call identified as “Private Caller” came in

When I answered, it was the same woman and she apologized saying we were disconnected on their end. I could hear a lot of voices in the background. They sounded quite busy as though dozens of phone operators were going through a script with others.

She then went into a spiel, though it was difficult to understand everything she was saying.

Finally, I understood some phrases like “infected” and my “computer was sending out messages.” I responded with “Wow!”

My plan was to play along like I did last June. Back then, a guy had me look around my system and find a bunch of logged errors. The errors were legitimate but he implied it meant my system was heavily infected. Thankfully, it was my lucky day. He could help me fix it.

He guided me to open a Run window and type in a website address. I have no doubt the address was malicious. It might include a malicious download similar to what criminals tried to trick users with in a phishing email about a bogus funeral.

I stopped before going to the website, but that guy was pretty skilled and might have tricked someone else.

Today’s criminal didn’t have the quite the same skill set. Apparently, I stumped her with “Wow!” She asked me several times what I said.

Finally, I slowed it down and said “I….. Said….. Wow! …. I am surprised you’re telling me my system is sending out messages.”

Too many words I guess. She hung up.

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions 

Over 385 realistic Security+ practice test questions

At least 10 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
  • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package

Security+ Full Access Package
Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

This exam is expensive.

Make sure you’re ready before exam day. 

Here’s what you’ll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we’ve added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Criminal Social Engineering Phone Tactics

Assuming other criminals are using the same script as her, they might succeed. I think speaking and understanding English should be a prerequisite for this job but perhaps they’re having problems in their HR department.

From a psychology perspective, these criminal use several common ploys.

  1. Built credibility. She tried to show credibility as she mentioned the Windows department.
  2. They have you find the errors. If we continued, she would more than likely have me find and view the errors. She wouldn’t just ask me to believe her. Instead, she would have me type in the commands and seethe errors.
  3. Good acting skills. She would sound genuinely surprised when I describe the errors I see. She might have changed her tone, brought warmth into her voice, and offered to help.
  4. Used unfamiliar tasks. She might have me type in the web address in the Run window instead of in a web browser. Some users might be suspicious if they were asked to go to a web site. However, opening the web site from the Run window might seem less dangerous. It is a little more technical so it could easily distract an uneducated user.

The only thing that stops these criminals is educated users.

Educated users thwart many of these phone social engineering tactics. This is one of the reasons why more and more companies value employees with basic security skills and the Security+ exam helps validate these skills.

However, you don’t need to be Security+ certified to be suspicious of criminals trying to rip you off. It’s unfortunate, but due to the number of criminals trying to steal to get ahead, we all need to be vigilant and suspicious of emails and phone calls from strangers.

Hopefully, you’re know about some of these tactics and you know to be suspicious.

Would your family members recognize them? Would your friends?

If not, let them know.

Master Performance Based Questions Video
Security+ Full Access Package
Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

This exam is expensive.

Make sure you’re ready before exam day. 

Here’s what you’ll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Realistic SY0-601 Security+ Practice Test Questions
  • Performance-based questions.
  • All of the flashcards from the study guide. View them in any Web browser. See demo here
  • All of the audio from the study guide.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!