“Hello, I’m calling from Microsoft…”

The “computer doctors” have been making their rounds in New Zealand. Consumer Affairs say about 17% of New Zealanders have been targeted by them. They called us, from Djibouti, from what seemed like a crowded call center. They knew our details, just like they’re listed in the phone book. I think they purposely tried to be hard to understand, using the assumption that overseas victims would think it would be rude to ask for clarification a number of times. The address they gave was actually a Border’s bookshop in Auckland. Eventually they hung up after repeated questioning.

Computer doctorThe story

Their story seems semi-plausible, but is fake: they’re calling from Microsoft or a computer repair shop and have noticed some strange activity from your computer. They tell you to go to a legitimate folder or the Windows Event Viewer and say that if there’s a lot of files or entries there (which there will be) that it’s very bad and means your computer is infected. But fear not! It can all be solved for a reasonable price, plus they’ll continue to support your computer. Just give them your credit card number to be charged a recurring fee and they’ll remotely fix your computer for you…

Don’t trust cold callers

NetSafe recommends asking for their company name and phone number and Googling them to see if they’re who they say they are. I haven’t heard of any legitimate tech support companies cold calling for customers and I don’t imagine it would be hard to create a professional looking website and redirecting a New Zealand phone number if someone overseas was truly determined. So I’d say don’t trust cold callers with remote access to your computer or your credit card information at all, even if they seem legitimate.

Legitimate help

If you need help with your computer there are people on online forums like Geeks To Go that will help you for free, or ask friends and family for a recommendation of a quality company you can visit in person.

The NetSafe post has some good links. NetBasics is an animated video series by NetSafe on staying safe online. The real Microsoft has an article on speeding up your Windows computer, another line the callers use. And the Event Viewer might seem confusing, but Microsoft provides a tool to look up what the entries mean.

Symantec’s experience

Symantec investigated a similar scam being run overseas, recorded the conversation and recorded what happened to the computer. The agent “Brian” gets Orla (who’s from Symantec and is pretending to be a novice computer user) to open the Event Viewer and tells her that she has a serious infection. But it’s alright, they can fix it!

A remote connection to the computer is set up using legitimate third-party software and it looks like their technician is doing something important by running check disk, disk cleanup and deleting some temporary files. Brian informs Orla that she has a lot of malicious files on her computer and gets her to sign up for a one year support contract to solve her issues. After receiving her credit card details insecurely via email, as well her name, address, phone number, email address, email password and getting her to fax a copy of her driver’s licence, the bad infection was “removed” by deleting the innocent items from the Event Viewer and turning off event logging. Of course, with unrestricted access to a computer, the people behind these operations have the ability to install malicious software they claim to be removing. The video is below. At the end the business is confronted about their misleading practices.

If you get called by these people, submit a report to NetSafe’s The Orb. Maybe you want to have some fun with them first. A Fair Go viewer said they apparently get very annoyed when after they’ve been trying to pitch you for half an hour you tell them you have a Mac instead of a PC.

Have you been called by these people?

Image credit: Tabitha Kaylee Hawk

New Zealand Post’s Lifestyle Survey

New Zealand PostShop DevonportToday in the post we received New Zealand Post’s “lifestyle survey”, a controversial data collecting tool that’s recently been in the news because the information collected is used to market your address to other companies. The survey is sent to 800,000 households by post and 125,000 by email and asks 56 questions about various things, split into sections on your interests, vehicles, home, finances, shopping habits and travel. New Zealand Post sells names and addresses of respondents, “but not the information they provided in the survey”, for companies to use once. Information is also used to furnish New Zealand Post’s direct marketing tool named Genius which says it helps clients “gain deeper insights and understanding into your customers, particularly around wealth, life stage and lifestyle”.

2009 version

Reports ordered by the Privacy Commissioner concluded that the 2009 version breached privacy principles and violated marketing industry standards for not providing “adequate, non-misleading information about the survey’s (primary) nature and/or purpose” and asking respondents to answer questions about their partners”. Professor Malcolm Wright, head of communications, journalism and marketing at Massey University say that it shouldn’t be called a survey but “an opportunity to join a direct mail database”. Auckland University former marketing lecturer Linda Hollebeek says that a lot of people won’t be aware that New Zealand Post is shifting into a more commercial strategic direction including the compiling of databases for on-selling to marketers.

Wave around a chocolate bar (or $15k) to get what you want

Privacy Commissioner, Marie Shroff argues that people are often dazzled by competitions and giveaways and might foolishly give away personal information. I think this has been shown to be true by numerous research projects where people are happy to hand over their passwords for a chocolate bar, pen or for the chance to win a trip overseas. Close Up in conjunction with NetSafe offered a Moro bar up for grabs for anyone on Auckland’s Queen Street who was willing to answer a short survey, of which the first question was “what is your password?”. 59% of people gave their password (about half of people use the same password everywhere) and those conducting the survey said that the answers to other questions suggested the majority of passwords were legitimate. You can watch the full video here (apologies if it’s blocked in your country). The shorts for tonight’s episode of Fair Go (22nd June 2011) shows a man on the street asking people personal questions, which I’m guessing most people answered. If you’re interested in the New Zealand Post survey it will probably be interesting to watch.

New Zealand Post thinks they’re being clear

John Tulloch, New Zealand Post’s communication manager said the survey states numerous times that it’s optional and the information “could be used by other companies”. I call bullshit.

New Zealand Post Lifestyle Survey 2011 Cover

(I’ve uploaded the full version of the survey here (pdf).)

Spot where New Zealand Post states “numerous times” that the information could be used by other companies. Hint, about once.

The top paragraph states: “New Zealand Post wants to help you receive more relevant mail. We invite you to complete this voluntary survey and tell us about you and your household, so we can help tailor the messages that you receive. These messages will be from companies with products and services related to your interests” (emphasis is theirs).

I’m not counting this one because I don’t think this is clear that companies will actually be given your information. For example, Fly Buys forwards material on behalf of places you’ve shopped at, but the shops never see your personal information. Nor am I counting the text at the bottom of the page: “in addition to receiving selected offers addressed to you through the mail…” as this doesn’t state at all that those offers won’t be from New Zealand Post.

The one time I’m counting (and only other time in the whole form sharing of information is mentioned) is the fourth small print bullet point under “Here’s how it all works” which states:

Privacy: If you participate in The New Zealand Lifestyle Survey, your name, address and other information you supply (including your email and telephone numbers if you tick the boxes below), may be provided to companies and other organizations from New Zealand and overseas to enable them to provide you and/or your household with information about products and services relevant to your responses to this survey. New Zealand Post may also use that information for the same purpose.

Sure I’ll give them that they’ve made it clear that the survey is voluntary (mentioned about four times on the front page). But they only say that information may be provided to other companies, even though that’s the primary purpose of the survey. There is no mention of the information being sold in the whole form.

Blinded

So it’s still true that you need better eyesight to find out that your information is going to be shared than to learn of the cash, television sets and travel packages on offer for participants (if you happened to not be blinded by them, they’re shown in the massive images that take up a third of the first page).

Engaging in direct marketing services is part of New Zealand Post’s job according to the State Enterprises Act. Maybe we need a law change.

Would you fill out this survey? Do you care that New Zealand Post is selling names and addresses?

Image credit: Chatani