©© Thomas Samson/AFP
According to the UK’s Financial Supervisory Authority, screen sharing scams are on the rise. This practice, which may seem harmless, nonetheless has real risks… Here’s how to avoid it
Atlantico: According to the UK’s FCA, screen sharing scams are on the rise and 2,100 cases have been reported since July 2020, an increase of 86% between July and December 2021. Does it exactly work?
Anthony Boncier: These scams take over the target person’s computer. This can happen after downloading malware from a hacking site or downloading an app that was not on a trusted website. The person then downloads a malicious component that allows the hacker to take control of the computer.
Or the user can authorize himself for this access to his computer to a malicious person, at his expense. This can happen by trusting troubleshooting tools to help you solve computer failures on your computer.
This mechanism and practice involves taking screen sharing and remote computer control, ‘remote access’. It will then be possible for the malicious person to search the entire contents of the computer and find the banking information so that they can recover the funds and access the online accounts.
For people who have downloaded malware, it looks more like phishing and phishing scams. In these cases, the user finds himself giving out his contact details and sensitive data by e-mail or contacting the sites after receiving an e-mail from an individual pretending to be another person or to an institution, banking institution, or company.
With remote work, there is a lot of screen sharing within companies. This is even more common than it was a few years ago. This allows for new entry of potential scams.
On a Mac, among individuals, it was especially possible to take control of another computer, on his own Mac, with his permission.
With Apple, when you call after-sales service, technical teams can take control of your Apple computer remotely after asking you for authorization.
Some programs allow you to do this between two people who have the same program. By validating the sharing agreement, it will be possible for both people to take control of the desired computer.
How can someone who controls our computer get the money back?
If someone can control another computer, it is because they previously obtained permission. You will then be able to access a certain number of files on the target computer and discover the IDs and passwords. It will then be possible to retrieve it to connect to an online bank or an account that requires simple authentication by password and email. The malicious person will be able to connect by retrieving this information and will then be able to transfer or withdraw funds.
In the face of these risks and scams, double or triple authentication is increasingly preferred by banks or companies for passwords and SMS confirmations. Some of these mechanisms can be hacked quite easily. The program gives a new number every twenty seconds which will be associated only with that location which you will have to enter on your phone in addition to your ID. This can be doubled because many internet users have the same password for different internet sites. Thanks to leaks and hacking, data theft makes it possible to unlock access to many sites or platforms with the same password, and the same identifier has been chosen by the Internet user for several sites. The fact that people are not careful at this level is dangerous.
How do you avoid this type of fraud?
When you receive a suspicious email, avoid clicking on embedded links or attachments. Banks or companies do not require that bank details be sent via simple email. Even if the emails are very good, by observing the email address it is possible to see that it does not correspond at all to the domain name at the access provider level, in Google…
Avoid downloading software that you don’t know where it came from, whatever the location and wherever it came from. From the moment you give your permission, this program can be malware and allow remote control of your computer using a Trojan horse. If someone offers you access to your computer, it must be someone you trust. 99% of the stored information is now sensitive. There is your privacy in your phone and computer. It is therefore necessary to question the agreement on this participation.
There are also cases where computers are hacked and blocked. Hackers demand ransom so they can unblock it and they want to be paid in return.
So think carefully before clicking on any links or downloading any software. You have to wonder the most when someone requests access to your computer. The only people authorized to access your computer under these circumstances are IT services to assist you during a computer failure or Apple Aftersales Service.