Sealand Systems Ltd logo Use this link to get straight to the content if you are using a screen reader. Lancing
West Sussex
Tel: +44 1903 209367
Mobile: +44 7802 651892

Get Adobe reader

Get LibreOffice

If you have become a victim of one of these, please jump right away to the immediate action drill.

You may be unfortunate enough to receive a call from criminals claiming to be Microsoft, or BT, or some other plausible household name.  The caller will tell you a tale about something being wrong with your computer.  Usually it won't be a virus – most consumers think that they can deal with viruses themselves – so it will be a tall tale about “data files” or some such rubbish.  If you fancy some amusement, you can ask for further details, and you'll be treated to a bunch of meaningless techno-babble worthy of a Star Trek script writer.

It’s statistically likely that if you are not specially technically aware, you might get taken in by such a call.  If you allow the caller to continue, you will be invited to go to a web site where you will download a remote access program.  This web site will belong to a perfectly respectable third party that just happens to distribute remote access tools.  The caller will then get you to run the software so that a “technician” can connect to your computer. 

Having got the customer hooked, the cold caller will then pass you on to the “technician”, who will make your computer display a lot of error messages.  These could be faked, but they are just as likely to be genuine system logs that look scary enough if you aren’t familiar with them.  At this point you will be asked to part with your credit card details for a “fix” that you don’t need.

What happens next?

Unfortunately, you have had a criminal in your machine, so you can never be sure.

The very best scenario

You realise what's going on, and pull the plug on your Internet connection.

You restart your computer and un-install the remote access program.

You hope that everything will be OK, and your hopes come true.

The in-between scenario

You get as far as parting with your money, but the criminals don't actually damage anything.

But you can never be sure.

The worst scenario

The “technician” realises that you are starting to become suspicious.

At this point, he begins deleting your files as rapidly as he can, while calling you multiple foul names.  I won’t repeat what was said to me after I got one of them to use up half an hour of his time on my honeypot machine.

What are the dangers?

As this is a developing threat, no firm statement can be made about it.  For the criminals involved, it is a big business, sometimes run from large offices with staff of dozens or more, in jurisdictions where UK Police find it hard to reach them.  The chief attraction is money, and if the scammers can extract a credit card payment from their victims it is at least possible that they will not cause any lasting damage.  However, greed is the primary motive, and a greedy criminal is likely to plant malware on a PC that might continue to search for passwords or financial information or highly sensitive files.

Just as bad is the possibility that a “ransomware” program could have been planted.  These malicious programs act over a period of time to lock up all of the user’s files, before extorting cash for an “unlock” code that will (if the criminals are “honest”) restore access to the files.

Sadly, there can be no guarantees.

Immediate action drill

Break the remote connection

If you are able to pull your Internet connection quickly, then do so.  This could be by pulling the power to your router, or pulling the connection to the ’phone line.

If you aren’t able to do that, then shut the computer down.  Bear in mind that the “technician” can see what you are doing and will try to stop you.  So this could be the right moment to ignore all the advice about shutting down properly – it’s probably going to be safest just to crash your computer by pulling the power.  If you are using a portable, then hold the power button down for a good ten seconds; this should turn the power right off rather than just sending the machine to sleep.

Shut the computer down

If you have not already had to crash the computer in the first step, then now is the moment to shut it down in the normal way.

Obtain trusted technical help

A careful technician will take the following steps:

  • Will treat your computer as a compromised machine.
  • Will, if possible, boot it without using the compromised system.
  • Will obtain a safety backup of all of your files.  (If the technician was unable to boot the machine with a rescue system, then your hard disk might be removed to achieve this).
  • Will re-install your operating system, thus wiping the disk.
  • Will restore your files from the backup.

If you already had a backup, then the relevant steps could be omitted.

This is the most careful scenario.  If you have anti-malware software installed, or it is installed after the incident, then a shorter fix would be to use it to carry out a scan of your machine, and then hope for the best.  But there are no guarantees.

Sealand is very pleased to be a supporter of the Open Document Foundation, Linux Mint, and the Lancing and Sompting Churches’ Food Bank.

Valid HTML 4.01 Transitional

Copyright © 2006 - 2017, Sealand Systems Ltd.  Terms of use.
This page updated 14 May, 2017.  Please double-check any information before you use it.

Visit our ISP