Sniffing out the Microsoft phone call scamPosted: Updated:
I just received a call from someone asking me to click the Windows button + R. The caller says he's from the computer maintenance department of Microsoft Windows and they are doing a routine check. He left a phone number and his name and asked that I call back. I'm figuring he was up to no good, so I didn’t comply. - Cindy
This phone-based scam has been around since 2008 and the scammers are using more sophisticated social engineering tactics to make them appear to be legitimate.
Based on the number of people asking us about these phone calls on our free help Facebook page (http://Facebook.com/DataDoctors), it’s obvious that the scammers have cranked up their efforts.
Remote service is completely safe and a great way to get your computer taken care of, but only when YOU initiate the call to a service provider. Microsoft does not have a random task force that monitors infected Windows computers around the world and calls when they see a problem.
Here are some of the ways that they are currently trying to trick people:
The caller ID generally says ‘Home Security’ and includes what appears to be a valid number. In general, you will likely hear a strange accent.
In the past, if you were to ask them for a phone number and name so you can call them back, they would hang up. Today, they will gladly give you their direct extension and name in an effort to get you to let your guard down.
Whatever number they give you will generally ring busy if you were to try calling it (part of the scam).
If they can convince you to stay on the line, they quickly try to convince you that your computer has been compromised by having you run some ‘diagnostics’ yourself as proof.
A recent tactic is to get the victim to open the Windows Event Viewer, which has a log of any errors that Windows has detected. Unless you just recently installed Windows, your Event Log is bound to show some errors (very normal), which can be made to seem scary to non-technical users.
Another trick that they use is to get you to drop to a command prompt (black background with white text) to check your system ID and to have you run a verify command, which will return the message that ‘verify is off’.
They will then tell you that your computer ID can’t be verified which means your computer hasn’t been able to get Windows updates (which is completely false; the verify command is to verify that data has been written to a drive correctly).
They may even guide you to pull up something that they claim is a system certificate that has a 2011 date, which they will try to convince you means your computer hasn’t been updated since last year.
As you can see, if you follow their instructions, they can easily trick a non-technical victim into believing that their computer is infected and allow ‘Microsoft’ into their computer remotely to fix it.
One of the current scams is so convincing that folks are paying $250 or more when the supposed service has been completed, when all along, they just used common files and tools to make it look like you had major problems.
I want to reiterate, remote service is completely legitimate, safe and convenient, so don’t be afraid to have your computer serviced over the Internet. Just make sure that YOU were the one that initiated the request for help, not some foreign speaking person out of the blue!