Hopefully, most of you (as tech savvy readers of my blog) are aware of the “Microsoft support” or “Windows support” scams that are still catching people. The scam comes in a couple of variants, but the end result is the same…. They get money or personal data from you.
The scam as I have personally seen it, starts with a phone call to you from “Windows support” (they used to say “Microsoft support”) saying that your computer has sent data to them saying that it has a virus.
Windows does not send any telemetry back to Microsoft that includes PII (Personal Identifiable Information). It does send error data and some usage data back, but this is all anonymous and designed to help Microsoft fix issues and improve Windows. There is nothing sent back that will allow Microsoft to know who you are.
Microsoft Support will never cold call you. Firstly because they don’t know that you have a virus and secondly because they don’t call you. You call them.
The second variant is when a dodgy website displays a message saying you have a virus and to call a number to get it fixed. If you call them, the scam takes a similar path.
In both cases, you don’t have anything wrong with your machine.
Once the “technician” (read scammer) has you on the call, they will get you to look at something in Windows that looks scary but is actually standard and behaving the way it should be. They will then get you to give them control via LogMeIn or GotoMeeting. Once they have control, they will show you more scary technobabble to make you believe you have a virus.
They will then try to sell you a support plan, or make you pay for them to fix the issue. Bingo, they just scammed you out of your hard earned money.
There is also the possibility that they might actually install software which is malicious, such as a real virus or Trojan that can capture your personal information such as passwords or credit card and bank details.
So I recently found this video by an ex-Microsoftie (like myself) who decided to “play along” with a scammer on a virtual machine and see where it took him.
Fake Microsoft Scammer Tries to Scam Ex Microsoft Employee (direct link)
I think it is great to show how the scammers work and what they say.
For your info. I normally try to keep the scammers on the line for as long as possible. This way they are not calling someone else who might get caught. My record is having a scammer waiting 45 minutes for my machine to start up before he finally hung up.
If I don’t have time, then I will hit them with a 120db siren that I have on my desk. If they are still on the call after a 20-30 second blast, then when they ask what the noise was, I will say that my bullshit detector just went off…. they usually hang up.
I have also confronted them, asking how they can live with themselves and explaining that I work in IT and know that they are a scam. It is much more fun to get them so angry they hang up on you, than to just hang up on them.
This article was originally posted on http://www.winthropdc.com/blog.