Phun with Phishing.

The practice of misrepresenting facts or identity in order to unlawfully gain information or money using electronic media (computers, smart phones, tablets) is called Phishing. When using voice communication (telephone) to initiate contact it is known as “vishing”. These exploits use “social engineering” to trick their victims into providing money or information. They typically falsely impersonate “trusted sources” like government agencies, utility companies,  banks or service providers (like Microsoft), your ISP or your Email service. Phishers use fear, greed, love, hate, loneliness, empathy, trust etc to get their victims to cooperate. Phishers broadcast their bait to thousands or even millions of potential victims. If only one person in a thousand takes the bait, a million casts will yield a thousand victims. Over the years we’ve repaired thousands of victimized computers. We get several a week. We do understand that it is never a fun experience for the user but in retrospect, some of these encounters do contain an element of gallows humor.

A gentleman brought his notebook PC in complaining that he had paid his fine but the FBI was still holding on to  his computer. We booted it up and sure enough, his computer was locked on an FBI wanted poster with his mug shot. The notice accused him of committing one or more crimes from a laundry list of infractions that included stealing copywrited material and downloading child porn. They stated that his infractions would be cleared, his computer released and his record purged if he paid a $300 fine by money card within 72 hours. If he did not comply, a federal warrant would be issued for his arrest and he would be subject to a $5000 fine and up to five years in federal prison. He bought the money card and gave them the authorization number but they never released his PC. By the time he brought it to us, he knew he’d been had. The “Phisherman” had used the web cam on his own PC to take his picture and create the wanted poster. They guy was still wearing the same shirt he had on when he unwittingly posed for his own wanted poster.

Last year a customer boasted that she had “fixed” the Vishers. She had responded to a warning that her PC was infected and she needed to call a Microsoft tech rep at the phone number provided. She called and let them into her computer. After an hour of holding the phone while watching them manipulate her PC they informed her that she must pay them $199 by credit card. She told them she thought this was a free Microsoft service. They told her that if she didn’t pay, she would not be able to use her PC. Reluctantly she authorized the payment on her Visa card. About 15 minutes later, as she watched the technicians continue to “work” on her PC, she got an incoming call. “This is Visa and we want to ask you about some unusual activity on your credit card.” They told her that her card was being used to make small purchases in several countries. She asked if there was a recent $199 charge and they said yes. The Visa representative recommended that she dispute the charges and immediately cancel the card. They would mail her a new one. She told them to do it.

“When those phony Microsoft techs finished with my computer it worked just fine. Those crooks had no idea that they weren’t getting paid that day,” she cackled. I asked her how long ago this all happened and she told me it was about a month. I asked her if she got her new Visa card and she said, “now that you mention it, I don’t think it has come yet.” I started to shake my head. She looked at me and turned pale. “Oh my god” she said putting both hands to her face, “that wasn’t really Visa was it, it was them.”  She bolted from the store to go take care of cancelling her card.  These clever crooks had figured out a way to keep their victims from actually cancelling the card and disputing the charges until they had safely stolen the money and had continued use of the card. Pretty clever.