If you haven't been targeted with it, you likely know friends or family who have been. It is simple, but very effective and common enough that Microsoft feels the need to educate the public about it.
It would work something like this: You receive a phone call from an unknown or blocked number, and a polite sounding person on the other end is revealed as an employee of Microsoft, calling to inform you that your PC or other device has been compromised with malicious software. The polite employee then offers to help.
At this point, you may be asked to follow instructions that will either take you deep into your operating system settings, or to a webpage where you can download a client that will allow this nice person to fix your problem for you. The software will allow the other person access to your computer.
After this point however, things will likely take a clearly suspicious turn as you will inevitably be enlightened on the fee you will need to pay for fix the "problem". It would not be uncommon for your device to be locked at this point until you pay the fee, and unfortunately a lot of people do pay up. So many pay up, in fact, that Microsoft predicts that tech support scams of this nature will hit an estimated 3.3 million Americans this year, and generate $1.5 billion for the scammers.
Don't ever trust cold callers
It should seem obvious, but an apparently large number of people are willing to trust the cold caller in this case. They shouldn't - Microsoft and other large tech organizations are never going to cold call customers and offer tech support.
Personally, I have encountered this scam three times. The first time was when I was cold called by a man with an Indian accent claiming to work for a Microsoft Support Center. I immediately knew it was a scam, said a few words I won't repeat here and hung up. I haven't been targeted personally since.
However, I received a call one day from an aunt who had realized she was being scammed and closed her laptop and hung up the phone as soon as she was informed about a fee. When I got a look at her laptop, she had already installed a remote assistance application as directed by the caller so I removed the application and did some normal checks on the laptop for anything suspicious. Everything seemed fine.
The next time was a while later when a client brought me an old PC he had, running Windows XP, which he had been locked out of with a password using SysKey. Luckily, he hadn't paid up either and I was able to fix it for him.
I couldn't help but ask both of them whether or not they wondered, at any moment, how this person knew there was a problem with their PC, and the answer was no. It only became suspicious to them when push came to shove on a fee.
It's not just scams invoking Microsoft Support either, other tech and web firms such as Google and Facebook are used by cold callers too.
Fighting the scams
Microsoft is working with the AARP to educate its customers and the general public about cons like these. The Redmond-based firm - which hosted 300 members of the AARP at its Redmond campus this week - has received over 175,000 complaints related to fraudulent tech support scams since May 2014.
It is offering a workshop on how you can identify, prevent, and protect yourself from online scams at the Microsoft Store in Bellevue on Oct 14.
Microsoft also the fight to the scammers late last year, filing a civl lawsuit in California against Omnitech Support for misusing Microsoft's name and trademarks while allegedly operating a phony tech support service, and it's not likely to be its last lawsuit.
Going forward it will maintain close ties with the AARP's Fraud Watch Network and law enforcement. In case you get a call from a "Microsoft Support" employee, the company offers the following advice:
Neither Microsoft nor our partners make unsolicited phone calls to charge people for computer security or software fixes. If someone claiming to be from Microsoft tech support calls you:
- Do not purchase any software or services.
- Ask if there is a fee or subscription associated with the "service." If there is, hang up.
- Do not give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- Take the caller's information down and immediately report it to your local authorities.
- Do not provide your credit card or financial information to someone claiming to be from Microsoft tech support.
Sources & Recommended Links:
Microsoft hosts renowned ID theft expert to kick off expanded AARP partnership to stop tech scams: blogs.microsoft.com
AARP Fraud Watch Network: www.aarp.org
Image Source (Microsoft Digital Crimes Unit): www.youtube.com
Written by: James Delahunty @ 1 Oct 2015 20:22