The Hacker News

Posing as IT support staff, criminals are picking up the phone in order to push Rogue anti-Virus software onto the system's of unsuspecting U.K. Internet users. The news comes from GetSafeOnline.org, who is using it to kickoff a week of events supporting Internet safety.
These fly-by-night boiler room operations sometimes employ up to 400 people, who use a mix of sales and social engineering to scam their victims into believing that their system is in desperate need of repair. The end goal is to walk away with credit card information, verified when the Rogue anti-Virus is purchased, or remote access to the victim's system for future use.
A typical call likely comes out of the blue. On the other end of the line, a person claiming to be an IT Helpdesk technician begins the process of forming a rapport with the mark. Like any other cold calling scam, the idea is to form an instant bond.
The caller starts by representing themselves to the mark in a position of authority and trust, by first collecting, and then using various bits of personal information that someone in IT might know. This information is easily discovered thanks to bulk marketing lists available online, and the power of social networking.
From there the mark is most likely quizzed on virus related issues and other computer problems, such as slow email and Internet browsing, or slow system startups. All the mark needs to do is admit to having one of those symptoms, or something close, and the caller can press the pain by explaining what will happen if this problem isn't fixed. Then, just as the pain clearly present, the caller offers a solution.
"For a small fee," they might say, "we can install something to fix your system and clean it completely. No more slow startups, your Web surfing will speed up, and email will arrive nearly instantly."
If the mark falls for it, game over. The caller collects their credit card details, with as much other information as they can, and charges the card anywhere form $50-79.00 USD to prove it works. Next, the Rogue anti-Virus software is installed. After that, the caller hangs up and moves on.
If the mark doesn't fall for the scam in the first few minutes of the call, then the caller hangs up and moves on. With cold calling, the clock is ticking. If the mark isn't your buddy in the first 90 seconds; you end the call and find a new friend.
It may seem like a stretch, but cold calling scams have worked for a long time in the commodities market (currency and precious metal trading), as well as real-estate and general stock-based scams.
The thing is, cold calling itself isn't an illegal act. It's a legit marketing and sales tool. However, there is a right way and wrong way to go about it. Selling fraudulent items, such as the Rogue anti-Virus is illegal, using cold calling to set sales appointments isn't.
The trick is to hear the word no enough times; even legit cold calling operations and salespeople will tell you that. If you hear no ten times, then the eleventh person is going to say yes. It's only a matter of time so keep dialing.
Again, this tactic is nothing new, but with 1-in-4 U.K. Internet users admitting to having talked to an IT Helpdesk person out of the blue offering such services, the numbers can equal a hefty payday for the criminals running scam.
Baroness Neville-Jones, the Minister of State for Security, commented, "Given that our latest research indicates 80% of UK internet users have never heard of these 'IT helpdesk' scams, yet almost a quarter have been approached by them, it is vital that we make people aware of this threat."

Webmasters aren't left out in the cold either. The criminals doing the cold calling are also adding legitimate webmasters to an affiliate system that will pay them for each successful installation of the Rogue anti-Virus software.
This is an ironic twist as the criminals themselves are paid on a per install basis via an affiliate program themselves. However, there is plenty of money to be earned by the shady PPI programs, so cutting someone into a small percentage for a massive take is worth the investment.
The figures listed by GetSafeOnline.org say that criminals are investing up to $150,000 USD per month in the payouts.
Although the last few years have seen some steady improvements in installing computer security software and detecting common scams, the GetSafeOnline.org report noted, over a third of U.K. internet users (34%) still report being the victim of a Malware attack, 22% have experienced a Phishing scam, and over 1 in 5 (21%) have been a victim of identity fraud.
These cold calling scams are easily avoided. They use human emotion to work, and the people on the other end are expert button pushers. They will use fear, greed, and guilt to get what they want, but all you have to do is trust your gut.
If it sounds too good to be true, then it is. Never agree to anything sales related over the phone, especially if it is random contact and you need to pay now. Ask for time to think or simply stall by flooding the caller with random questions. They're on a clock, so stalling them will make them press harder or end the call.

If they press harder, hang up. Don't be the eleventh caller who will tell them yes.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.