ANTenna Blog -- How-To

A new scam involving remote support software recently surfaced in the United Kingdom. Before you snicker at just how gullible the victims appear to be, ask yourself whether your company's PCs are vulnerable to precisely this sort of attack.

The story appeared just yesterday on a U.K. news site. So far, only a handful of victims are involved, so this story still appears to be flying under the radar on this side of the Atlantic:

Computer users are being warned to be on their guard against a cold calling scam that could leave their banks details and PCs open to criminals.

To add insult to injury, consumers are also asked to provide their credit card details in order to pay a fee for the repair.

One reader who smelled a rat and reported the scam noted that he was asked to allow a remote assistance connection to his PC. Based on the rest of the article, this looks to be an explicit reference to Microsoft's Remote Assistance tool for Windows-based PCs.

Remote Assistance is designed so that a PC user sends a support request to a third party -- presumably a legitimate IT professional. The request is usually sent via IM or email, and it is valid for a limited period of time. Once the support provider accepts the invitation, he or she has more or less complete access to the remote system.

Don't Miss: NEW! Remote Access How-To Center

Let's set aside the question of whether the victims of this scam should have known better. There are more important points to consider here:

- Remote Assistance is typically disabled by default on Windows PCs. It would be a mistake, however, to assume that is always the case. There are plenty of good examples online that show you where to check a system's Remote Assistance configuration and to disable it if necessary.

- Companies that use Remote Assistance are far more likely to do so from within a local network than from without. It thus makes good sense to control off-network Remote Assistance connections by blocking port 3389 on your firewall.

This will also block users who want to connect to their systems using Microsoft Remote Desktop. As far as I'm concerned, that's fine -- there are far more secure and robust remote access tools available on the market, both free and commercial. If your small business does allow remote access using Remote Desktop, then it had better have the in-house IT security expertise to make this advice redundant, anyway.

- Social engineering attacks thrive on miscommunications, bad assumptions, and poor judgment. Ensure that your employees understand exactly how, where, and to whom they should direct support requests. If your company uses a third-party support provider, there should be crystal-clear, strictly defined procedures for sending support requests.

And frankly, if your provider's "procedure" for accepting support requests involves employees sending Remote Assistance invitations to some random email address, you might want to rethink your business relationship.