Had a phone call this morning (caller id was 510-943-3040) telling me that there are problems with my computer and asking me to turn it on and hook up to the internet. When I asked for proper authentication, he stated that he was a Certified Microsoft Technician. I told him I had extensive experience with computers & the line went dead. What's up? -- Roman
This very clever scam is designed to allow cybercriminals to gain access to your computer for malicious purposes and has been in play for many years.
If you fall for it, they convince you to allow them to remote into your computer to ‘fix the problems that they have detected’ with a heavy emphasis on ‘they’ being Microsoft.
Often times they will try to convince you that a lot of your personal information has been exposed on the Internet (which is why they supposedly know you have been compromised) and they can remote in to protect you.
If you allow this to happen, they can do just about anything they want to make you a vulnerable target or in some cases they pretend to have fixed the problem and ask you for your credit card number.
This scam became popular about the same time that remote service became a popular option from legitimate service companies as a convenient way to solve problems.
In general, getting help from someone you trust via the Internet is perfectly safe and secure, but the key is who called who.
Microsoft has never, nor will it ever randomly call users out of the blue to offer assistance (they are way too busy helping the millions of people that call them every day).
The only time that you will ever get a call from Microsoft is if you called them first and generated a case with them (they always give you a case number so you can always know it’s them, if they call back).
In the early days, these scam calls came from blocked numbers, but that always creates an immediate red flag, so they got more creative.
They figured out that if a phone number comes up on your caller ID, you are more likely to believe they are from Microsoft. But, since law enforcement can trace the phone number if you give it to them, they scammers use a combination of caller ID spoofing, pay phones, disposable cell phones or stolen cell numbers to make the call.
If you or anyone you know ever falls for this scam, it is essential that they take some immediate steps to mitigate any possible damage that can be done.
The first thing to do is disconnect the computer from the Internet so that any hidden tracking/key logging programs can’t send out the information that it has gathered.
The next thing to do is to go to a known clean computer and change the passcodes for all of your online accounts in case they were able to scrap your login information.
You will also want to closely watch the activity of any credit card that you may have given them over the phone as ‘payment for their services’ or call your bank to have the card reissued.
The final step is to have an experienced technical person do a complete examination of your computer to uncover any hidden malicious programs that may have been installed during the remote session.
If you get this call in the future, just hang up on them or have fun with them since you know they are scammers. Start telling them the story of your life from when you were born and just keep talking until they hang up... it's much more satisfying when you get them to hang up on you!
Ken Colburn, President
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Host of the award-winning Data Doctors Radio Program
Follow me on Twitter: www.twitter.com/TheDataDoc
Real-time updates & threat warnings via our Facebook Fan Page: www.facebook.com/DataDoctors