Have you ever received a call from someone impersonating a Microsoft tech support representative or a pop-up window on your computer while browsing on the internet that instructs you to call Microsoft or some other technical support company?  Many people, including law office attorneys and staff, have been victims of these cybercriminal scams.  Understanding these scams, alerting your staff to them, and instructing your staff what steps to take if something like this happens is very important.  The security of your data and network depend upon it.

Many computer users think the only way they can get a virus, malware, or hacked is through email.  Unfortunately, cybercriminals have other ways to get into your pc and network.

Cybercriminals will make telephone calls pretending to be support representatives from major software manufacturers.  Everyone thinks that they would never get scammed if they received a call like this, but many computer users have been caught up in this scam.  The call seems real.

A person calls saying that they are from Microsoft or another company to report to you that they have received an alert that your pc is infected with a virus or that your Windows operating system needs to be updated.  They ask if they can connect to your pc to review your system or analyze the data to resolve the fabricated issue.  When the user allows access to their pc or laptop, their personal information and more is now at risk.

Microsoft does not make calls directly to computer users telling them that they need to fix their pc or that they have received a report from their pc that it is infected.  Software manufacturers do not call either.  If you receive a call like this, hang up or have fun with them.  Just don’t give the fake representative any of your information.  Do not allow them to connect to your pc or to convince you to download something to the pc.  If they connect to your pc, what you don’t see as you watch the person you are talking to manipulate your screen, is in the background, other cybercriminals are scanning your pc for personal information and other important information that they could use.

Another type of scam is while browsing on the internet, a window or pop-up, appears on your pc.  The window or pop-up appears as a warning that your computer is infected or has detected that the pc needs a download.  The message may instruct you to call a number for Microsoft or some other technical company.  The message may instruct you to download software to protect your pc or to scan it for a virus.  Because these messages appear to look like they are from the software manufacturer, the user may call and think they are speaking to a software manufacturer representative.  The user is really talking to a cybercriminal that convinces the user that they need to connect to their pc or to download software that is malicious.

Do not call a telephone number listed on a pop-up or on a warning message.  Do not click on a link that looks like it will take you to the manufacturer’s web page or to download a patch within a pop-up or warning message.  One pop-up causes the pc to start beeping and making noises, so the user feels they have no choice but to call the technical support number listed.  Instead, call your IT provider.  You can also always search for the manufacturers website independently of the message or pop-up you received.  You should obtain known downloads directly from the software manufacturers websites, not from questionable pop-ups.  Look for the official webpage and pay attention to the actual URL of the webpage link when you are searching.  Do not click on anything that looks suspicious.

What should you do if you or someone at your office takes or makes a call like described above and allows a cybercriminal to connect to a pc?  As soon as you realize that it is not a legitimate call.  Immediately hang up and disconnect your computer network cable from the data jack in the wall.  This will disconnect your pc from the network and the internet and will disconnect the cybercriminals connection.  Your pc was being used as a gateway.  Do not shut down your pc.  Call your IT support provider immediately to alert them as to what has happened.  Your IT support will walk you through the process of making sure your pc and network is safe.  This will entail running scans on the pc and the network.  More than likely your IT provider will recommend to wipe the pc.  They will reload the operating system and programs on the pc.

Unfortunately, computer users get lured into scams by cybercriminal callers and fake pop-up windows that sound or look authentic.  Good computer users know that they need to keep their pc updated and free from viruses, which make them susceptible to the calls and messages.  The cybercriminals capitalize on this knowledge.  Within the past few months, a few local law offices have had staff fall victim to these scams, which inevitably puts the entire firm’s network and data at risk.  No software can prevent this type of scam, since it takes an action by one of the users to allow the cybercriminal access to their pc.  Educating your staff on cyber security and safe computing is the best risk management tool to reduce your firm’s  susceptibility to these scams.

Alicia A. Slade, MS, MBA, is the President of Plummer Slade, Inc., a computer networking and IT solutions firm providing IT services to hundreds of law offices.  Plummer Slade is exclusively endorsed for IT Solutions by the Allegheny County Bar Association (ACBA).