Hello, Microsoft Tech Support Calling

/in /by

So, what do you do when the fine folks from Microsoft take the time to call you about an issue with your PC? Hang up! It’s a scam. Microsoft never calls end users directly. But that’s not what people might be led to believe because, recently, there has been an increase in what I’m calling “cold-call phishing” attempts.

Here’s what happens:

The caller, claiming he’s from Microsoft tech support, will say they’ve detected that a virus or malware has invaded your computer, your computer may even have a similar message pop up on the screen just before you received the call. He’ll offer to help by directing you to certain websites, and then ask to remotely take control your PC to expedite the removal of such malware. Once inside your PC, he’ll install various “removal tools.” Now is when he’ll tell you “it’s worse than originally thought” and say you’ll need to pay for a different tool or, for a small fee, he’ll remove it manually. Once you agree to pay, the caller will either ask you for your credit card number to complete the transaction or lead you to a screen where you can “securely” input your credit card info. Finally, he’ll say he’s successfully cleaned up the virus and will leave a few “extra tools” installed to prevent this from happening again. Thank you for your time and patience.

What really just happened? –
The first website the phisher directed you to contained malicious code which installed some piece of malware on your computer. The second tool he installed contained a root kit that allowed him administrative access into a remote command-and-control server on your computer so that he could join your computer to his bot net … and then he kindly stole your credit card information. In the time it took you to read this far, he’s likely already sold it on the Dark Web.

Why these scams work:
If you’ve ever had a virus or malware removed remotely by TNSC or another reputable company, the process described above is really not much different than what the scammers appear to do. We will remotely control your computer, install some malware cleaning tools, remove the malware and may make recommendations for products or services that will prevent these types of infections from occurring. The key difference is that the tool, products and services we recommend are all legitimate, while those used by the scammers are not.

So how can you tell if the person on the other end of the phone is here to help or hurt? Ask yourself some questions before ever letting someone onto your PC remotely.

  • Did I open a ticket or request service from my helpdesk or tech company?
  • Do I know the person I’m speaking with?
  • Do I trust this person?

If the answer to any of those questions is ‘no,’ hang up and call your IT provider. If the call was legitimate, your IT provider will be able to verify it; if it was not, they’ll be able to confirm that too. And if it’s too late and you already went to any of the websites the scammer directed you to, we can clean up what ever mess it made. TNSC also has a suite of products called SecureIT that will help protect your computer and network, should you or one of your employees fall for these types of scams or otherwise stumble across emails or websites containing malicious code.

You might also like
A Day in the Life of a Technician
Ransomware: The New Class of Malware
Tech Primer: What is a Switch?
Value of Promoting from Within
Why Documentation is Crucial
Are you Using the Best Firewall?
Virus Protection by Doug Macomber, Systems Engineer at TNSC
CryptoLocker Update