I recently had a phishing call, well to be honest in fact I had 5 calls, all in the space of a day, (because they are persistent) from someone purporting to be from BT. The call went something like this.

Ring, ring…

Me: Hello

Caller: “This is BT calling. We have been monitoring your IP address and it has been hacked, we need to suspend your internet access as all your activity is being monitored by the hacker. Are you by your computer we need to access it and prevent the hacker from using your computer”

Now as a seasoned professional I suspected that this caller, was in fact lying!

I first queried that he was from BT, which he further confirmed that indeed he was, (these people really have no shame).  To play along and find out what the game was going to be. I feigned concern and asked him what it was that I should do. He told me he would need to remote control my computer. He said that he needed to confirm my IP address. Which I guess to the uninitiated, it would seem plausible since it was my IP that was allegedly at risk. He gave me instructions on what to do to retrieve my IP. It was at this point that I asked him to tell me what my IP address was and I would confirm whether it was correct or not, because surely if he were monitoring it, he would know what it was. At that point I guess he realised the game was up and he rang off.

If played out, what is this kind of scam/phishing attack all about…

Having established your IP address, the caller will either ask you to download an application from the web or may even directly deploy an application to your computer, which will grant them full access, with all the same rights and privileges to access anything on it. Whilst you’re watching, mysterious and perplexing things will appear on the screen, and at some point they will probably tell you that you have a virus, malware ransomeware. People using this type of phishing strategy to give credence to their spiel will use whatever is topical in the media at the time. They will go on to say that it will cost £70 or £120 to remove (I have heard of higher figures), and if you can provide credit card details they can initiate the fix straight away. If you express any reluctance to complete they say the price will be double later.  

What is the truth?

In all likelihood you do not have a virus or anything of the kind, furthermore it is very difficult to hack a public IP address, most routers have built-in firewalls to prevent this.  The caller is preying on your worst fears to extort money from you.

What have you risked? First of all, you have given a stranger you have never met unlimited access to your computer. It is almost impossible to know what they may have left behind. Some checks can be done but you could never really be sure. It’s a bit like stopping someone in the street and handing your house keys over and asking them to look after it whilst you’re on holiday. The only truly safe solution is a full rebuild from scratch. Which is the equivalent of a full stock-take and changing the locks.

Secondly you have given someone who has already demonstrated nefarious intent your credit card details. In order to be truly sure that they will not use that information for further fraudulent purchases you need to cancel your cards.

Thirdly and to rub more salt into the wound, you’ve given someone £120 or more for nothing.

So what should you do if you get a call from someone phishing perhaps pretending to be BT or Microsoft with similar stories of catastrophe? The easy answer is put the phone down. BT would never call you direct, neither would Microsoft, or your bank. In fact no reputable company would call you unsolicited, to inform you of a real and present threat to your computer, credit card or bank details. If you are the least bit worried that there may be truth in the callers story, having made sure you’ve hung up the phone. Call the company they are purporting to be and ask them. If you have time, checkout the company website many have very useful information on keeping safe online. Barclays Bank have recently been running a campaign which examines phishing and other techniques, which is worth having a read through. BARCLAYS SECURITY