Remote Assistance Thriller: Dial "S" For "Scam" - InformationWeek
IoT
IoT
Mobile // Mobile Applications
Commentary
12/16/2009
08:51 PM
50%
50%

Remote Assistance Thriller: Dial "S" For "Scam"

A new scam involving remote support software recently surfaced in the United Kingdom. Before you snicker at just how gullible the victims appear to be, ask yourself whether your company's PCs are vulnerable to precisely this sort of attack.

A new scam involving remote support software recently surfaced in the United Kingdom. Before you snicker at just how gullible the victims appear to be, ask yourself whether your company's PCs are vulnerable to precisely this sort of attack.The story appeared just yesterday on a U.K. news site. So far, only a handful of victims are involved, so this story still appears to be flying under the radar on this side of the Atlantic: Computer users are being warned to be on their guard against a cold calling scam that could leave their banks details and PCs open to criminals.

Some victims of the scam have had their bank accounts emptied as a result of the con.

Which? Computing has heard from consumers across the country who have been called by scammers pretending to be from the computer software giant Microsoft or an internet service provider.

They say there's a virus on the consumers PC and take them through steps to fix the problem which ends with the consumer allowing criminals remote access to their PCs.

To add insult to injury, consumers are also asked to provide their credit card details in order to pay a fee for the repair. One reader who smelled a rat and reported the scam noted that he was asked to allow a remote assistance connection to his PC. Based on the rest of the article, this looks to be an explicit reference to Microsoft's Remote Assistance tool for Windows-based PCs.

Remote Assistance is designed so that a PC user sends a support request to a third party -- presumably a legitimate IT professional. The request is usually sent via IM or email, and it is valid for a limited period of time. Once the support provider accepts the invitation, he or she has more or less complete access to the remote system.

Don't Miss: NEW! Remote Access How-To Center

Let's set aside the question of whether the victims of this scam should have known better. There are more important points to consider here:

- Remote Assistance is typically disabled by default on Windows PCs. It would be a mistake, however, to assume that is always the case. There are plenty of good examples online that show you where to check a system's Remote Assistance configuration and to disable it if necessary.

- Companies that use Remote Assistance are far more likely to do so from within a local network than from without. It thus makes good sense to control off-network Remote Assistance connections by blocking port 3389 on your firewall.

This will also block users who want to connect to their systems using Microsoft Remote Desktop. As far as I'm concerned, that's fine -- there are far more secure and robust remote access tools available on the market, both free and commercial. If your small business does allow remote access using Remote Desktop, then it had better have the in-house IT security expertise to make this advice redundant, anyway.

- Social engineering attacks thrive on miscommunications, bad assumptions, and poor judgment. Ensure that your employees understand exactly how, where, and to whom they should direct support requests. If your company uses a third-party support provider, there should be crystal-clear, strictly defined procedures for sending support requests.

And frankly, if your provider's "procedure" for accepting support requests involves employees sending Remote Assistance invitations to some random email address, you might want to rethink your business relationship.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll