If you receive a phone call from someone claiming to be from Microsoft Support Services or any other “computer support company” DON’T GIVE THEM ANY INFORMATION OR ACCESS TO YOUR COMPUTER.
Lately we have seen an increase in reports from computer users who was targeted by this scam. The caller will ask the computer owner to follow certain steps on their computers which allow the caller access over the device. Victims may have viruses or spyware implanted on their computers which allow the callers access to their personal information or asked to pay for non existing virus protections or computer services.
This week I personally had a call from a lady with an indian accent calling from “Windows Technical Support Team” in Cape Town. Knowing about the scam I played along for a while. First she directed me to the Windows Event Viewer to show me all the ‘errors’ on my pc. She then tried to trick me into downloading a remote connection software client, which would have allowed them complete control over my computer.
At this stage I started to ask some questions to “ensure that they are from a valid company”. After trying to dodge the questions while putting pressure on me to run the remote connection software, she gave me a voip phone number and a fictional e-mail address. After some more questions from my side she had me write down “888DCA60 – FC0A -11CF – 8F0F – 00C04FD7D062” which is supposedly my computer’s internal serial number. (This number is actually used for associations and is present on the majority of windows computers.) Tricks like this could very well convince the average computer user that the caller is legitimate.
PLEASE BE TAKE NOTE OF THIS AND BE VERY CAREFUL.
The callers employ social engineering tactics that could easily convince even fairly tech savvy users. They can sound very professional and knowledgeable but can also get forceful in trying to get you to do what they want.
Never give out ANY personal information or follow any directions from a caller to perform any tasks on your computer. If you do receive a suspicious phone call either hang up the call or ask them to provide you with the details of who they are, their contact information and what they need to do on your computer then ask them to call back later and hang up. E-Mail the details to firstname.lastname@example.org, and we will give you feedback on whether this is a legitimate call or not.
How it works.
You receive a phone call from someone claiming to be from Microsoft Technical Support Team / Windows Helpdesk / Windows Service Center / Microsoft Tech Support / Windows Technical Support Group / Microsoft Research and Development Team. The person tell you that they have detected a problem / virus / malware on your computer and are calling to help you fix the problem.
The next part will go in one of two ways.
1) The caller will follow certain steps to convince you there is a problem on your computer. They will then “fix” your computer and ask to be paid for the service by credit card, tamper with your computer in the background and then ask for payment by credit card to fix the “errors” or try to sell you lifetime service protection from viruses. Once they have your credit card details they will charge multiple transactions to your account.
2) They will try and convince you to a) give them remote access to your computer, b) install an application on your computer, c) direct you to a website from which to download an application.
Once you have done this, they can access your computer remotely and obtain any personal information stored on your computer. Frequently the perpetrator will also install spyware on your computer to capture everything you do, including what you type on your keyboard as well as your mouse clicks.
If you use your computer for internet banking they can obtain all your internet banking details, including your pin and passphrase after you have logged in a couple of times. (This can be used in conjunction with a browser redirect to transfer money out of your accounts) The scammers will also be able to monitor all your emails and capture your logins details for Facebook and any other website.
With the advancement of security on personal computers and software it is becoming more and more difficult for scammers and hackers to gain access to personal computers and data. This has caused a shift towards using social engineering instead of direct attacks to gain access to computers. In general it takes a lot less time and effort to trick someone into giving you access to their computers and data than to hack the device.
These are highly lucrative criminal activities and the scammers are well prepared and trained. Attacks are frequently tailer to a specific country or region the are targeting at the time. When they call you the most probably with have some information about you and usually know your details such as your e-mail, telephone number, your name and surname.
What to do if you have been a victim of a telephone support scam.
Change your computer’s password.
Use a trusted computer to change the passwords and or pins for your e-mail account, facebook account, any financial accounts especially your bank and credit card.
Contact Aeon Computer or your preferred IT support company and arrange to have your computer thoroughly scanned for malware and spyware and to further secure your computer if needed.
NOTE: Microsoft has nothing to do with this scam. It’s known as the Microsoft Phone Scam because the scammers usually claim or imply that they are from Microsoft.