Member-only story
What to Do When You Actually Paid Scammers
A few days ago, I picked up a call for security hotline. One of our employees was a victim of a scam.
A few days ago, I picked up a call for security hotline. I had expected it to be about routine security checks on the company’s web application, but as it turns out, one of our employees had been a victim of a scam.
“[…] the employee paid the fee and had her computer remotely accessed by the scammers.”
As an introduction, I work as the cybersecurity analyst in a bank. I am responsible for first line of defence and response to security reports including calls made to the hotline.
So apparently, an employee had visited an unsafe website using the company laptop and received a fake Microsoft alert like the one pictured below:
She then phoned the number as specified on the fake alert and was promptly connected to a fake Microsoft technician. He “explained” that her computer was “compromised by a malware” and had to be “fixed”, though not without a fee. Eventually, to fix the supposed…
