- Security TWENTY
- Women in Security Awards
A cyber scammer called the wrong man when they cold-called Matt Horan of C3IA Solutions. Realising the crooks were trying to take control of his computer, Matt put the call on speakerphone and asked a colleague to record it.
After stringing out the conversation for 35 minutes – during which he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Matt, pictured, informed the caller that he had no internet connection. This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people on social media.
C3IA Solutions, based in Poole, Dorset, is one of fewer than 20 companies certified by the government’s National Cyber Security Centre (NCSC). As well as its work with UK Government agencies including GCHQ, it has a commercial section that works with businesses, assisting them with their cyber-security. Matt Horan is keen that the video is used to help people avoid falling for cyber-scams.
He said: “One of the weakest parts of any business’s cyber-security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ emails, this type of phone scam is common and can cause huge amounts of damage. The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there is a problem with their computer.
“They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of on-going malicious attacks. After that they try and get them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.
“They then have all the information on a computer or network and can infect the system, read emails, steal passwords, or encrypt the stored data – basically do anything they want. Obviously this can cause massive harm to a business and can lead to data loss, theft of funds, stealing of intelligence as well as causing acute embarrassment.
“We train staff at businesses to be cyber-savvy and always to hang up on calls like this. If staff are in doubt they should contact their IT support. Firms such as Microsoft don’t make calls like the one I took, but they seem authentic.
“Often the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’ – as they tried with me. This gives an added authenticity. Caution should be the watchword taking calls like this.”
The video can be viewed here: https://youtu.be/ncIehp0fBT8.