Search

Remote access scams on the rise

26 Aug 2021 - 15:30

Beware of any requests to install or run unknown software on your devices

There appears to be an increase in remote access scams, which means that you need to be on your guard when receiving unexpected communication from so-called service providers.

A cybercriminal makes initial contact with you via email, phone call or message. They then inform you that there is an issue or unusual activity on one of your accounts (e.g., banking, social media, online shopping, etc.), or that they’re picking up an error on your device. The message could contain a phone number you need to call to get the necessary assistance.

When you call the number, you are asked to install or run remote access software that will supposedly allow them to investigate and resolve the issue. Alternatively, you may be required to navigate to a website and enter your login details. That website may be a fake copy of a banking, university or other corporate site. Both methods could allow the caller to take control of your device(s) and perform various activities. It could lead to financial loss, as they may gain access to your device, banking account and/or any other accounts. This event may also cause reputational damage as they could use your mailbox or social media accounts to send spam or phishing messages. They could even gain access to the UCT network and perform illegal activities in your name.

The security threat is real. These types of scams are constantly evolving and becoming more sophisticated, making it difficult to differentiate what is real and an attack. It is important that you constantly stay alert to prevent becoming the next victim.

What should I do?

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.

  • If you receive a call out of the blue from your bank or a service provider indicating that there is a problem with your account, thank the caller then hang up. Call the institution directly using the number listed on their website and verify if the call is legitimate or a scam. Never call back using details provided by the caller. You never know who will be on the other side. Some hackers run professional cybercrime companies, including helpdesk centres that sound very convincing.

  • If you receive a call about an issue that you never logged and you’re asked to give the caller remote access, do not take any action. Rather hang up and report the issue to your service provider.

  • If you get a call from an organisation you deal with, and you’re asked for information that the organisation should already have, hang up and rather call back using their listed contact details. If you cannot find their number, use their listed email address and explain what happened. Remember not to provide any personal information in the email – just the facts about what happened.

  • Be wary of the software and applications you install. Always get these from reputable sources.

  • Make sure you have anti-virus installed on your devices. At UCT, you have access to McAfee which you can install on your UCT-owned and personal computers.

  • Keep your operating system, software, and anti-virus up to date at all times. The latest security updates contain patches and fixes to keep your devices and information secure.

  • Do not open attachments unless you can verify the sender and the nature of the attachment.

  • Don't open emails of unknown origin.

  • Don't click on links in emails if you cannot recognise where the link directs you.

  • Regularly check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.

Together we can fight cybercrime.