Phone call to try and gain access

This is a basic and quite popular scam that uses social engineering to make gullible people believe there's something wrong with their computer in order to sell them some fake security solution and/or possibly steal data from the machine in the process.

The scammers are often based in India and use VoIP providers to call at cheap rates and appear as a local number, and for card processing they obviously use shady payment gateways that don't mind this illegal activity.

Most of the social engineering works by making the user open the event viewer and telling him that the errors in there (which are often benign and to be expected on such a complex OS like Windows with so much services running) are critical and mean that remote attackers are trying to take over the computer. They will then get the user to download a Remote Desktop server like TeamViewer (but TV has a warning specifically against these social engineering attacks so they fall back to some other, less known remote desktop solutions that have no such warnings) to take control of the computer and further show that the machine is in bad shape, sometimes by opening a command prompt and copy/pasting some command that produces lots of output with something scary appended at the end like the "tree" command with the text Warning: computer infected. Attacker's IP: 192.168.1.1 after it, which causes the window to list every single file of the system and display the text at the end as if it was part of the command's output, which unfortunately is an effective scare tactic. Once the user is convinced they make him go to their webpage to buy a solution which is often a fake security product, and assuming that's done I suppose they either just leave or install a rogue (fake antivirus). Note that most remote desktop services include a way to silently transfer files that can be used to exfiltrate confidential data from the victim's computer in addition to exfiltrating their money.

There are a lot of these scam calls posted on YouTube, you can look up "tech support scam" on there if you want. You can also play with them by setting up a virtual machine; just try to make it a bit fun (like creating actual malware, disguising it as a "passwords.txt.exe" with a text document icon and hope the idiots steal the file and run it on their computer).


My question is, now that I have this number whats the chance that it was spoofed, the number is from Saint Paul, Minnesota area.

Spoofing, or registration tricks?

It's very easy to "spoof" a number with any area code you want. It's not really spoofing, it's just a registration trick. You could walk into Wal-Mart and buy yourself a $30 disposable StraightTalk smartphone, go to an open WiFi, and register it. It will ask you where you're registering from, and where you plan on using it from the majority of the time.

After you create a Google Play account on the open WiFi, you can easily switch to a VPN to make it look like you're in that area.

After that, you will be asked to register the phone. You could enter any fake address and usage area, and it will give you an area code and phone number for that particular set of information you provided. You can register a fake name, fake address, new, fake email address, etc.

And it looks like you're coming from another state. Heck, even if you're in another state, most of your google search results will be for the area you registered in. Your IP address will be detected as being from that area, even if you aren't there. Geolocation will still show you to be in that general area, as long as apps aren't able to access your current location.

It works the same way in most countries as well. You'll appear to be from the registered area, even if you aren't.

Also, has anyone come across this before and what was it they were going to ask me to do next to try and access my PC? I might be able to put something in place to lock out any other attempts. I wish so bad I had kept them on the line longer.

What are they trying to do?

Usually, this is a cheap social-engineering trick to get you to buy a faulty product, or steal your information, or both, but I can't really tell you for sure since you didn't stay in touch.

There could be a million different things that they wanted to do. Maybe they're trying to dial random numbers, and are looking for specific errors in your computer. If these errors show up, it may be vulnerable to a specific exploit. But then they'd have to be dumb because this can be automated with a mass scanner.

Maybe they want to sound professional, and since most people don't know about the EventLog, they can trick you into thinking they're knowledgeable and should be trusted.

Or maybe they're trolling you?

Who knows... but I'll leave you with this piece of advice:

Never trust anyone who calls you up and wants to do something with your computer, if you haven't already asked them to do so.

Tags:

Spoofing

Phone