More information about how tech support scammers have been using the Quervar/Dorifel outbreak to trick Netherlanders into giving them access to their systems and credit cards.
On the subject of support scams here’s a somewhat free translation of part of an article in Dutch about the support scam gambit described in Dorifel/Quervar: the support scammer’s secret weapon. Prospective scam victims in the Netherlands, where Dorifel is somewhat prevalent, have been rung by scammers offering ‘help’ with removal of the virus. (By the way, interesting though Quervar is to researchers – see Quervar Induc.C reincarnate? – it is not that prevalent, and although there has been a spike in reports in the region, it will not be an issue for most people.) By the way, this translation has also been included in a blog at AVIEN, where I maintain a resources page containing information on support scams.
My apologies to the person who referred me to the Dutch web page: I’m afraid I can’t find that email. (Maybe it was Martijn Grooten, yet again!) And if anyone whose Dutch is in better shape than mine (virtually non-existent) can improve on my translation, feel free to comment here.
[Update: it was actually a post to Wilders that drew my attention to that article in Dutch. Hat tip to Aryeh for calling my attention to the post, since I rarely visit the forum.]
Currently, there are reports from people who are approached by phone by Microsoft offering to assist them in removing the Dorifel virus that is currently in the news.
The caller tells the prospective victim in (flawed) English claimed that the he or she has malicious software on his or her computer and that to the scammer can help them solve this over the phone. In almost all cases the scammer requires an extortionate amount of money for a (non-functional) antivirus package, asking for personal information and credit card data.
It also appears that the caller refers victims to a website where software can be downloaded to their PC. They seem to be offering help via remote access but in reality an uninfected PC might finish up infected, and an infected system could pick up an extra infection.
What are your options?
- You can’t stop the scammers calling. [Actually, it might be possible with some services in some countries, but they don’t take any notice of do-not-call registries (DH)]
- Ask for a local (Dutch) telephone number that you can call back on.
- On no account give them remote access to your computer.
- Be very cautious with the transmission of personal data and credit card numbers over the phone. [Don’t give them to anyone whose credentials you can’t verify (DH)]
- If you have any suspicions of bad intent, hang up as quickly as possible. [Feel free to put the phone down on ’em, though they may call again. (DH)]
David Harley CITP FBCS CISSP
ESET Senior Research Fellow