Category Archives: Tech Tips

Tech Support Scam

A Tech Support Scam is when a scammer poses as a legitimate company offering to repair your devices they claim have been hacked or infected with malware.

There are many variants of these scams. Two common variants are cold calling and website popups.

Cold Calling

The cold calling variant is simple. The caller claims to be from a well know company (i.e. Microsoft or Telstra) and advises the victim that they have malware or someone has hacked their device, and that they are calling to help rectify the problem.

The caller will often talk the victim through the steps of opening and viewing errors in the event viewer. The errors, which do show items that may need attention on your machine, are then used by the scammer to help support their false claims.

The scammer will then talk the victim through the steps of installing remote access software, which give them access to the device, allowing them to undertake the “repair”. Before doing the “repair” they will require a credit card to charge a fee ranging anywhere between $300 to $1300, depending on the “support package” the victim agrees to. Often they will install software that can be acquired for free (or cheaply) and sell it to you at a very high mark-up.

Pop-up Message Scam

A pop-up message scam works the same as the Cold Calling scam except for the victim is the one who initialises the call.

The victim may be browsing a legitimate website that when an outbound link is clicked (i.e. an advertisement, or a link shared on social media) a pop-up message will be displayed. The pop-up message may be hard to close and will advise the user that they are infected with malware and to call a 1800 number to have the problem rectified.

These pop-up messages can be very hard to close. This is an effective method used by the scammers to trick the user into believing there is malware on their machine.

A simple trick to close the message is shutting down the device.

Example of a Tech Support Scam pop-up

Protecting Yourself

Social engineering techniques can be hard to protect yourself from. Familiarising yourself with scams can help you be vigilant if you are targeted by a scammer.

Scamwatch is run by the ACCC. It provides information to consumers and small businesses about how to recognise, avoid, and report scams.

Our Tech Tips articles also have great tips on protecting yourself online, so do check them out as well.

Vulnerabilities

Vulnerabilities are weakness that can be exploited to compromise security of computer systems. Vulnerabilities differ in severity with some being easier to attack than others. Vulnerabilities exist in software, hardware, and people.

Vulnerabilities are exploited by an attacker in both random and targeted attacks. A home computer user is mostly likely to be exploited by random attacks and it can be compared to a criminal walking a car park checking for unlocked cars. The cybercriminal does the same thing by scanning the web for known vulnerabilities in hopes to find a device that is easily exploited. Unlike the carpark analogy, a cyber-attack can be automated meaning the attacker can be scanning for 1000s of vulnerabilities all at once. Targeted attacks are when an attacker has a set target he wishes to exploit. This could be a large company or business but individuals may also become victims of targeted attacks.

Software vulnerabilities may allow an attacker to remotely execute code, steal data or take over your machine. Patching or installing the latest software and apps, updating Operating systems via Windows Updates (Software Update on Mac) and installing the latest iOS or Android build on your phone and tablet are an essential part of keeping your systems secure. A fully patched device makes a harder target for an attacker. Software vulnerabilities are likely to be exploited in random hacking attacks as well as targeted attacks. Exploiting a vulnerability can often allow the attacker to bypass any Internet Security you may have in place.

Hardware vulnerabilities are often used in targeted attacks against high value organisations but may also be used in random attacks. BadUSB is a well-known hardware vulnerability and affects the firmware of some USB sticks. The USB stick can be modified to run malicious code, without detection from antivirus. It does this by emulating a keyboard and commands are ‘typed’ in when the USB stick is inserted. The commands entered may download malware or open a back door allowing an attacker access to your machine. This kind of attack relies on the attacker exploiting the hardware and exploiting a person. It is an effective attack as it is low-cost and people, who are naturally curious will plug in USB sticks to see what is on it. USB sticks can also be used to exploit software vulnerabilities or install malware.

Social engineering is used to exploit the trusting nature and curiosity of people. It can take place as phishing via emails and website, tech support scams via the telephone, and person to person. An attacker using social engineering tactics can quite easily gain access to your system. The tech support scams that are quite common and are an effective attack. The attacker, posing as a well-known company, tells the target they have been hacked, they have malware, or their internet will be cut off it specific tasks are not taken. This is often enough to get the user to comply and the attacker will then talk the target though installing tech support software. Tech support software gives the attacker full access to your machine. They can access your photos, emails, documents, and even passwords you have stored in your web browser. Social engineering can allow an attacker to bypass all security you have in place.

Protecting against social engineering can be quite tricky as it exploits the nature of people. Some tips can be to avoid attachments and links from unknown senders – Files and links can be scanned with online services such as www.virustotal.com although this may not recognise a file designed to exploit a vulnerability. Do not enabled macros in documents. Macros allow code to run, potentially allowing malware to be downloaded onto your machine. A common threat that uses this kind of attack in ransomware. Also, avoid USB sticks that you may find laying around or unsure of the origin.

Zero-day vulnerabilities are those known by a third party but have not yet had a patch created by the vendor. These are highly sought after by cyber criminals as they have a higher success rate. Zero-day vulnerabilities are often used by exploit kits with a common attack being to deliver malware via compromised website advertising. Malvertising as it is known, is where a website delivers malware via ads displayed on their website. This is often due to weaker security of the advertising companies and not an actual breach of the website you visit. To avoid this kind of attack it is recommended to removed plugins such as Adobe Flash Player and Java and to use an AdBlocker.

How to remove Flash Player

Adobe Flash Player is software used widely for streaming video and audio on websites. While popular, many sites now support alternative technology available natively in the web browser to replace Flash Player. Cybercriminals have a trove of Flash Player 0-day vulnerabilities leaving machines running the software vulnerable to attack. Because of this, it is highly recommended to remove flash player to help secure your devices.

If you require Flash Player, ensure you are running the latest version.

How to remove Flash Player

  1. Hold the Windows Key and Press R to bring up the Run dialog box
  2. Type in ‘appwiz.cpl‘ and click ‘Ok
  3. Select ‘Adobe Flash Player‘ from the list and click ‘Uninstall
  4. Click ‘Uninstall‘ (you will need to have your web browser closed)
  5. Adobe Flash Player is now uninstalled.

Note: if you have multiple versions of Adobe Flash Player, you will need to repeat these steps for each install.

Remove Flash Player in Web Browsers

Google Chrome, Microsoft Edge, and Microsoft Internet Explorer all come with a built-in version of Adobe Flash Player. The advantage is this version of Flash Player is automatically upgraded with Chrome or via Windows Updates. It also means there are a few more steps to remove it from your device.

Disable Flash Player in Google Chrome

  1. Open Google Chrome and type chrome://plugins/ into the address bar.
  2. Scroll down until you see Adobe Flash Player and click ‘Disable

Once disabled, it will be greyed out and ‘disabled’ will appear after Adobe Flash Player

Disable Flash Player in Edge

  1. Open Microsoft Edge and Click the Menu Button (the button with three dots found at the top right)
  2. Click ‘Settings’
  3. Scroll down and Click ‘View advanced settings
  4. Click the slider so that is it ‘Off

Flash Player is now disabled in Microsoft Edge.

Disable Flash Player in Internet Explorer

  1. Open Internet Explorer and Click the ‘Settings‘ button (the button with a cog at the top right)
  2. Click ‘Internet Options
  3. When the Internet Options Windows appears, click on the ‘Programs‘ tab
  4. Move your mouse and click the ‘Manage add-ons‘ button
  5. In the dropdown box on the left-hand side, select ‘All add-ons
  6. Shockwave Flash Object will appear in the list on the right hand side. Right click ‘Shockwave Flash Object‘ and click ‘Disable

Reinstalling Flash Player

Due to many security issues Flash Player, I highly recommend removing it from your devices. Over time you may find you need it less and less. If you are unsure whether you require flash player try removing it. If for any reason Flash Player needs to be reinstalled is can be done by visiting get.adobe.com/flash or by following the step above and re-enabling Flash Player.