If it walks like a duck…and quacks like a duck…

I have reminded many of you over the years to please pay close attention to unusual popups and if something smells fishy and aren’t sure if you should follow up, you probably shouldn’t.

Well let me share an experience (with the person’s permission of course) of this happening in real time.

Someone was busy with work but accidentally hit a site that caused one of those “your computer is infected” popups.  She was busy, and distracted, but this is scareware…and it worked.  She called the number and allowed someone to connect to her computer.  The standard speech started about how the computer is infected and needed immediate cleaning but a “Cisco specialist” needed to help.  She was then transferred to a second person and the fishiness started kicking in.

She put the person on hold and called me and asked if i was Cisco certified.  I was in the middle of something but a quick review said something didn’t sound right and i thought it was scareware.  I suggested she hang up with the other person, shut her computer down, and i would call as soon as i could.  When she went back to the person and asked for a phone number to call back because she wanted to talk to her IT person, the back-pedaling started.  A bunch of “well, since you’re not a member…you have to call this number to get transferred back to me….”

Click.

She did take pictures on her phone of some of the screens she was being shown.  The first screen is one of those normal fake warning screens.

IMG_0828

What i found very amusing was the second screen that this alleged “support specialist” said were the list of infected files.  It turns out it was the errors in her EVENT VIEWER

img_0827.jpg

As soon as i saw this (as i was on my way over to help) i had a feeling things would be ok.  I got there and was able to do my due dilligence in doing a thorough security check.  Also malwarebytes scans came up clean.

#ThinkBeforeYouClick