Microsoft customers in Arizona were scammed by a BPO setup by fraudsters who’s executives represented themselves as Microsoft employees and managed to convince them that for a 300$ charge they would enhance the performance of their desktop computers.
Once signed up, the BPO technician logged onto using a remote access software that provided full remote control over the desktop and proceeded to delete the trash and cache file, sometimes scanning for personal information. The unsuspecting customer ended up with a marginal improvement in performance. After one year of operation, the Indian police nabbed the three men behind the operation and eleven of their employees.
There were several aspects to this case “Pune BPO which cheated Microsoft Clients in the US busted” that I found interesting:
1) The ease with which customers were convinced to part with money and to allow an unknown third party to take remote control over their computer. With remote control one can also install malicious files to act as remote backdoor or spyware making the machine vulnerable.
2) The criminals had in their possession a list of 1 million Microsoft customers with updated contact information
3) The good fortune that the Indian government is unsympathetic to cybercrime both within and outside their shores which resulted in the arrests. In certain other countries crimes like these continue unhindered.
Cybercitizens should ensure that they do not surrender remote access to their computers or install software unless they come from trusted sources.
This is a Security Bloggers Network syndicated blog post authored by Lucius Lobo. Read the original post at: Lucius on Security