ALAN ZISMAN ON
TECHNOLOGY
What should you say when Microsoft calls?
By Alan Zisman © 2013-02-28
Has this happened to you – you pick up the phone and get told that the caller is from ‘Microsoft’ or ‘Microsoft Windows’ or ‘Windows Corporation’ a government agency or (more recently) ‘a Microsoft partner’ and that their servers have reported that your computer is infected?
I’ve gotten at least three of these calls over the past year, and many people I know have reported similar calls.
The callers are persistent – your first impulse may be to brush them off but the callers are polite but sound convinced that this is no scam and that it’s important that you listen to them. You may be given a toll-free phone number to call them back – presumably demonstrating that they’re from a legitimate organization.
To demonstate that your computer is, in fact, infected, they will ask you to go to your computer and follow a few steps: perhaps running the Windows Event Viewer and seeing that a background service that the caller claims is malicious is running on your computer. Or perhaps searching for files ending with the .INF file extension.
You’ll then be told that this is proof that your computer is infected – for instance that INF is short for ‘infected’- in reality, these ‘information’ files are normal, containing information used by software installers.
Once you’re convinced that your computer is, indeed, infested with multiple infections, the caller will offer to help clean it off – which typically involves having you install remote access software that lets him have control over your mouse and keyboard, and also involves paying several hundred dollars for technical support and security software.
No surprise – it’s a scam. And a widespread one, that according to the UK Guardian’s Charles Arthur has been going on since at least 2008.
In 2011, Microsoft (the real Microsoft) surveyed 7000 people and reported that over 1000 said they’d received these sorts of calls. 234 fell for the scam, with 184 losing money – an average of over $800 each.
Late in 2012, the US Federal Trade Commission, working together with Microsoft and authorities from the UK, Canada and Australia, announced that they had shut down 14 companies involved in this sort of scam – but apparently they or others are back, running the same sort of scam with some new twists: claiming to be an employee of a ‘Microsoft partner’ rather than Microsoft, searching for .INF files rather than using the Event Viewer, for instance. Scammers may also claim that Windows Update has reported the infection.
Microsoft has repeatedly noted that neither the company nor its partners will ever cold-call customers in this way. And while Windows Update will often download and run a Malicious Software Removal Tool, it doesn’t report back to Microsoft in this sort of way. (Ideally, it removes malware silently, behind the scenes, and for free!) According to Microsoft: “Windows Update is committed to protecting your privacy and does not collect your name, address, e-mail address, or any other form of personally identifiable information.”
Hopefully, if you got one of these calls, you knew it was a scam. I was amused by my calls, since I currently don’t have any Windows systems running – and it’s impossible to follow their instructions on a computer running Mac OS X or Linux.
So of course, the best thing to do is to hang up.
But if the 2011 poll is to be believed, about 20% of the people called paid up – it might not be you, but it might be an older relative, and you might hear about it and be asked to help. My wife’s aunt, for instance, paid about $450 in the course of one of these calls – then emailed me to ask if she’d been taken.
Microsoft’s 2011 survey noted that 67% of the people who’d paid money were able to recover at least part of it – an average of 42% of the money paid after contacting PayPal, their bank, or credit card companies. People who used a debit card for the transaction, though, were out of luck.
Microsoft urges users who have been scammed in this way to change the main password on their Windows log in, change email passwords, and change the passwords or PINs associated with bank accounts and credit cards and to contact banks and credit card companies.
As well, they recommend scanning the affected computer with a reputable on-line malware scanning service such as Microsoft’s Safety Scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx), Trend Micro’s HouseCall (http://housecall.trendmicro.com/) or ESET’s Online Scanner (http://go.eset.com/us/online-scanner/run/).
The US FTC requests that – whether you’ve been scammed or not – if you receive such a call you report it to their website: http://ftc.gov/complaint or toll-free number: 1-877-FTC-HELP.
My wife’s aunt reported that PayPal was no assistance to her but that VISA helped her get her money back.
Older blog postings....
What should you say when Microsoft calls?
By Alan Zisman © 2013-02-28
Has this happened to you – you pick up the phone and get told that the caller is from ‘Microsoft’ or ‘Microsoft Windows’ or ‘Windows Corporation’ a government agency or (more recently) ‘a Microsoft partner’ and that their servers have reported that your computer is infected?
I’ve gotten at least three of these calls over the past year, and many people I know have reported similar calls.
The callers are persistent – your first impulse may be to brush them off but the callers are polite but sound convinced that this is no scam and that it’s important that you listen to them. You may be given a toll-free phone number to call them back – presumably demonstrating that they’re from a legitimate organization.
To demonstate that your computer is, in fact, infected, they will ask you to go to your computer and follow a few steps: perhaps running the Windows Event Viewer and seeing that a background service that the caller claims is malicious is running on your computer. Or perhaps searching for files ending with the .INF file extension.
You’ll then be told that this is proof that your computer is infected – for instance that INF is short for ‘infected’- in reality, these ‘information’ files are normal, containing information used by software installers.
Once you’re convinced that your computer is, indeed, infested with multiple infections, the caller will offer to help clean it off – which typically involves having you install remote access software that lets him have control over your mouse and keyboard, and also involves paying several hundred dollars for technical support and security software.
No surprise – it’s a scam. And a widespread one, that according to the UK Guardian’s Charles Arthur has been going on since at least 2008.
In 2011, Microsoft (the real Microsoft) surveyed 7000 people and reported that over 1000 said they’d received these sorts of calls. 234 fell for the scam, with 184 losing money – an average of over $800 each.
Late in 2012, the US Federal Trade Commission, working together with Microsoft and authorities from the UK, Canada and Australia, announced that they had shut down 14 companies involved in this sort of scam – but apparently they or others are back, running the same sort of scam with some new twists: claiming to be an employee of a ‘Microsoft partner’ rather than Microsoft, searching for .INF files rather than using the Event Viewer, for instance. Scammers may also claim that Windows Update has reported the infection.
Microsoft has repeatedly noted that neither the company nor its partners will ever cold-call customers in this way. And while Windows Update will often download and run a Malicious Software Removal Tool, it doesn’t report back to Microsoft in this sort of way. (Ideally, it removes malware silently, behind the scenes, and for free!) According to Microsoft: “Windows Update is committed to protecting your privacy and does not collect your name, address, e-mail address, or any other form of personally identifiable information.”
Hopefully, if you got one of these calls, you knew it was a scam. I was amused by my calls, since I currently don’t have any Windows systems running – and it’s impossible to follow their instructions on a computer running Mac OS X or Linux.
So of course, the best thing to do is to hang up.
But if the 2011 poll is to be believed, about 20% of the people called paid up – it might not be you, but it might be an older relative, and you might hear about it and be asked to help. My wife’s aunt, for instance, paid about $450 in the course of one of these calls – then emailed me to ask if she’d been taken.
Microsoft’s 2011 survey noted that 67% of the people who’d paid money were able to recover at least part of it – an average of 42% of the money paid after contacting PayPal, their bank, or credit card companies. People who used a debit card for the transaction, though, were out of luck.
Microsoft urges users who have been scammed in this way to change the main password on their Windows log in, change email passwords, and change the passwords or PINs associated with bank accounts and credit cards and to contact banks and credit card companies.
As well, they recommend scanning the affected computer with a reputable on-line malware scanning service such as Microsoft’s Safety Scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx), Trend Micro’s HouseCall (http://housecall.trendmicro.com/) or ESET’s Online Scanner (http://go.eset.com/us/online-scanner/run/).
The US FTC requests that – whether you’ve been scammed or not – if you receive such a call you report it to their website: http://ftc.gov/complaint or toll-free number: 1-877-FTC-HELP.
My wife’s aunt reported that PayPal was no assistance to her but that VISA helped her get her money back.
Older blog postings....
| About This Blog... I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Twitter for notice of new blog postings. |
 |