"Windows Tech Support" Scam Hits Locally
Yesterday I received an email from a member of the local computer club about a phone call that she had just received. "I received a call on my home phone today from someone named "Janet" who claimed to be from the "Tech Department at Windows". She said they detected a virus on my computer and that if I would get on the computer now she could tell me how to correct it. She told me that the virus was slowly eating away at my computer. I told her I was busy and would have to call her back. I asked for her phone number, which she gave me - 347-489-xxxx. She had a very thick accent - probably Indian. I assume this is a scam?" Yes, it is a well documented scam that has resulted in big losses for a lot of people who do as the caller says.
What often happens with this scam, is the callers ask you to turn on the remote access feature built into Windows that allows remote servicing. Once the caller has access to your computer, they may steal usernames, passwords, address books, personal information, and other valuable data. They may also plant keyloggers to capture any banking information, logins, and other sensitive information, all for the purpose of identity theft. They also often plant other types of malware as well, and often try to sell additional services to the user. Most of these calls are VoIP (Voice over Internet Protocol, phone calls placed over the internet) and often come from Russia, Pakistan, Iran, Iraq, Ukraine, Nigeria, China, and other unfriendly places. In the example above "Janet" gave a Manhattan phone number which either was false, or it was a portal on to a VoIP system that could be picked up anywhere in the world.
In an article published in The Register (UK) last summer, citing a recent Microsoft security survey, this fake tech support scam is very widespread. Microsoft surveyed 7,000 computer users in the UK, Ireland, US, and Canada and found an average of 16 per cent of people had received such calls. According to Microsoft, these scammers allege that they are calling from Microsoft or a recognized security software company, and inform the victim that his computer is infected, and that the caller will perform a free security check, or otherwise clean the malware off of the computer. According to a posting by Microsoft, the callers most often claim to be calling from Windows Helpdesk, Windows Service Center, Microsoft Tech Support, Microsoft Support, Windows Technical Department Support Group, or the Microsoft Research and Development Team (Microsoft R & D Team). Of those receiving one of these scam phone calls, about one person in five followed the scammers' instructions, and gave the criminal remote access to their computers. Once that access has been granted, the crooks typically load malware onto the computer, opening the computer to future attack.
A common type of felony crime committed by these crooks is identity theft, where either by accessing files or by installing keyloggers (malware that records keystrokes and sends them to a remote location), the criminal can steal banking information, credit card information, user names, passwords, security questions, and other valuable personal information. In some cases the crooks, in an action reminiscent to the infamous "rogue antivirus' scams, asks for the victims' credit card information in order to pay for the service or for the sale of security software. While nothing is really purchased, a charge does show up on the victims' credit account, and the credit card information is also likely to be posted for sale on illicit websites where credit card information is bought and sold for the purpose of fraudulent transactions.
the Microsoft survey findings, 79 percent of those who allowed the illicit
remote access to their computers suffered identified financial losses, ranging
from a low of $82 to a high of $1560, with an average financial loss of $875.
In addition to financial losses, the malware that may be loaded onto the
computer may be used to provide a continuing revenue stream to the crooks by
using the compromised computer as a part of a "botnet" (remotely controlled
collection of hijacked computers) to send out spam email by the thousands, for
which the crook charges his clients a fee. Of course the spam, and any related
scams or pornography sent in the spam emails, cannot be tracked back to the
creator of the spam or the crook who hijacked the computer, but instead would
track back directly to the victim's computer.
Copyright © 1999 - 2012