I was invited to my mother's for lunch a few days ago and was just enjoying a mouthful of home-made meat and potato pie when the telephone rang. "It's another of those stupid calls again", she said with annoyance. "Will you handle it?"
I was expecting the usual rubbish about how I could claim for an accident I haven't had in the last three years but the voice on the phone told me he was there to help me with the PC performance problems I'd been having. He told me he was from a company called "Help PC Online" and when I asked how on earth he could know about any PC problems I might be having, he told me it resulted from a fault report I'd sent to Microsoft.
Now that the caller had established himself as a liar, I was sure it would be just one small step to cross the border into becoming a criminal as well so I took him for the ride to see how far we could go with this pantomime. I was amazed at how quickly he worked, dispensing with all the expected preamble about what the problem symptoms were, what software I was running or even what the operating system was. Instead, he launched immediately into describing the step by step process that I needed to follow in order to grant him remote access to my computer.
I asked him for a few details about himself and his company before explaining that I'd be making a complaint to the ICO and hanging up. At nearly 80, I'm sure my mother would forgive me for saying she's not as tech-savvie or street-wise as she used to be although she does have a computer with internet to communicate with her family who have long since been located in different parts of the globe. Her computer is nearly always switched on and connected and she could easily have fallen for this scam had I not been there. This left a sour taste in the mouth which even the remains of the 'tatie pie couldn't sweeten.
Such telephone scams are rarely traceable, they use VoIP technology to call from any part of the world and hide their caller credentials. I thought this was similar and so I found a company called Help PC Online headquartered in Leicester in the UK and called their office to find out if they knew about scammers using their details and what they intended doing about it. The number I dialled took me through to the same call centre I'd just hung up on. I managed to get through to a supervisor and I explained that I was from the press and asked if he'd answer some questions.
Surprisingly, he agreed and was superficially convincing when he explained that Help PC Online was a legitimate company, UK registered and headquartered in Leicester and that their cold calls were legal and above board. Actually, my mother's number is registered on the Telephone Preference Service (TPS) to stop nuisance calls so now I'd established that the call centre supervisor at Help PC Online is also a liar.
I suggested to him that his company wasn't doing business honestly because he could gain access to a computer and just say it had problems even if it hadn't and then "fix" it at a cost that the customer didn't need to incur. They could also install malware while they did it. His answer to this suggestion was that his company was honest and they wouldn't do that. However, it is clear from the fact that both the operator and the supervisor had lied to me that honesty wasn't this company's strongest point.
Without wasting any further time, I registered a complaint at the Information Commissioner's Office and would urge any other people who receive such calls from Help PC Online to do the same. Complaining is easy and is strongly encouraged; the days when people had no choice other than to put up with such scandalous business practices are thankfully over. The ICO is there to be used. To complain about such calls, just go to the ICO website call complaint page and click the big button that says "Report your concerns".
So how does the Help PC Online scam work?
* The caller convinces you that you have a problem with your PC either because your ISP has notified them or they've picked up a support task from Microsoft.
* They then ask for remote access to the PC. They don't use those terms, instead they give instructions for you to follow to "investigate" the problem. Part of those tasks that you perform opens up a line to your PC for them.
* They "scan" the PC for problems and identify a number of concerns.
* To fix these concerns, you pay a moderate fee. After giving your credit card details, they fix the problems which usually involves de-installing existing anti-malware software and installing their own (which is usually an anti-malware product that is freely available on the internet anyway).
That's the extent of the scam so apart from the dishonest way of doing business, selling a product that is free and not needed and fixing problems that may or may not have existed in the first place, they haven't actually done anything malicious...... or have they?
This is the crux of the problem. By giving them access to your PC, they could have done anything they wanted and you wouldn't know about it. They could install malware or spyware, they could access your private files or they could have enlisted the computer into a botnet. You don't know, it's that simple. They also have your credit card details including the three-digit security code on the back.
Your computer is the biggest information asset you have and has enormous value. Imagine someone coming up to you in the street while you're parked at the side of the road and saying to you, "I noticed your engine sounds a bit noisy. Give me the keys and stand over there while I take it for a quick spin around the block to check it out". Would you give hime the keys?