Table of Contents




Old "Windows Tech Support" Scam Hits Locally
by Ira Wilsker









            Yesterday I received an email from a member of the local computer club about a phone call that she had just received. "I received a call on my home phone today from someone named "Janet" who claimed to be from the "Tech Department at Windows".  She said they detected a virus on my computer and that if I would get on the computer now she could tell me how to correct it.  She told me that the virus was slowly eating away at my computer.  I told her I was busy and would have to call her back.  I asked for her phone number, which she gave me - 347-489-xxxx.  She had a very thick accent - probably Indian.  I assume this is a scam?"  Yes, it is a well documented scam that has resulted in big losses for a lot of people who do as the caller says.

            What often happens with this scam, is the callers ask you to turn on the remote access feature built into Windows that allows remote servicing.  Once the caller has access to your computer, they may steal usernames, passwords, address books, personal information, and other valuable data.  They may also plant keyloggers to capture any banking information, logins, and other sensitive information, all for the purpose of identity theft.   They also often plant other types of malware as well, and often try to sell additional services to the user. Most of these calls are VoIP (Voice over Internet Protocol, phone calls placed over the internet) and often come from Russia, Pakistan, Iran, Iraq, Ukraine, Nigeria, China, and other unfriendly places.  In the example above "Janet" gave a Manhattan phone number which either was false, or it was a portal on to a VoIP system that could be picked up anywhere in the world.

            In an article published in The Register (UK) last summer, citing a recent Microsoft security survey, this fake tech support scam is very widespread.  Microsoft surveyed 7,000 computer users in the UK, Ireland, US,  and Canada and found an average of 16 per cent of people had received such calls.   According to Microsoft, these scammers allege that they are calling from Microsoft or a recognized security software company, and inform the victim that his computer is infected, and that the caller will perform a free security check, or otherwise clean the malware off of the computer.  According to a posting by Microsoft, the callers most often claim to be calling from Windows Helpdesk, Windows Service Center, Microsoft Tech Support, Microsoft Support, Windows Technical Department Support Group, or the Microsoft Research and Development Team (Microsoft R & D Team).  Of those receiving one of these scam phone calls, about one person in five followed the scammers' instructions, and gave the criminal remote access to their computers.  Once that access has been granted, the crooks typically load malware onto the computer, opening the computer to future attack.

            A common type of felony crime committed by these crooks is identity theft, where either by accessing files or by installing keyloggers (malware that records keystrokes and sends them to a remote location), the criminal can steal banking information, credit card information, user names, passwords, security questions, and other valuable personal information.  In some cases the crooks, in an action reminiscent to the infamous "rogue antivirus' scams, asks for the victims' credit card information in order to pay for the service or for the sale of security software.  While nothing is really purchased, a charge does show up on the victims' credit account, and the credit card information is also likely to be posted for sale on illicit websites where credit card information is bought and sold for the purpose of fraudulent transactions.

            According to the Microsoft survey findings, 79 percent of those who allowed the illicit remote access to their computers suffered identified financial losses, ranging from a low of $82 to a high of $1560, with an average financial loss of $875.  In addition to financial losses, the malware that may be loaded onto the computer may be used to provide a continuing revenue stream to the crooks by using the compromised computer as a part of a "botnet" (remotely controlled collection of hijacked computers) to send out spam email by the thousands, for which the crook charges his clients a fee.  Of course the spam, and any related scams or pornography sent in the spam emails, cannot be tracked back to the creator of the spam or the crook who hijacked the computer, but instead would track back directly to the victim's computer.

            While not likely, it is possible that Microsoft or one of its authorized partners may contact a computer user about a security related issue.  On the Microsoft website (www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx), they explain the explicit times and circumstances in which Microsoft may contact a user directly.  "
There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes."  Microsoft warns that if you receive a phone call claiming to be from Microsoft, do not purchases any software or services offered by the caller, or if there is some type of subscription fee attached to the support offer.  Microsoft also warns not to allow remote access to you computer unless you can confirm that the other party, " ... is a legitimate representative of a computer support team with whom you are already a customer."  It is imperative that you should never give any personal, financial, or credit card information to any caller who says that he is from Microsoft Technical Support, because a legitimate Microsoft representative would never ask for such information.  Even if the caller provides a phone number that you can use to return the call, that does not mean that the phone number is an authentic Microsoft location, because who ever answers the phone can falsely answer with "Microsoft", and with VoIP, the call can be routed anywhere in the world, even if the phone number looks realistic.

            If by some chance you have fallen for this scam, look at the Federal Trade Commission (FTC) website "Reporting Phone Fraud" at www.ftc.gov/bcp/edu/microsites/phonefraud/report.shtml and follow the contact instructions provided.  It would also be prudent to perform a security scan with one or more of the free malware scanners such as MalwareBytes (malwarebytes.org) or SuperAntiSpyware (superantispyware.com).  Since much of the contemporary crop of malware is engineered to protect itself, if these malware scanners will not load and run, it is then very likely that the computer is badly infected, and may require a more sophisticated malware removal process.  If the security report scan indicates that the computer is clean, it would be wise to change all of your passwords (email, banking, eBay, PayPal, etc.), and to contact your financial institutions and credit card companies to inform them that you may have been the victim of fraud.  Since it is possible that the phone crook deactivated or neutralized your security software, it may also be a good idea to reinstall and update your security software.

            It is a sad state of affairs that any of us may fall victim to criminal activity at any time, but in this case the crook does not use a weapon, but instead a caring, often female, voice offering to help us clean our "infected" computers.  With an average loss, as reported by Microsoft, of $875, and the ability of the crooks to make thousands of such calls a day, the aggregate losses will be very substantial.  Still, as an individual, not many of us can readily absorb an $875 loss.  If you get a call from some permutation of "Microsoft Technical Support" informing you that your computer is infected and either for free or for a fee they offer to clean it for you, simply hang up.  Although in a different context, and over 25 years ago, Nancy Reagan gave the best advice when she said, "Just say NO!"

 You can reach Ira Wilsker 
EMAIL: iwilsker@sbcglobal.net
LISTEN to him "My Computer Show" on NEWS TALK AM560 KLVI
NOW STREAMING live on the NET, MONDAYS, 6-7pm Central Time , 7-8 pm Eastern
and call in number is 1-800-330-5584
READ my weekly computer and technology column in the EXAMINER http://www.theexaminer.com
Click on the "THE EXAMINER" at bottom of page under "Related Links"


Copyright © 1999 - 2012 PC Lifeline