This has actually happened to a customer of mine. The scammer wasn't using a Citrix product, though. The trick is generally to find x-number of thousands of kinds of malware on the "customer's" machine, and offer to fix it all for $199.

Scareware has behaved this way for years now. I had actually never heard of anyone cooperating with a blind telephone caller in this fashion before, though. People are gullible, and it makes me even more thankful that I'm not one.

I think the screen notice is a good idea.

And I think you meant "wary" -- not "weary." People should be more wary.

The boiler plate is a step in the right direction, but you might consider a more proactive approaches to furthur enhance security.

Level 1 (customer empowerment tools) would display addtional authenticated information about the support provider from COL billing information

  
 
  
  Agent Contact Information:  

 

 Felton Frantz 
 1811 W Cedar Elm Dr. 
 Arlington, TX 76012 
 United States 
 Phone: 8174613935 
 fdf@frantzsystems.com 
 

 Click on action: 
 

 
 

   * Trust agent, allow full desktop control  
   * Trust agent, but allow viewing only 
   * Report agent suspect; to Citrix 
   * Defer access 
   * Deny access 
  
 
 
 Identify the agent 's profile to the customer (using most recent. I would think legitimate support providers should have no problem with this) 
 Flash *** Running Evaluation *** under contact info if running eval 
 Provide customer options including deny access report suspects contacts 
 

Level 2 (COL fraud prevention would identify scammers and deny them access to COL brand products

 
  
 

 If a support provider is reported as a scammer suspect, COL should immediately lock the account and require a call interview call in from the suspect.  
 If the suspect is confirmed to be a scammer COL should: 
   * Cancel the account 
   * Notify any clients of  who had sessions with scammer 
   * Blacklist scammer IP and Mac address from COL 
 

 

Thanks for the feedback. We are working towards enhancing our abilities to combat this kind of activity. This warning is one option we can implement immediately that we hope will provide some awareness WRT the increasing activity of scammers tricking users into support sessions.

I'd put the warning in asap, but the agent contact information plus action options provide the customer a means to confirm whether the person they are working with is who they say thay are and to take specific actions based on their conclusions.

Any COL response to suspect reports would be a separate policy issue, but it would add value in a similar fashion to LifeLock. Another first in industry coup for COL..

Your thoughts and suggestions are great, Felton 🙂

There has always been a bit of security built in, requiring the user to install the agent (if UAC is on), and then again requiring acceptance of the technician's request to share the screen. That acceptance includes the technician's name, and a reasonable person would recognize when the name is not one he/she knows and trusts.

It would be nice to attack the scammers, but decades of efforts to attack email spammers have shown how ineffective such efforts are, in the end.

Client (end-user) education is part of what we support folks should be doing, and is the best way to instill the required degree of wariness when navigating the public internet.

I might add that most of the scammers are offshore anyhow, so there is really no legal / law enforcement recourse.

Why, thanks Thomas. Good to meet you.

Professional page design, convincing content and impeccable spelling and grammer can go a long way toward luring a customer into a malicious sutuation. Occasionally I get emails which look interesting but which on closer examination prove to be scamming or phishing attacks. Got one just tonight containing some highly detailed and seemingly relevant analytics and suggestions about my web site content and web presence and a contact reply link. However, an array of red flags were present:

 
 1. The email was unsolicited 

 2. The sender was one Jorge Conner  - not  Jorge Conner |Senior SEO Advisor 

 3. Company name never mentioned 

 4. Listed phone number not answered and no voice mail 

 5. My domain name does not have an associated web site. It's just a registered domain name. So much for the free analytics. 
 
 
 

The Level 1 features are designed to give the user verified information they need to make that accept/deny decision. For example, an offshore domain would be an immediate red flag, as would a domain not matching the company the scammer claims to represent or a bad phone number.

The Level 2 suggestions would not be used for prosecution, but to block the malicious players from furthur COL access, at least from their present domain and machine. If they are using internet cafes and multiple domains, we are just sol.

Please note that we have updated the fastsupport.com page to reflect the screenshot above with warning.

We fell prey to this scam. When I refused to pay they hung up but now my computer has a password and we are not able to log in. How can I find out if they transferred files off of my laptop?