I got a call — Your internet is compromised! (Scam call)

Photo by Pickawood in Unsplash.

Some may get into their trap

I am writing this story hoping to share a first-hand account of what happened, explain some of the concepts and maybe

Help some readers protect themselves

Our backstory

Harbour view from Marina Bay Sands balcony, Singapore. Photo capture by Author — available on Unsplash.

The fateful morning

It was a normal morning. I was taking shower to go to the office (yes that’s a thing now!).

Let’s start with Nida’s account

The call came on my phone number, but my wife picked it up.

Then, I take the call

The caller explained similar things — some foreign folks got access to our internet. Also, they are doing some suspicious activities. We need to resolve this fast. He asked me if I had access to a PC. I said yes — I am still assuming this is about changing passwords or banning IP addresses and so on.

zsh: command not found: netstat
Result of running `netstat` on PC. Screenshot by the Author.

At this point, I was 100% sure — its a scam.

For those who may not know

  • Foreign Address on netstat result shows the address and port number of the remote end of the connection. A very naive example would be if an application was directly accessing https://blog.minhazav.dev it may show something like 185.199.108.153:8080 on the Foreign Address.

It doesn’t point towards any foreign individual — 100%!

How does the rest of scam works?

At this point, I knew they are not authentic folks from Singtel. But I was curious about what they wanted and what else tactics would they employ.

Photo by Caroline Hernandez on Unsplash.

LOL!! This is something I would never do — give full remote access to my computer to some shady guy!

Seriously, never do this! Unless you know the person on the other side of the call.

Don’t let anyone install random apps or make any arbitrary changes to your computer.

Me: That’s asking a lot. How do I know you are an authentic Singtel person.

Result of running `assoc` on my PC. Photo by Author. You See the CLSID line has a unique ID 888DCA60-FC0A-11CF-8F0F-00C04D7D062, it’s not really unique to each individual but is a common ID.

Important notes for readers

These are probably known to you. In case they are not — please pay attention.

  • Don’t run arbitrary commands that you are not aware of. Most commands can be harmless — but even without remote access, they could instruct you to install Malwares and get you to give it admin privileges.
  • It goes without saying, don’t give any password or PIN or OTP or credit card info to anyone on call.
  • If you are not sure about such calls, get more context by calling the authentic service center numbers that were given to you by the company during installation.

What did we do next?

I reported the issue on https://eservices.police.gov.sg/homepage.

I hope people don’t fall for this kind of scam.

Photo by Hannah Busing on Unsplash.

I am publishing this article outside of paywall — so more and more folks can read it.

If you found this article helpful or useful, please share it widely for more coverage. If you had similar experiences, please share — I’d like to help share the word on this matter!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store