Fraudsters who use remote desktop support programs while scamming their victims have made it difficult for at least one legitimate IT company to convince users that it's not trying to steal their money.
As we've written on numerous occasions, scammers have made an estimated tens of millions of dollars by tricking computer users into thinking their PCs are infected. The scammers cold call people, tell them that harmless error messages in the Windows Event Viewer are actually signs of a major problem, and then convince them to install a remote desktop program that gives the scammer access to their computer. The scammers pretend to fix the computer and charge its owner for the unnecessary and imaginary service. The same tricks can be used to steal users' passwords and private information.
Commonly used remote desktop programs include TeamViewer and LogMeIn, the latter of which posts a warning telling customers to beware of "malicious third parties posing as LogMeIn."
After our most recent story on this topic, we heard from the makers of a remote desktop tool called Supremo, another program used by scammers.
"For us it's really frustrating," Digital Marketing Manager Davide Costantini of the Italy-based Nanosystems told Ars via e-mail. "Non-tech-savvy users are the weakest target and they easily misunderstand that we’re not affiliated with the scammers. They write us e-mails asking for refunds (the scammers make them pay for the support) or looking for further support."
"The scammers use Supremo as a tool to get control of remote computers and steal passwords and other relevant information," he also said. "Of course the user of the host PC has to authorize the inbound connection in order to allow the remote control. But the scammers convince him that he needs assistance. Usually they tell the victim they’re calling from Microsoft and that they have problems with the Windows license or that they have malware in the PC."
One victim took to Nanosystems' Facebook page to say, "i don't appreciate you calling and telling me my event logs were viruses!! SHAME ON YOU! I will NOT download your software!!"
"Sir, I’ve been hacked this morning with one of your remote control programs," one e-mail to the company read. "Is there any way that I could reverse it or make sure that the people who hacked me do not have access to my computer? They have access to everything on my computer—banking and passwords. They gave me your e-mail address as a reference."