Recently there has been an increase worldwide, and also in Switzerland, of calls by scammers claiming to be employees of Microsoft or other ICT support companies. The callers generally speak English and claim to be from the United States, England or Australia. In many cases, the callers refer to error messages that supposedly had been transmitted by the computers of the contacted business or individual. The persons called are, for instance, told to launch the Event Viewer1, which can be used to display all events and activities running on the computer. It should be noted in this regard that even a perfectly functioning system may on occasion generate error messages. Depending on the age and configuration of the computer, the list of error messages in the Event Viewer may even be very long, although the system does not have any fundamental problems. The launch of this programme is generally used by the « support » callers to present a credible backdrop for the victims and to scare them. The scammers' goal is to convince the persons called that they should download a programme, thereby giving the scammer remote access to the computer. Once this access is granted, the caller has the same options to manipulate the computer as if he were sitting directly at the computer (copy/change/delete data, install programmes, set up a « back door » to access the system at a later time, etc.).
Sometimes, the callers also offer to set up a support subscription or a guarantee and ask for credit card data or other form of payment for that purpose.
The callers apparently look for victims using public directories, such as the Swiss Commercial Register or public telephone books.
Effects and risks
- Attackers have full access to the computer
- Attackers are also able to access the computer at a later date
- Sometimes, the callers also offer to set up a support subscription or a guarantee and ask for credit card data or other form of payment for that purpose.