Ask Leo: Next Steps for Victims of Microsoft Support Scam

askleo

By Leo Notenboom

A family member got scammed by a telephone call from someone saying that they were from Microsoft, calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help! Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded on to a new HD/computer?

As you point out, it’s a scam. Microsoft doesn’t call people because of
errors on their computer. Neither do ISPs, security companies, or pretty much
anyone else who might claim some role of internet authority or otherwise.

To quote Admiral
Akbar
: “It’s a trap!”

I’ve been getting lots of reports of this scam and its variants of late.
Fortunately, many people are rightfully suspicious and cut it off before it
goes too far.

Unfortunately, having fallen for the scam puts you in a difficult and
dangerous position.

To start with, let’s not hook up that external hard drive just yet.

The Scam

The scam is very simple: someone calls you claiming to be from Microsoft or
your ISP or your anti-malware provider or some other authoritative company. Of
course, they are not.

They claim that they’ve detected that your computer is causing many errors
on the internet or that there are “problems with your account”. To prove
that there’s something wrong, they ask if your computer has been crashing
recently. Or they have you open up the event
viewer
and point out the many, many errors listed there. Crashes are,
unfortunately, too common and the event viewer is a mess – full of
messages, warnings, and errors, even on a machine that’s working just fine. They
simply use this confusion and misinformation to claim that your computer has a
problem.

And, of course, they can fix it.

The scammer asks you to connect to a remote access site, such as logmein.com or
ammyy.com, so you can give them access to your computer and they
can correct the problem for you. Important: Sites like
logmein.com, ammyy.com, and perhaps other remote-access services used for this are not involved in the scam. They’re just web services that the scammer happens to
use and nothing more.

That then leads to the scam’s hook. While accessing your machine, the scammer does typically one of two things:

  • They install malware.

  • They determine that you’ll need to purchase something – perhaps software, extended services, or whatever. At this point, they ask for your payment information.

  • You’re either left with a malware-laden machine (that won’t be “fixed”, by
    the way), bogus charges on your credit card, or both.

    It’s a classic scam.

    Avoiding the scam

    It’s classic scam-avoidance 101: never completely trust someone who you don’t
    know who calls you.

    Listen to them, if you like. Ask questions, if you feel so motivated, but
    never ever give them access to your PC and never ever give
    them your payment information.

    Let them know that you’ll have your local tech look into it (even if you
    don’t have one).

    Once it’s clear that you’re not going to fall for the trap, it’s very likely
    that you’ll get hung up on or that the caller may even become abusive; at
    that point, you can hang up on them.

    If you’re concerned that there is a real problem, do the research yourself,
    or contact the technical resources that you trust and ask them about it.

    Chances are there’s nothing to see here.

    How to Recover from the Scam

    This post is excerpted with Leo’s permission from his blog.

    FaceBook URL: Leo’s Facebook

    Twitter URL: http://twitter.com/askleo

    Stop Responding to Threats.
    Prevent Them.

    Want to get monthly tips & tricks?

    Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

    Related Articles