Social Engineering Phone Tactics

Do you recognize the social engineering phone tactics commonly used by criminals today? The criminals are active and they continue to evolve their tactics.

Contacted by Security Expert

I had an interesting phone call earlier today. I didn’t recognize the phone number, but the name was “Alberta.” I later verified the area code (780) was from Alberta Canada.

A guy with a foreign accent identifying himself as a security expert called. He said he was working for some company with “Secure” in its name, and they noticed that my computer was sending out errors.

It sounded like a scam, but I played along.

He stressed a couple of times that they deploy and support Windows systems. I remembered an old scam where someone called unsuspecting users saying they were from Microsoft. They used a similar line to establish credibility and raise alarm in the user.

Viewing Errors

To verify that the errors were coming from my computer, he guided me through the process of opening a program called Event Viewer.

He helped me find the CTRL key on my keyboard, then the Windows key, and had me open the Run window by pressing the Windows Key + R. He then had me type letters one at a time. “E as in Edward” he said. “V as Victor” and so on until I had finally typed “eventvwr”. Once he verified I typed the correct letters, he had me click OK.

Next, he guided me to the Administrative Events node that looked something like this.

If you don’t know what this is, it can be pretty scary will all these red errors.

He had me describe what I saw and eventually said “Oh my God!” with the voice of a well-seasoned actor. He explained that this was a clear indication that my computer was seriously infected. He said that his company detected about 1000 errors but they had no idea that my computer was so heavily infected.

Not Serious Errors

As a side note, these errors are not serious and do not indicate the system is infected. This is just a special view used by administrators to focus on error and critical events. Any system will have some errors. Depending on how old the system is and how big the logs are, it can easily show hundreds or even thousands of events.

My Lucky Day

After seriously explaining how much trouble I was in with my computer, he then added a smile to his voice and said “But this is your lucky day. I’m going to help you.”

He offered to guide me through the process of fixing my computer before it was permanently damaged.

Once I agreed, he had me open up the Run window again. Next, he had me type in a web site address within Run window.

He followed through with the full address of a website, which I don’t want to repeat here. He then told me to press OK.

This is where I stopped. I didn’t click OK.

I tried to get him to answer some questions but he was very evasive. Eventually, I heard a click. My “lucky day” experience with the social engineering criminal was over.

What If I Clicked OK

If I clicked OK after entering the website address, it would have opened my web browser and taken me to that site.

I haven’t investigated the site, but I have no doubt it is malicious. It might have included a driveby download that would have tried to download and install a virus on my system without any other action by me.

More than likely, I’m betting he would have guided me through the process of downloading and installing a Trojan horse onto my computer. He probably would have explained that this program would help me rid my computer of these nasty viruses.

It’s called a Trojan horse (after the famed Trojan horse of Greek mythology) because it appears to be something useful but instead is malicious. In this case, he might have guided me through the process of installing a program he would describe as antivirus software. Instead, it would give him or other criminals full access to my computer from any Internet location.

After installing the software, they might copy all of my files, and scanned them for something useful. Some users store all their passwords in a file named Passwords, and place it on their Windows desktop. The criminals will quickly find this file.

The Trojan might include a keylogger to capture my keystrokes. When I accessed a banking site, the keylogger would capture my username and password, and later email the data to the criminals. In time, they would simply empty all my banking accounts.

It would probably add my computer to one of the hundreds of botnets around the world. The criminals would then use my computer to send spam or possible help in the attack of other computers.

Criminal Social Engineering Phone Tactics

From a psychology perspective, this criminal used several common ploys.

1. Built credibility. He tried to show credibility as he mentioned his company and by using keywords like security and Windows.
2. He had me find the errors. He wasn’t just asking me to believe him. Instead, I typed in the commands and saw the errors.
3. Good acting skills. He sounded genuinely surprised and even used some soft swear words. He changed the tone, brought warmth into his voice, and offered to help.
4. Used unfamiliar tasks. He had in the web address in the Run windows instead of in a web browser. Some users might be suspicious if they were asked to go to a web site. However, opening the web site from the Run window might seem less dangerous. It is a little more technical so it could easily distract an uneducated user. 

While talking to him, I could hear a lot of voices in the background. They sounded quite busy as though dozens of phone operators were going through the same script with others. Unfortunately, I’m sure that some people would be fooled by these skilled criminals.

The only thing that stops them is educated users.

Hopefully, you’re educated about these tactics.

Would your family members recognize them? Would your friends?

If not, let them know.