My sister-in-law called me up last night, all distressed. Apparently her computer has been running slow lately, you know, hard drive grinding away and nothing happening on the screen. Eventually it stops and decides to respond to its master. Or mistress in her case.
Anyway, last night, same old same old and she thought to herself she must take it to the computer shop to have it looked at. Literally as she thought this the phone rang.
A man with an accent asked her if her computer was running slowly.
Oh my saviour! she thought. Yes it is, as a matter of fact.
He said he has some software that can fix it. Just go to this website and enter your name, address and credit card details to purchase the software. Then you follow the instructions to download it then run it and your computer will be good as new. Fast and smooth.
Okay, fantastic! Where do I sign?
She brought up the website, started typing in her name, address, credit card number, etc. She was about to hit the submit button when she hesitated. This sounds too good. That means it smells really bad.
Without saying anything to the man on the phone, she backspaced over the credit card number. The man on the phone said, “You deleted the card number. Why did you do that?”
<Click!> Fast and fricking smooth, alright. Slimy scum-of-the-earth, thieving bastard! *
That’s when she called me. I told her, you know how wide a bee’s dick is? That’s how close you came to having your bank account hacked into. Well, I was kinder than that but that’s basically what I thought. Close that browser window, call your bank now and cancel that card. Call me back when you’ve done that.
Okay, now I’ll show you how to delete all your browser history, cached files, form data and cookies so you can’t accidentally go back to that site and accidentally submit those details again. You know on Google when you start typing a search term it gives you suggestions? Each keystroke is sent to the web server in real time to give you those suggestions. No need to hit the submit button. The guy on the phone knew you deleted the card number using the same mechanism. I’d almost guarantee he already has stored all the info you typed in. How he identified your connection, I have no idea but assume he got it all.
After cancelling the card, deleting the browser history and running a malware and virus scan which came up clean, she was slowly gaining confidence that her machine was safe and secure. She admitted she learned a hard lesson about hackers and scammers and will be far more vigilant in future. Paranoid for a little while and she’ll get more sleep tonight than last night, but she’ll become more realistic as time moves on. A good lesson and wake up call for every one.
* This is perhaps a little harsh. I have no reason to believe his parents weren’t married when he was born.