Tuesday, August 7, 2012

Government or business, neither protect customer data well

Originally posted 006/22/2011 on lubbockonline.com

Jason Halstead of the Winnipeg Sun reports that a woman in Winnipeg, Canada was almost a victim of an unusual blended attack on her computer.

61-year-old Val Christopherson answered her phone and a man told her he was from an online security company that was receiving error messages from her computer. He claimed to want to fix her problem over the phone and convinced her to go to a site called Teamviewer.com and let him connect to her computer. Then he tried to sell her antivirus software and let him install it. That was when she got suspicious and hung up.

Ms. Christopherson was smart. When the man called back she hung up on him again, then unplugged her computer and contacted her ISP and bank to reset her security credentials and let them know her computer might have been breached. Letting herself be talked into letting an unknown person to connect remotely to her computer was a lapse, but perhaps an understandable one. As often as we warn against clicking on strange links and ok'ing popups, we never warn about letting strangers access your computer, either in person or remotely. A computer attack initiated by calling the prospective victim is, in the case of private individuals, extremely rare, so no one warns about that type of attack.

So if you get a phone call from someone asking you to give them access to your computer, tell them no. If they are from your ISP or the company you get your anti-virus from, tell them you'll call them back and hang up. Then use the number from the phonebook or the internet to call them and find out if they had been trying to contact you. Don't ever trust an anonymous phone caller with access to your computer.