Social Engineering … People are often the weakest link.
While away on a business trip recently, I called home to my wife in the evening and she had an interesting story about her day.
She was expecting a call from her veterinarian so when the phone rang with an unidentified caller id, she answered it. The caller was someone with a deep accent who explained to her that he was offering a public service, because his company had found that there were many “junk files” on people’s PCs out there and the situation was “worse than viruses.” Because of his concern, he was calling as many people as possible to help them “delete the junk files.”
While my wife is not particularly savvy technically, she was thankfully aware that this was a scam. She was however curious as to what the caller was up to so decided to play along with him for a short while to see where it may lead. So at the caller’s direction, she sat down at her PC and was instructed to open the computer properties dialogue, and then to “manage computer” where the caller wanted her to delete settings. “Mr. Helpful” also reassured her that should anything go wrong, his team of technical experts were all right there to jump in immediately and help her “fix things.”
Just then, another call came through which actually was the vet so I did not get to learn where this would have ended up. Seems an easy vector for a threat agent to take; if they can’t clandestinely install malware on a PC, why not get the user to install it for them? After all, they are offering a public service.
Maybe Mr. Helpful will call back when I am at home. I would be happy to fire up a lab PC and run the gamut just to see what they install and share the results here.