Due to the recent rise in spam email, malware and ransomware, users all over the world have been taking extra measures to combat cyber infection. One of the less talked about cyber-attacks is an elaborate scam involving a phone call from a real person claiming they are from a department within Microsoft. They will proceed to inform the recipient of the phone call that they were tipped off about potential malware or infection on the user’s PC, and ask to establish a remote connection. This is the cue for the user to hang up.

Unfortunately, this scam has worked on a large number of unsuspecting PC owners, but to no fault of their own – these cold-callers who say that are from Microsoft know enough information about the user and their PC to pitch a convincing story. Much of the information they provide can be retrieved from public databases, but the scammers are equipped with a script intended to scare the end-user into revealing private information or allowing a remote connection.

The threat of malware seems to be most effective in that it is has proved to motivate users to surrender usernames, passwords, and even credit card information. Scammers have been reported to say that they were contacted by the end-user’s Internet provider regarding the detection of malware or viruses on the user’s account. In other cases, the scammers have indicated that the user’s operating system had a vulnerability making it susceptible to malware and needed to be patched immediately.

Scammers will often back up their claims by having the user open their event log, where the PC owner will find errors. Unfortunately, the average end-user does not have a background in IT and does not know that such errors are common and do not necessarily relate to infection. Other times, the caller will recite a license ID that matches an ID in the user’s system to ‘confirm’ the report of infection on the user’s PC. Again, the average end-user would not know that the referenced ID is not unique, but in fact universal for all Windows PCs. The identification of the user’s first and last name, possibly their operating system, and detailed information pertaining to error logs and ID numbers have proven to successfully scare users into believing these scammers and allowing a remote connection. Regardless of which scare tactic they use, the scammer’s end goal is always the same – money.

Once connected, the scammer has free reign of the PC. There have been reports that they install worthless, free applications, but package the installations as antivirus software. In this instance, they may direct the user to a legitimate website (such as www.ammyy.com) to install the software that will allow them to remotely connect to the computer and make changes to the PC’s security settings. They would then charge the end-user hundreds of dollars for their ‘services,’ requiring the end-user to provide credit card information. Scammers have also been reported to install malicious Trojans that steal web-based account usernames and passwords, including online banking passwords.

According to Microsoft’s website, these con artists have identified themselves to be from organizations such as: Windows Helpdesk, Windows Service Center, Microsoft Tech Support, Microsoft Support, Windows Technical Department Support Group and Microsoft Research and Development Team. Microsoft also specifies that they never make unsolicited calls, especially to charge for computer services or fixes.

Some of these illegitimate groups have already been shut down, but the fake service calls persist. These scam organizations take measures to spoof their caller ID to appear as though they are calling from a variation of Microsoft tech support. That, in combination with a persuasive backstory, makes it easy for innocent end-users to fall for the con.

Plummer Slade has had two clients receive a phony Microsoft service calls. One of these clients allowed the cold-caller to connect to his laptop. After a few minutes, he decided to hang up and contacted Plummer Slade shortly after. Because he had allowed the ‘Microsoft support technician’ to connect to his PC, the experts at Plummer Slade decided the best course of action would be to wipe and reload the laptop back to factory settings.

The other client to receive the ‘support’ call was aware of the scam and knew immediately it was an illicit call. He proceeded to ask the scammer questions with the intention of flustering him. Although this particular client made it obvious he doubted the caller’s legitimacy, the caller was very insistent and almost aggressive in trying to convince him to allow a remote connection.

The threat of malware and viruses is real, but these cold-calls from ‘Microsoft’ are not. These scammers are forceful and use scare tactics to try to target uninformed users. The experts at Plummer Slade urge all users to practice safe, mindful computing.

A message from Alicia Slade:
It is important to me that I remind my clients that we will always identify ourselves as Plummer Slade when we call. These scammers are clever and dangerous. Please be careful and do not let a cold-caller remotely connect to your computer. If you have received such a call or suspect that someone may have already remotely connected to your machine, contact Plummer Slade right away.