Thursday, August 2, 2012

Faux-Microsoft phone scam

General rule of thumb: Microsoft will not cold call you for any reason.

This afternoon I got a call from a guy with an Indian accent. Identifying himself as "Michael," he told me that he was from Microsoft. According to "Michael," my computer had indicated to their servers that it had a bad virus that would cause it to shut down permanently in the next 2-3 days. "Michael" said they wanted to help me fix it.

I'm no computer engineer, but I do generally know my way around a computer and computer software. So I practiced my litigation skills by asking "Michael" some questions, like, from where was he calling. He said Microsoft headquarters in Redmond, WA. I countered that if he was calling from Redmond, why did my caller ID say it was from "PAYPHONE" somewhere in Burbank, CA. He said that Microsoft's phone system was trunked there.

Then I asked him how did "Michael" know my computer was infected. He responded by saying it had told their servers so. I told him that my computer does not talk to Microsoft servers. He insisted that it did, because that's how they know my IP address, or at least what he said was my IP address, which he proceeded to read off to me. I told him I have anti-viral software that has recorded no virus of any kind. He kinda grew desperate and pleaded that he was "trying to help" me.

I then asked him if he knew my computer was in trouble, then he would know my operating system. So, "Michael," what is my operating system? He said they did not keep "personal information like that" on their computers for him to reference. I replied by pointing out to him that he knew my name, my phone number and, allegedly, my IP address, to call me to warn me about this "virus" he had detected, but he apparently considered my operating system, without knowledge of which they could not treat or even find out about any virus on my computer, as "personal information" which they do not have. I asked him one more time: if you know some much about my computer, what is my operating system? He repeated my IP address, then mumbled something about Windows. I asked him one more time: what is my operating system? "Michael" then ran through all of the iterations of Windows.

I told him that I did not believe he was from Microsoft. He sighed and said, again, that he had "tried to help" me. I asked for his supervisor. He gave me the name and the Bellevue, WA, phone number of a "Peter Dawson," and suggested I check in with him. I said, "Riiiiight. Thank you, but I'll go through the main number at Microsoft," and then hung up.

I promptly called Microsoft. Not surprisingly, there is no "Peter Dawson" at Microsoft headquarters. Also not surprisingly, they said it was a scam. It was a pretty sophisticated scam, I'll give "Michael" that. I figured it was a scam all along, but I was quite happy to have my general knowledge of computers, my caller ID and my handy-dandy reverse director in dealing with this guy. Hopefully, the time spent in the fruitless conversation with me kept him away from a more gullible soul.

Here is some of what Microsoft has to say about the scam:
Avoid tech support phone scams

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:
  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.
Do not trust unsolicited calls. Do not provide any personal information.
Here are some of the organizations that cybercriminals claim to be from:
  • Windows Helpdesk
  • Windows Service Center
  • Microsoft Tech Support
  • Microsoft Support
  • Windows Technical Department Support Group
  • Microsoft Research and Development Team (Microsoft R & D Team)
How dangerous is this scam? From PC World:
Microsoft is warning about a new Internet phone scam that could cost you $875 in stolen money and as much as $4,800 in computer repair bills to undo the damage.

Here's how the scam works:

Scammers call your house and ask for you by name posing as computer security pros from legitimate companies. The fake security experts claim that you're at risk for a computer security threat and offer to help you solve the problem. The criminals then ask you to perform a variety of tasks to help combat the bogus threat such as giving the thieves remote access to your computer, tricking you into downloading malware, and even asking for your credit card information.

The scammers appear to be targeting people in English-speaking countries including the United States, Canada, Ireland and the U.K. Microsoft called 7,000 computer users in these four countries to see how widespread the emerging scam was. So far around 15 percent of those surveyed had received a call, according to Microsoft.
The good news is only 3 percent of those surveyed fell for the scam, but those who did fall victim usually paid a hefty price. The vast majority of those deceived (79 percent) suffered some kind of financial loss including money taken from their bank and credit card accounts, compromised passwords and identity fraud. Average financial losses ranged from $82 in Ireland to as much as $1,560 in Canada.
More than half of those surveyed also said they suffered subsequent computer problems, costing users in the US an average of $4,800 to repair their PCs.
Just be on guard.

No comments:

Post a Comment