Every so often I get requests for help from people with a computer problem that may or may not be malware-related.
When I have to refuse help, which is more often than I’d like, I try to refer the people concerned to a more appropriate person or forum, and to suggest they do what they can to ensure that the advice is from a reputable and competent source. I’m more cautious about recommending specific resources, even well-known commercial organizations, unless I’m in a position to confirm their competence and bona fides.
Sadly, this reluctance has been reinforced by accusations against Office Depot, which is alleged to have tricked customers into paying for unnecessary repairs to their systems.
I’m not sure it’s that simple, though. As I discuss at some length in an article for ITSecurity UK: Support Scams and Diagnostic Services
Dr Alan Solomon, one of the pioneers of the anti-virus/anti-malware industry (though not one of its biggest fans these days) describes a game of ‘upstairs downstairs’ played with a hapless scammer who made the terrible mistake of ringing him to tell about his malware ‘problem’.
It might not tell you anything you didn’t already know about the classic cold-call scam, but it’s very likely to afford you a minute or two of entertainment.
There have been suspicions before that TalkTalk customers have been targeted by tech support scammers who know more about their intended victims (and their issues with TalkTalk) than they should. I’ve alluded to them in some articles on this site.
I don’t, of course, know the facts behind those suspicions, but I note that Graham Cluley has encountered another curious incident – I won’t say coincidence…
Hat tip to David Bisson, whose commentary for Graham Cluley’s blog called the issue to my attention.
Further to the discussion as to whether people or organizations should pay up when hit by ransomware…
- The hardline security maven view is usually that they shouldn’t because it encourages the proliferation of ransomware attacks.
- A softer view (more or less mine) is that you can’t blame people – especially individuals – for not sacrificing their treasured photos, documents etc for a principle. But we hear of organizations assuming that it’s cheaper to pay the ransom than it is to protect data properly. If so, not only are they adding to the problem, but they’re making an unsafe assumption. That is, that paying the ransom will get their data back.
Sometimes, we’re told that ransomware operators will ‘return’ the data because not to do so may damage their ‘business model.’ And there’s something in that. However, the operators don’t always return the data. Sometimes they just can’t, through some technical issue or incompetence. Sometimes they just don’t bother.
Judging from a survey report from Kaspersky, it seems the number of times that payment doesn’t result in the release of the data may be higher than we think. The report states that:
17% of people online have faced a ransomware threat, with 6% becoming infected as a result. One– in–five users that pay a ransom don’t get their files back