Personal Computer Safety Alert- Microsoft Help Desk callers- Social Engineering Scam

Avoid Microsoft tech support phone scams

Avoid Microsoft tech support phone scams- Some of our employees and local citizens have been receiving calls from people posing as Microsoft Help Desk employees. They are a social engineering scam trying to get access to your computer. Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. If you receive a phone call claiming to be from ‘Microsoft’ or someone claiming to work on their behalf, telling you that you have a virus on your computer which they will help you fix over the phone, It Is A Scam. Hang up the phone, do not let them have remote control access to your computer and do not give them any money.

The scam goes like this;

• Householders receive an unsolicited phone call from someone claiming to be from ‘Microsoft’ and they are told that there is a serious virus problem with their computer and the caller offers to help to fix the problem.

• The householder will get the hard sell from the caller regarding all sorts of bad things that will happen to their computer if they do not sort out the problem immediately.

• To try to gain the unwitting householders trust, the caller will direct them to the Event Viewer in Windows which shows details about various hardware and Windows software issues. This Event Viewer is always full of messages, even on a healthy computer, but the caller will convince them that these are the warning signs of the impending disaster.

• When the caller has their trust, they ask the householder to go to a website and download a remote control program that will help them fix the problem. After downloading this, the caller will take control of the computer, the householder will see their mouse pointer move around while various programs and folders are opened. The caller will claim that they know exactly what the problem is and how to fix it.

• Then they will ask for credit card details for a piece of software that will supposedly remove the ‘virus’.

Customers should hopefully already have alarm bells ringing at the mention of credit card details and end the conversation. The software that they sell to fix the computer will do nothing except tell you every now and then that everything is fine, all viruses have been removed. But in reality, it could be downloading all sorts of malware to your computer.

However, part of the scam’s damage may already have been done when the customer downloaded the remote control software. This software could well have the capability to sit in the background for months or years, stealing personal information from the computer like bank login details and other personal details that could be used for identity theft purposes. These callers could also be using this software to infect your computer with real viruses and malware.

Quote from Microsoft:

“Microsoft takes the privacy and security of our customers and partners personal information very seriously. We are advising customers to treat all unsolicited phone calls with skepticism and not to provide any personal information to anyone over the phone or online. Anyone who receives an unsolicited call from someone claiming to be from Microsoft should hang up. We can assure you Microsoft does not make these kinds of calls.”

They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Convince you to visit legitimate websites to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you’re using. Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a legitimate website (such as www.ammyy.com) to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:

  • Windows Helpdesk
  • Windows Service Center
  • Microsoft Tech Support
  • Microsoft Support
  • Windows Technical Department Support Group
  • Microsoft Research and Development Team (Microsoft R & D Team)

Report phone scamsto your local law enforcement.

How to protect yourself from telephone tech support scams. If someone claiming to be from Microsoft tech support calls you:

  • Do not purchase any software or services.
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
  • Take the caller’s information down and immediately report it to your local authorities.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

  • Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
  • Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
  • Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)

Note: In Windows 8, Windows Defender replaces Microsoft Security Essentials. Windows Defender runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn’t working properly or you clicked a suspicious link online or in an email message.

Learn more about Windows Defender

Will Microsoft ever call me?

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

More information

For more information about how to recognize a phishing scam, see Avoid scams that use the Microsoft name fraudulently. If you need help with a virus or other security problem, visit the Microsoft Virus and Security Solution Center.

Windows 8 includes antivirus protection that’s turned on by default.

Information from Microsoft and your Plateau ESG Group.

Today’s Post comes to us courtesy of Ken Oswald, Safety and Security Officer for Plateau

keno@plateautel.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s