Crafty hackers are gaining access to bank accounts and draining them in a tweaked version of the well-known Microsoft scam, security experts have warned.
The fraudsters use clever tactics to coax their unsuspecting victims into giving them remote access to their computers in a fine-tuned version of the scam dubbed the “cold-calling technical support scam” which has been perpetrated around the world.
The South African Banking Risk Information Centre (Sabric) has alerted SA banks that these scamsters are now targeting South Africans.
These criminals create an environment that allows them carte blanche to drain victims’ bank accounts in seconds, and glean information which may be sold to other fraudsters.
Sabric’s chief executive Kalyani Pillay warned people to keep their software up to date and not to give anyone remote access to their computers. She explained how the scam works: “You receive a call from a number you don’t recognise and the caller claims to be from a reputable computer or software company.
Through skilful manipulation, the caller manages to persuade you that it is absolutely crucial that you take the trouble to sort out a problem with your computer and offers to guide you through the process.”
Since it is purely an IT issue and no mention of banking is made, victims often cast aside their reservations
Because most victims were not tech savvy and the claim that there was a dire problem that needed sorting out seems completely plausible. But then it becomes tricky.
With the old Microsoft scam, fraudsters would persuade their targets to download malware (software that can damage a computer system), but the new scam involves getting remote access to victims’ computers to fix the purported “problem”.
Once “fixed”, the callers ask for a small fee to be paid, but to ensure the victims are not put off they ask that it be done via EFT or by credit card. Since victims know never to supply credit card details to strangers, they opt for an EFT payment and the caller provides details, telling the victim to add them as a beneficiary.
The scamsters take advantage of the remote access they have been given, which enables them to load malware onto their victims’ computer and which allows them to harvest the victim’s banking details.
Pillay said the calls appeared to be coming from outside South Africa.
During the conversation, the scamsters get people to volunteer information, without them realising that they are being scammed.
One victim anonymously shared her experience online, saying she received a call from a number with Cape Town’s 021 dialling code.
Her bank statement reflected that the funds were taken by a company that has been reported to scambook.com, a website dealing with fraud.
“I received a call supposedly from Microsoft South Africa informing me that my computer was about to crash because someone had been downloading all sort of viruses on to my hard drive. To rectify this I had to let them work on my computer and they would download a Microsoft program which would prevent this from happening again. This program would run for five years and cost $249 (R3 229). Like a fool I gave them my credit card details and the money was transferred out of my account.”
The woman was not refunded because the bank was unable to trace the location of the company.