The general art of the scam is volume and then familiarity. Volume in a sense as the more people I hit, the more likely I will find one that will divulge information. Even if it is dialing right down the phone book.

Familiarity in the fact that they are trying to make you think they are from a well known entity and they already know information about your system, you, or your situation. Could be as simple as asking if you are having problems with your iPhone/Android? If they strike out they will move on to the next person...or like me, use that to move into another open door of, "well can you stay on the line so I can update my records." The caller or emailer could bring attention to your work or home PC, especially since just about everyone has one. Below is a basic scheme that has been seen, the type of information or subject matter trying to be recovered could vary, but the basic idea is:

1) Scammer claims to be from Microsoft, or rarely some other big name like "Norton". Scares person by saying their computer is infected.

2) Scammer convinces person to do something to the computer, typically open the Event Viewer or Task Manager.

3) Scammer shows person something scary, like an error in the event log or updates that have not been installed. (There's ALWAYS at least one error in the Windows event logs.)

4) Scammer claims this is proof of viruses/hacking/etc. and convinces person to download program/give credit card number/both/some other thing to make PC more hackable or collect personal info.

The trick is to try and make you feel like an severe threat is present but there is a very quick and easy fix. What is scary is now Social engineers are beginning to get much bolder and moving towards the home environment. Here is a recent example that was pushed to me published on Schneier on Security highlighting a trend dealing with Aggressive Social Engineering Against Consumers.

Cyber criminals are getting aggressive with their social engineering tactics. Val Christopherson said she received a telephone call last Tuesday from a man stating he was with an online security company who was receiving error messages from the computer at her Charleswood home.

“He said he wanted to fix my problem over the phone,” Christopherson said.

She said she was then convinced to go online to a remote access and support website called Teamviewer.com and allow him to connect her computer to his company’s system.

“That was my big mistake,” Christopherson said.

She said the scammers then tried to sell her anti-virus software they would install.

At that point, the 61-year-old Anglican minister became suspicious and eventually broke off the call before unplugging her computer.

Christopherson said she then had to hang up on the same scam artist again, after he quickly called back claiming to be the previous caller’s manager.

This quote from the story shows how even the computer savvy can be caught off guard.

“I should have known right away, but they take you by surprise,” Christopherson said. “They make it sound very authentic. I think people should know about this. I’m not computer-illiterate, but this really took me by surprise.”

Just know there are many ploys and gimmicks out there and be weary when the phone rings and someone is cold calling you asking to "fix" or give them information on your computer. If your not sure, ask for a number to call back and a supervisors name so you can research them first or ask someone else. If your not sure about the tech talk or the problem and the person on the other end is truly in the service industry for you...they will understand when you ask them for these things and should be happy to accommodate. Just be careful out there with your information and your trust. Inherently we as people want to see and find the good in people first, and sadly, that is what makes social engineering so much easier.