15 07 2015
Protecting Friends and Family online – The Microsoft Scam
Over the years I have had a number of phone calls from friends and family alike (often it is the older/wiser of them that falls for this scam) saying:
“Microsoft called and said that there was a problem with my computer; I did as they asked and downloaded the security software but then they wanted money so I said I would ask you first.”
It happened again the other day; a close family friend received a phone call from “Microsoft” and unfortunately she let them have access to her computer before she realized that something wasn’t quite right. Needless to say that laptop is now to my right having various scans run on it to see what they did (disconnected from the Internet of course!). As I am sure you can guess it was not Microsoft that called her; it was a scam artist performing the “microsoft scam” from somewhere who was just after credit card details.
I have educated everyone I know that I feel could be affected by this; and they all know that it’s a scam. Unfortunately sometimes you miss someone, of they have a off moment when they get the call! So this article is here to encourage you all to talk to your parents/grandparents/old-folk and try to educate them on the subject.
So what is this all about?
To quote the Admiral “Its A Trap“. It is a simple scam, someone calls you up (generally having used an auto-dialer) and claims to be from Microsoft (or another well known Internet company such as your ISP). Needless to say they are NOT from that company, or any other authoritative firm (and those firms are NOT involved in any way…. don’t sue me Microsoft).
They tell you that they have detected a problem with your computer; be it a virus or something else. They often talk the unwitting victim through opening the windows event viewer to show them “the errors”; anyone who works in IS Support (or similar) will know that the event viewer on a healthy machine always has one or two failures in it every time you turn on the computer. It is these “normal failures” that the caller uses to convince the victim they have a problem.
Of course the “skilled technicians from [the company]” can fix the problem for you right now if you go to a website and download their security software. A lot of the time they get the victim to download legitimate remote access software (such as logmein or teamviewer, who are not involved in the scams); once they have access to the computer they can do any number of things:
- Install malware of their own to track you when you next enter passwords online (for example).
- “Discover” that the problem is bigger than they thought and that you need to pay them for a solution!
- Steal your documents (banking statements, tax information, personal things)
- Any really, anything else they want!
Their big aim is to get your credit card details; once they have those they can scam you out of your entire credit limit.
What can potential victims do?
Firstly the golden rule of not being scammed. Do not fully trust someone who calls you unsolicited (or solicited for that matter, they always have their own agenda!). If you are not sure then listen to them for a short while; make up your mind based on how they act. Are they pushy, how is their English, are they asking odd questions?
If you are still not sure, just hang up, if they call back hang up again. If they are genuine then they will send you a letter in the post. If you think that it might be a real problem, talk to someone you know (the likelihood is your kids will have a better understanding of it anyway); if after all that you are still unsure take your computer to a high street shop (such as PC World) at least you know they are who they say they are!
What can we (the enlightened) do to help those family members?
First and foremost make sure they have good internet security software (I recommend AVG Ultimate as it protects your entire family for one price, and you can centrally manage it). I would also suggest a good malware protection system, such as Malwarebytes (pay for the premium version, it licenses three machines). I know that some of you are thinking “but there are plenty of free programs out there”; that is true and some of them are great.
But have you ever tried to use a free program to clean a deeply infected machine? Also the free software is not as highly polished as the paid for versions, the popups are often confusing and it constantly asks you to pay for a upgrade; if you think that Granny and Grandpa can understand when they should allow or disallow a program in their firewall then go ahead with the free ones!
What ever you do make sure the user understands the software. Take some screenshots of the firewall popups, and the icons (with program name) and print it out for them to keep with the machine so that they know what is safe to update and what they need to call you about. Oh and install a remote access program of your own (just disable the adhoc access system that teamviewer uses so that a scammer cant talk them into giving the details!) so that you can help from afar!
TLDR; you family don’t know much about computer security; help them install protection and educate them! It’s better in the long run!
Thank you to Don Hankins for the image used as the featured image on this post.