As if fraudulent e-mails, fake websites, phony antiviruses, and money-stealing malware weren’t bad enough, now cybercriminals have taken to the phones. By impersonating a tech department, crooks are starting to trick innocent people into handing over their sensitive information right over the phone. Internet Storm Center researcher Daniel Wesemann informs that the old “Microsoft tech support” scam has been going on for a while, but continues to be rampant - which suggests that it is quite successful for the bad guys. According to Consumer Reports, "The scam has become so widespread that Microsoft has studied the problem in four countries, including the U.S. The study found that scammers stole an average of $875 from victims and caused $1,730 in damage to their computers."
This scam was brought to our attention by a client of ours who received a phone call late last night from “the Windows OS Tech Department.” Scammers are also known to disguise themselves as Windows Helpdesk, Windows Service Center, Microsoft Tech Support, Microsoft Research and Development Team, and a myriad of other phony organizations. The caller went on to say that they were receiving multiple error messages from the clients home PC event viewer (even though the only Windows PC the client had was at work) and wanted to remotely log them into logmein123.com to fix the problem. Our client, aware that Microsoft doesn’t usually call in and proactively fix computer issues, asked for their information and ended the call. We gave them a collective “high-five” for spotting a scam.
This seems to be the modus operandi of these cyber criminals – they tell you there’s a problem with your PC and ask for your user name and password (or ask you to go to a website to install software that will let them access your computer to fix it.) In our clients’ case they were directed to logmein123.com, however other similar sites also exist. Once these scam-artists gain access to your computer, Microsoft says there are a few ways they can cause harm:
Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
Take control of your computer remotely and adjust settings to leave your computer vulnerable.
Request credit card information so they can bill you for phony services.
Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
If someone claiming to be from Microsoft Tech Support calls you about a computer error without provocation, they are almost certainly from scam-land - unless you're expecting a phone call from Micosoft support. If you DO get a call and smell a scam, you should tell them you're busy but would like to call them back. Ask for their phone number, name, and company information. Learn about how to report phone fraud in the United States. Outside of the US, contact your local authorities.
For more info, check out the Microsoft Alert. For a laugh, see how one scam-savvy user was able to have some fun at the scammers expense.