I got a call today from someone who said they were from Microsoft warning me that my computer had a virus and that a report had been sent to them. It was a scam, which I figured out immediately but fed him enough rope to let him hang himself.
When I found out enough information, I contacted the Microsoft Security Center and informed them of what I had learned. Unfortunately, they told me that while I had immediately recognized this as a dangerous scam, many people had not. Their computers were severely compromised, as was any personal and financial information kept on their computer. Here’s what happened and what you should and should never do when people call you to “help” with your computer.
First, I don’t send reports to Microsoft so I immediately was on guard. Second, I know that Microsoft would never personally call anyone to alert them to malware on their computer. Third, this was shortly after I woke up, and each night before I got to sleep I run thorough computer scans using a couple of different software.
The guy told me that the report indicated that I had a virus on my computer and that he wanted me to download something and give him access to my computer. I asked him for the link, which I wrote down but did not put into my browser, and asked him exactly what he wanted to do.
He told me that he wanted to install software that would let him control my computer and also told me that I needed to “disable all Norton security” so that he could properly install Microsoft software as it was a “Windows issue that Norton didn’t catch.”
Then, I told him that I was not on the computer at the moment (untrue) and asked for a number that I could call back once it was turned on. I got it, and then immediately contacted Microsoft.
It was indeed a phishing/malware scheme and Microsoft said many people had called because they fell for it.
What You Should Know
No company, including Microsoft, Apple, Dell, Hewlett Packard, McAfee or Norton will ever call you and ask for you to remotely log in.
The only time they would do this is you contacted them about an issue. And since what downloading materials to your computer and “fixing” things for remote access costs money. (For example a few years back we had trouble with our old computer: we paid $250 for Dell to troubleshoot the issue, only to be told that the fix was temporary and we ought to buy a new computer as soon as possible.
Frankly: no company will do it for free unless you have a contract with them and they won’t initiate the call. Instead, you would be calling them, and they would only contact you. And they would ask you to call a toll free number, not a cell phone.
Remember: in today’s world, people can get a cell phone and different cell phone numbers often, and there often is no way to readily track down the person using it for nefarious purposes.
People Posing As Your Bank or Credit Card Company May Also Contact You
Banking customers are frequently contacted with bogus phone calls or emails so while your bank should provide you the following information as part of their customer service policy (particularly if you do online banking) here is a list of things you never, provide over the phone or through email:
- Access to your computer
- Your banking account numbers or the bank’s routing number
- Any passwords
- Any financial information such as credit card numbers, how much of a balance or how much credit is available through your credit card
In addition, you should never send or send any of of the above information through email. Emails are not only easy to hack by a skilled thief, this information could also potentially be accessed by a disgruntled current or former employee of the email provider. (Most people’s access to any data is revoked before someone is terminated or immediately upon their resignation and often before their final day of employment.)
What You Should Do if You Get Such a Call
If you get a call, you can do one of two things:
a) Hang up immediate
b) If you have a few minutes, try to get as much information as possible (including an email and a phone number). You then should call the number of the company the scammer is from and report the incident.
You don’t have to do this, but the sooner any company is aware of this, the sooner they can post the scam on their website, and if severe enough, issue a press release warning people so that others aren’t harmed.
Depending on the nature of the situation, they may ask that you also file a police report with your local law enforcement agency.
Where Warnings About Phishing and Other Scams Are Posted
When phishing scams are know to be ongoing, most companies will post something on their websites. For example, we recently sent an email to all of our customers because when we were preparing a shipment using UPS, we saw a notice about an ongoing scam where someone pretending to be from UPS
If people are hit with scams such as the one written about in this article, unfortunately it only becomes known to the true company when people fall for the scheme and are damaged.
Which is why if you get a call and have a half and hour or so to spare, your taking the time to find out and report as much information as you can get is important. Usually hundreds or thousands of people are harmed before the company is aware that a crook is out there.