I had a phone call this week from "Spark". I spoke to a couple of Indian gentlemen who explained that my private IP address had been made public, and that this meant that my internet connection was compromised.
Of course, this is a scam. I'm not a Spark customer, but I am an IT professional and I knew that what I was being told was nonsense. The aim of the person on the other end of the line in these scams is to get you to give them control of your PC. After they've done that, they can install malicious software, demand money, etc. They do this through remote control software such as LogMeIn, which they have to walk you through downloading, installing and connecting to their PC.
Luckily after the first 10 minutes I thought to record the conversation. Here's an excerpt:
And here's the full audio clip:
In the middle of that clip, after 25 minutes of talking, you can hear that the person has twigged that I'm leading him on. I feigned ignorance, though, and managed to get back on track for another 5 minutes before he gave in by putting me on hold and walking away.
My tactic with these people is to try to take as much as their time as possible. I act clueless enough to keep things going slowly, but not so clueless that they give up on me. It's a cat and mouse game, and I kind of enjoy it!
Because I work in IT, I know that they're talking nonsense. But for most people they won't know that the errors in your Event Log aren't because of a virus, or that your IP address being publicly known doesn't mean that hackers can access your home network.
If in doubt, don't trust people who call you up saying they're from an IT company. Ask them to get a New Zealand based employee to call you back, or ask for a local number you can call to confirm their identity. Never download software to your PC when asked to by someone on the phone, and don't give them your credit card number. In fact, don't give them any personal details - ask them to give you your details, as a way of verifying that they are from the company they say they are. I've done this before when my bank has called me up, and they were happy to prove their identity.