Internet Security - When a hacker/phisher calls

fatimahislam · Post by **fatimahislam** » Tue Jul 01, 2025 7:10 am

Had an interesting chat today with a family member. He got a phone call from "Harry" telling him that they have been monitoring the internet and have detected a potential security risk regarding their computer and would he like to purchase specialised firewall software for $300 for two years.

20 odd years in the IT and Internet industry set my spider-senses a tingling however for your regular home user this all sounds kind of legit; but is it?

When our "Harry" was told that $300 was way out of the family IT security budget he suggested one year cover for $151. As soon as Harry heard that this was also out of the budget - the line went image manipulation service dead. Fortunately that household was not a viable target.

So, that's the story; here's the moral.

Harry is almost certainly a crook; and this is his game:
Phone people (possibly from a stolen list)
Get them afraid of the unknown - that big bad internet
Offer them a solution to an immediate threat
Get money
That could have been the extent of Harry's perfidy but maybe not. If he succeeded with the above he could also:
Steal your credit card details
Find out more about you - name, address, date-of-birth, email address, who you bank with, who your internet service provider is and more
Supply you with the "software" you ordered. This could be a virus or worse, spyware. Spyware does things like scan your hard disk for information and send it out, set up a keylogger program which monitors which keys are pressed so that even secure passwords are recorded in clear text
How do you avoid being "Harry's" next victim?

Unless you can verify who you are speaking to, then don't tell them anything! If you are concerned then ask for their name, company and a phone number you can call them back on (most crooks will bail out at this point). Some will try this on too and will wait for you to call back, don't. Instead call the switchboard of the company that they gave you and see if the number belongs to them and that the person actually works for them. If that checks out then you are reasonably safe.

It's onerous, but worth saving the contents of your bank account. Or you can do what we do (both at the office and home). Say; "Thank you for calling, we have a family/company policy not to accept unsolicited phone calls. This policy is absolute, thank you for your time, I will go now". It's then up to you whether you wait for a reply or just hang up. It's polite, it respects poor soul with the hard job of cold calling and it is definite.