Beware of fake support calls!
The scam artists are at it again. If you get a phone call reporting to be ‘Microsoft Support’, beware.
- Ring, Ring
- (You) Hello
- (Bad Guy) Yes, this is <name> from Microsoft Support. I am sorry to inform you that your computer has a virus.
- (You) Oh my!!
- (Bad Guy) Yes, it could have been bad, but it looks like we caught it just in time. If you have a moment, I would be happy to remove it for you.
- (You) Yes, please do. Is there a cost for this?
- (Bad Guy) Absolutely not, we just want you to be safe. Would you like to proceed?
- (You) Oh, thank you!! Yes, please proceed.
- (Bad Guy) Ok, it looks like you’re running Microsoft Windows, is that correct?
- (You) Yes.
- (Bad Guy) Ok, I need you to press the Windows Key and the E key at the same time. If you’re not familiar with the Windows Key I can walk you through it.
- At this point, you dutifully comply and open an Internet Explorer window.
- (Bad Guy) Ok, now I need you to go to (some website).
This is a paraphrase of what typically happens but the important things are that the attacker presents you an immediate problem that you’ve caught just in time and needs you to navigate to a website so that he or she can fix it. As soon as you navigate to the website, the attackers server immediately launches an attack against your computer and, within seconds, likely has full control of your computer. Sometimes they will run ‘scans’ and will sometimes even say that yours is especially infected and try to squeeze additional money out of you, but the objective is complete (they have your computer). This is a scam that seems to make it’s way around about this time of year every year and the bad guys have gotten very good at seeming and sounding legitimate.
What (NOT) To Do:
- Do NOT do anything on your computer. Chances are, the attacker cannot yet see your computer, they’re phishing. If you don’t give them access, chances are they won’t get access.
- Do NOT give them any personal information. Assume that any information that you give them will be used in a future attempt at identity fraud.
- Do NOT give them any credit card information. Assume that any credit card information that you give them will be sold underground as soon as they get off of the phone with you, if not before.
- If available, note the caller ID. This is just good to have and it’s sometimes entertaining to google those numbers and read (or hear) how others have dealt with this.
- Ask for a name and contact number and ask when would be a good time to call back. Chances are, at this point, they will pressure you to let them onto your computer (after all, you caught it just in time) or just hang up on you.
- Call your trusted IT Professional and pass the information along. While it’s unlikely that they were able to do any damage, it’s not a bad idea to call your IT Professional / computer guy or gal to make sure that there are no new spins on this age old scam.