CSPs should be more proactive in warning customers of hacker scams

scams
Image credit: Sergey Nivens / Shutterstock.com

It seems as if hackers are no longer just a nuisance, no longer something that happens to other people or something that ‘really should be addressed’. They are not only everywhere, but they are now addressing the consumer market in a massive, brazen way.

Not long ago we wrote about a new type of hacker. This was someone who, as the market for stolen credit cards was swamped and pushed the price down to a few cents per card, found themselves in a very competitive market. And as the price for personal details went down, the sophistication of the operation went up.

It was no longer worth selling Facebook personae or credit card details. Hackers started offering DDoS attacks as a service (DDoSaaS?). If you want to take down a competitor’s website for a while, you can buy billions of botnets for a few dollars, and download the tutorial on how to do it, for $20. They even set up call centers, 24/7 of course, in case you needed help with your personal trail of carnage.

Now, things have changed shape again, and hackers run in packs – actually call centers. And they target the weak and unprepared.

Here’s an anecdotal example.

Just the other day a small business got a phone call. The lady on the phone said she was from the incumbent operator’s technical support desk. They had detected that someone was trying to hack into the phone line. The router had automatically reported it.

Without taking you through the entire conversation, which was reasonably amusing as it turned out, she tried to get the owner of the small business to bring up the terminal emulator. Of course, she did not say ‘terminal’, she spelled it out so as not to rouse suspicion.

Luckily the owner of the small business has a nodding acquaintance with technical things, so started the conversation pretty confident that it was a scam. So, at the point when the terminal emulator was about to appear – and presumably the lady would get him to enter some code that would strip the computer of its data, while leaving a nasty little gift behind – the owner asked for proof that the caller was from the incumbent telco.

Unabashed, she tried to convince him. Eventually, she transferred him to her ‘broadband manager’, who immediately tried to get him to go to the terminal emulator, and when the owner insisted on proof of identity, the ‘manager’ gave him the real phone number of the incumbent – and even rang back, saying that presumably the owner had verified the authenticity of the organization and could he go back to the terminal emulator.

The owner of the business went onto the incumbent’s website and found, in a long list of scams, that it was, of course, a scam.

What worried him, apart from the tenacity and brazenness of the approach, was that during the call he could hear in the background a large call center full of people, all presumably doing the same thing.

The number of people who are not technically literate and who therefore will be open to these kinds of scams must run into the millions.

The issue is that while the incumbent can say, hand on heart, that the information on such scams is on the website, no one spends time looking for it until it is either too late or – in the above example –they have escaped just in time.

Now that hackers have got into the consumer space, surely the alerts, the warnings, should be there before them. Education is all very well, and important, but simply listing known scams on a website page that people won’t check on their own is arguably not enough. Service providers should to find ways to proactively warn people of scams so that when they pick up the phone and someone says their router has reported that someone is trying to hack their line, they can gently replace the receiver and go and make a coffee. And not have their computer stripped of its lifeblood.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.