Scammers have been calling computer users claiming to be Microsoft technicians for at least five years. But the pace of the fraudulent phishing attempts hasn’t slowed down, and many of our CMIT Solutions clients have reported receiving them in recent weeks.
The scam goes something like this: a heavily accented person will call, say they’re from the Windows help desk or a Microsoft support team, and inform you that your machine is infected with a virus. Then, the person on the other end of the line will ask you to open your Event Viewer or System Registry log and point out all the “errors” contained within (even if they’re not actually errors).
After that comes the really nefarious part: the technician will transfer the call to a “tech support manager” who will ask you to install a remote control client from a legitimate website like Ammyy.com or TeamViewer.com. This second-level person will then inform you that the problems are more severe than they thought — and urge you to pay up to get them fixed. Someone will then come on the line and request credit card or PayPal information to continue fixing the problem.
This classic social engineering tactic — you have a problem, and we want to help you solve it — works more often than you’d expect. Some tech experts with virtual machines they can afford to sacrifice have gone through the aforementioned steps, just to see what tasks the spammers perform. And the results haven’t been pretty: one blogger for MalwareBytes.com saw several of his personal files deleted after refusing to pay up, while others have had spyware or other malicious software installed that could then harvest credit card or personal password information.
What should you do if you receive one of these phone-based phishing attempts?
- Do not install third-party remote client software and/or provide login details to an unverified caller
- Ask if there’s a cost associated with the “service” the caller is offering — if there is, hang up
- Never agree to purchase any services or software
- Never share your credit card or personal information
- Take down the caller’s number, name, company, etc. and report it immediately to the FBI, the FTC, or the FBI’s Internet Crime Complaint Center
If you think you’ve downloaded any malicious software or allowed a scammer access to your computer, here’s what you should do:
- Change the passwords for your computer, your email accounts, and your financial accounts — particularly your bank account and credit card
- Call your trusted IT provider and inform them of the scam attempt so they can assess the health and security of your system
- Consider the kind of anti-virus, anti-malware, and network security options that CMIT Solutions specializes in
The bottom line? Microsoft will very rarely call you directly — and they’ll never try and charge you ANYTHING if they do. If a serious issue does need to be addressed, more than likely a Microsoft Registered Partner like CMIT Solutions would contact you on behalf of the company.
Do you want to leverage the experience and infrastructure we possess to give your business a competitive advantage? Wouldn’t you rather let us worry about IT so you can worry about growing your business? If so, contact CMIT Solutions today.