Microsoft does not call to fix your PC

The phone rang when I was in a client’s office last week. A heavily accented Indian man said, “I am calling from Microsoft. We have received reports that your computer is sending out virus messages. I would like to help you with that.”

It was a cybercriminal! Acting quickly, I traced the call, then assembled a team of IT commandos to rain vengeance on the scammers.

In my dreams.

In real life, I told my client to hang up the phone and ignore it when it rang again and again.

There is a resurgence of fraudulent phone calls from criminals trying to steal your credit card and install malware on your computer. I’ve heard several other stories from clients about scam calls in the last few weeks. Be careful!

This is an article from 18 months ago about the Microsoft phone scam. Although there are periodic crackdowns, the same scam is still being run today. Microsoft has updated information about how to avoid being a victim. Be careful!

(First published October 5, 2012)

A few days ago I was contacted by a woman who had been tricked by a phone caller pretending to represent Microsoft. The caller claimed that her computer had viruses on it and convinced her to give up a credit card number as well as letting the caller make a remote connection to her computer.

Tell your parents, tell your children, tell yourself: Microsoft does not call to fix your PC. It’s a particularly nasty scam that’s been around for several years but appears to have picked up steam recently.

In the end it’s just a phone scam like any other. Criminals with no conscience or scruples get on the phone and lie to you about something. It’s no different than a call pretending to be a relative caught out with no money in a foreign country, or a call from a phony charity, or any of the many other kinds of phone scams. (The FTC has put together an interesting collection of the most common phone scams.)

The Microsoft scam plays on our fears about online security, just like the poisoned web pages that bring up phony onscreen security warnings. Don’t lower your defenses!

The scam usually starts with a cold call from someone pretending to be from Microsoft, Dell, McAfee, Norton, or even a vague name like “Windows Technical Support.” (The FTC discovered that at least one of the outfits running this scam paid Google more than $1 million for search ads that would appear high up in the right column in a Google search, directing people to the scammers’ web site and phone number.)

You’re told that your computer has viruses and they’re calling to help. The caller leads victims through an exercise designed to confuse. You might be directed to the Event Viewer, which logs hundreds of system events every day. It routinely has warnings and errors that are completely mundane and unimportant – but you don’t know that, because you’ve never been there before. So it’s natural to be alarmed when you see the word “Warning” while a caller tells you that it’s a symptom of a virus. The scammer “proves” that the warning is evidence of a virus – he instructs you to right-click it and – oh my! – you can’t delete it! (It’s a log entry. Event Viewer doesn’t have a delete function.)

Once the scammers have made an impression, you’re directed to a web site and told to click on a link to start a remote session so the caller can fix your PC, and at some point there’s a request for your credit card number. At that point, you’re cooked.

If you want a better idea of how the phone calls proceed, you can read transcripts by a couple of alert tech folks here and here. The FTC posted a recording of a portion of one of the phone calls here. Listen to it – the reaction by the scammer at the 0:44 second mark when he hears that there’s a warning in the event log is priceless.

It’s possible that the phone tech support scam will die down. Microsoft has been working with the FTC on a wide-ranging investigation and on Tuesday the FTC announced a broad crackdown, filing six lawsuits in US District Court in New York as well as coordinating an international roundup that took down 14 companies worldwide.

Here’s what it means to be a victim: the woman who contacted me had already gone through the exercise of cancelling her credit card and trying to unwind the fraudulent charges. If you’ve ever been the victim of identity theft, you know how painful that is.

It went further than that, though. Once someone has accessed your computer remotely, you can never be sure that it has not been compromised. Most of the scammers are only after credit card numbers. The computer looked clean when I took a quick look at all the startup programs and services and some of the other places malware can hide.

But there is no shortage of programs that can operate invisibly – keystroke loggers and root kits and monitoring software to take screen shots when you’re logging into your bank and mail them to servers run by the bad guys.

The only way to be sure of being clean is to do what I did: reformat the hard drive and reinstall Windows and all the programs from scratch. It’s expensive and time-consuming. There is a risk of losing data and there is an absolute certainty that it will be disruptive.

Don’t fall for scams. Don’t click on links to poisoned web sites. Be careful out there!

Share This