TeamViewer-TalkTalk

TalkTalk, a UK-based Internet service provider, has temporarily banned TeamViewer and other similar remote control software programs, citing security issues related to increased scam operations.

The ban appears to have gone into effect on Wednesday, and TalkTalk customers flocked to the company's forums to complain and demand answers [1, 2].

"Since this afternoon, I have been unable to use Teamviewer through a TalkTalk connection," said the first user that complained about the block, saying that TeamViewer works fine from his mobile 4G connection, but not his home TalkTalk line. Tens of other users followed suite and shared similar experiences.

As it became clear to all that TalkTalk had banned TeamViewer on its network, the company admitted the issues through a representative.

Apologies for the confusion, but I can confirm that we have implemented a number of  network changes that have blocked a number of applications including Teamviewer
We constantly monitor for potentially malicious internet traffic, so that we can protect our customers from phishing and scamming activities. As part of this work, we have recently blocked a number of sites and applications from our network, and we’re working hard to minimise the impact on our customers.
We are working with teamviewer and other 3rd parties on implementing some additional security measures that would enhance the security to all customers of these services but we will continue to block any sites/applications reported by customers to reduce the opportunity for fraud to take place.

The issues the TalkTalk representative was referring to are a wave of scams that have hit TalkTalk customers over the past year.

TalkTalk data breach fuels wave of telephone scams

The data of millions of TalkTalk customers leaked online in 2015 when the company experienced three separate data breaches in the same year [1, 2, 3]. Scammers have been using some of the leaked TalkTalk data to target the ISP's customers during the past two years.

Several topics on the TalkTalk forums detail such events, which all start with a phone call from one of the scammers. In many cases, the scammer has an Indian accent, poses as a TalkTalk employee, and asks users to install TeamViewer to assist customers with a technical issue or to fix security errors. Here are just three cases [1, 2, 3]:

18th January - All week I have been receiving calls from people stating they are from Talk Talk's Security department. They speak with an Indian Accent and are very convincing. I constantly asked if they were definitely from Talk Talk and they quoted my Talk Talk Account number. I am ashamed to say I fell for the scam, I downloaded "Teamviewer", the remote access programme (legitimate program) and kept questioning them throughout the conversation, I just noticed the cursor move at one point and questioned them about remote access, they denied this. They wanted me to actually login to my online banking, which I foolishly did, however I then asked for the gentlemans name (purporting to be the Line Manager) and with an indian accent he said "Roger Smith", it was at this point the penny dropped, I immediatley cut the call, removed teamviewer from my laptop and disconnected my internet. I hope I was quick enough, but have checked my accounts, banking, Amazon, email since and so far nothing has been compromised.

Phone call was supposedly from talk talk saying I had a lot of errors after giving me several instructions they wanted me to download TeamViewer but I said that first I would contact talktalk and see if it was genuine and ended the call. Will my sytem be ok?

I recently received a phone call from someone saying they were from Talk Talk and that someone was apparently using my IP address. He sounded very professional and friendly and asked me to download TeamViewer which I did. He asked me to tell him a number which I did. I saw the word Hacker come up also. He said I wouldn't be able to use my email and to use a new password which he gave me. I was able to use my email. He asked me to go into my online banking to make sure that the balance was ok. I said I didn't have online banking but that I did pay for things online. He said an engineer would be in touch to bring me a new router and he gave me some passwords to give to the engineer. I got suspicious when no engineer got in touch and the phone number was withheld. I rang Talk Talk they asked me no details only saying that if I was hacked I wouldn't be able to use my computer. I am really worried now that they have 'left a back door open' and are watching me in case I type my account number in when I pay for something on line. Is this possible can they take my money? There doesn't seem to be any dodgy new programs installed at that time. I have deleted Team Viewer but it is still in my bin!

Not TeamViewer's fault

TeamViewer, which is a legitimate app used worldwide by tech departments, allows the scammer to access the victim's computer and install malware such as keyloggers or backdoor trojans right under the unsuspecting victim's nose.

In some cases, parts of the TeamViewer app has even been embedded in malware directly, as to simplify the process of stealing data via a legitimate communications channel, disguising the data theft operations under TeamViewer traffic.

Apps like TeamViewer, Supremo, and LogMeIn, have all been used as part of tech support scams for years [1, 2]. This is nothing new. The only surprise is TalkTalk's pro-active reaction, which comes two days after the BBC ran a story documenting the operations of an Indian scam call center that was specifically targeting TalkTalk customers.

Anticipating criticism from customers, other news outlets, and a possible sanction from government agencies, TalkTalk decided to take a pro-active approach and fight the scammers by blocking some of the apps they used.

For its part, TeamViewer has been very accommodating, saying in a statement published yesterday that the two companies are in "extensive talks to find a comprehensive joint solution to better address this scamming issue."

In an email, a TeamViewer spokesperson told Bleeping Computer they expect to reach a consensus with TalkTalk, who is "aware that this not a TeamViewer specific issue," and both companies are working to "bring about additional measures to thwart scamming."

Related Articles:

McAfee Tech Support Scam Harvesting Credit Card Information

Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Scammers Cashing In on Free TK Domains & Ad Fraud

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Abandoned Tweet Counter Hijacked With Malicious Script