The other day, I got a call from a customer, who I will refer to as Jane (not her real name) and she was very upset. Saying she had just been scammed.
Scammers had contacted her by phone saying they were from Telstra Anti-scamming Department.
They told Jane that her PC had been hacked.
And that they needed to have access to her pc, to sort it out.
Jane was suspicious, and demanded that they properly identify themselves. So they agreed to send her an email with employee id, and a contact number to ring. And when, she had checked their bona-fides. They would call back.
The email had a Telstra logo, and a phone number to ring. One thing Jane did not notice, was that the email address while having Telstra in it, was from a gmail account.
All emails from Telstra/Bigpond departments come from an email ending in @bigpond.com, @telstra.com, @team.telstra.com/. And many others. There are many different domains that are used by Telstra/Bigpond the company.
They all have Telstra or Bigpond in the domain name part of the email address. By domain name, I am referring to the part of the address that comes after the @. For example, @bigpond.com or @telstra.com.
Now, while Telstra/Bigpond have many, varying domain addresses. So this can be a little confusing. The main, and most important point, here, is that Telstra/Bigpond and any other large company, never use Gmail, or any other Webmail email account. And the email was from firstname.lastname@example.org . This is not a genuine Telstra email address.
The email said it was from (name withheld) Anti-Hacking Manager of Telstra. And that they appreciated her co-operation in their “MISSION OF ELIMINATION OF CYBER CRIMES”
The email also claimed to be from the CEO of Telstra. And used the real CEO of Telstra’s name.
At the bottom of the email was 4 lines.
REF : Neil Jor…. ( I will not put the full name in here)
Anti-Hacking Manager (Telstra Corp. LTD)
JOB ID: ST860061
Contact No. 03 901………. (Again I will not use the number here)
I have rung the number myself, and was answered by someone claiming to be from Telstra. I did not stay on the line long, and cannot be sure that it was not a genuine Telstra number. But the person answering it did not sound very sure of himself or very professional, as if he was surprised to receive my call at this time.
Jane rang the number supplied in the email, and was answered by someone claiming to be a Telstra representative. The number was a 03 901…….. I will not post the number here.
Jane then let them have access to her computer, after a little while they convinced Jane to access her online bank account. And then asked her to transfer, a not inconsiderable sum of money. Jane at that point became very suspicious and refused.
This is when it turned nasty, they said, ”we know you wear glasses”, as Jane does. The laptop’s camera was then remotely turned on. Jane’s image was on the screen. And “we know where you live”. They then threatened to “come around and shoot you”. Later checks revealed that their IP address was not in Australia. So Jane was never in any physical danger.
Jane then shut down her computer. And called the police. Who advised her to change her bank password.
Jane then contacted her daughter, by phone, and got her to change her logon details for her bank account. Fortunately, this bank account, was not linked to her main account that had her savings. Jane had been meaning to link the accounts. But, had not done so. Jane had been manually transferring money to this small working account.
A thought, that not having your main savings account linked, to your other accounts is probably a very good idea.
Jane then contacted Telstra, who advised that the scammers had no connection with Telstra/Bigpond. And advised Jane, to have her PC reformatted and Windows reinstalled.
Jan then contacted me, told me what had happened. And asked me about reinstalling Windows.
The PC had been shut down and not restarted. So, when I had brought the PC to my workshop and started it, the first thing I noticed was that the built in camera was on. And that I appeared on screen in a small box. This is how the scammers had left it.
Jane later told me that she was advised that the scammers IP address was not an Australian IP address. And consequently she was never in any personal danger. Bear in mind that these parasites work on scaring you. And will quickly move on if you do not sound scared.
Jane’s bank account was frozen by the bank. Fortunately no money was stolen.
A lesson for all is that anyone cold calling you to advise you that your PC is compromised or hijacked. Should be ignored, it doesn’t matter who they claim to be calling on behalf of.
If you receive a call like this, do not listen to them, just hang up. If you sound unsure, they will keep ringing.
If you feel the need to check, ring the company that they claim to be from. But only use a phone number that is on a bill you have from the company. If you don’t have an account with the company they claim to be from, just ignore the call.
If the scammers, claim to be from either, “Microsoft or Windows Maintenance Dept.” Don’t bother trying to ring them. Also as far as I know there is no “Windows Maintenance Dept”. I have myself received calls from people claiming to be from “Windows Maintenance Dept”.
I usually just hang up when I receive these calls. But have on occasions made comment to them on their lineage before hanging up. Too my knowledge Microsoft will never ring you. Especially too advise you of supposed problems. They don’t know that you exist!
Something to bear in mind, the companies whose names these scammers use, are entirely innocent of any involvement in these attempts. And should not be blamed.
They use these companies names because many of us have dealings/accounts with them. And are well known and normally trusted companies and institutions.
These scammers/parasites rely on scaring their victims. And are generally targeting older people. Who are not overly confidant with modern technology, especially computing. And are more likely, to believe or trust someone who claims to be from a big company or is a tech support person..
Some general guidelines below for unsolicited calls.
1 Be suspicious of all unsolicited calls.
2 Never give out personal details.
3 Never give out Credit Card or any Financial details.
4 Ask where they got your number from.
5 Try not to sound unsure of yourself.
6 Best to answer with one word only, “No” and hangup.
7 Ring someone you know and trust, and ask them their opinion of the call.
8 Never give them access to your computer.
9 Never, fall for the line, “we know you are having problems with your PC.”