Announcement

Collapse
No announcement yet.

Security Alert: Bogus tech-support phone calls

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Alert: Bogus tech-support phone calls

    Anne has just taken our eighth or ninth call over the past few weeks regarding the above. I subscribe to Windows Secrets and in today's issue they have written about the scam and asked for the contents to be shared.


    Top Story

    Security alert: Bogus tech-support phone calls
    By Fred Langa


    "Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection."

    The call is a scam — an extremely prevalent one. Here's how it works and what you need to know to stay out of the trap.

    Scams come and go, but this particular one seems to have staying power — and it's spreading quickly. It's now so common, the Internet Crime Complaint Center (a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center) issued a Jan. 7 special alert, "New twist to online tech support scam."

    Windows Secrets reader Scott Brande was recently on the receiving end of a typical tech-support con. Recognizing it for what it was, he carefully documented the attempted snow job, then sent in his notes as a service to all Windows Secrets readers.

    His narrative, plus the resources I'll list at the end of this article, can help you — and the people you care about — avoid falling prey to this malicious tactic.

    Scott's description of how the scam played out:

    "This morning I received a telephone call (the second such call in two weeks) about infected files on my computer; the caller then offered to fix the problem. Suspecting a scam, I decided to play along.

    "I think it was the same caller both times. He had a strong accent, the kind I'm used to hearing on outsourced help lines. I asked the caller's name both times; the first time he replied, 'Mike Tyler,' and the second time he was 'Andrew.' He began the call by saying that he's with Microtek, an authorized supporter for Windows operating systems. (My spelling of the company's name was a guess; the caller never spelled it out.)

    "I asked immediately whether this was a sales call. Without directly answering my question, he launched into what sounded like a script. He stated: 'Our servers have received information from your computer that indicates it is infected.'

    "When I questioned him about his company, he told me I'd find 'Microtek' listed on [an online business directory] — as if a listing in the directory were proof his call was legitimate! When asked where the company was located, he replied, 'Houston, Texas.' I then asked for his employee ID; he gave me 'MSCE079502.'

    "(After the call, I ran an online search and came up with a Microtek in Houston; it's a training facility for business computer users — not a technical-support center. I assume the caller just picked Microtek's name off the Web. I don't believe the real Microtek had anything to do with the bogus tech-support call.)

    "Changing topics, I asked how he knew my computer was infected. He replied that his company is an authorized Microsoft Partner and, because I use Microsoft Windows, my computer sends notifications to Microtek servers.

    "I then asked how he knew about my specific computer; he stated that his server gets updates from my PC. He then asked whether I ran Windows Update. When I said yes, he went on to say that Microtek servers got the information about infected files in my system via Windows Update.

    "I countered, stating that Windows Update goes only to Microsoft servers — not Microtek servers. But he simply repeated that Microtek is an authorized Microsoft Partner.

    "Next, I asked him which one of my computers was infected (I have several at home), to which he said something vague about a MAC address. When asked which MAC address he had for my machine, he would state only that, for 'security reasons,' he couldn't tell me the MAC address (even though it was my own PC).

    "At this point, I expressed my doubts about all this information. But he was quite persistent; he stated that 'some of our clients in your area have been affected by the infected files on your machine.' He then claimed I had upward of '1,000 infected files.' When asked who these local clients were, he said he couldn't tell me that (of course).

    "I asked how his clients' machines could possibly be affected by my home computer. He didn't answer this but went directly to the following: 'OK, I'll show you the infected files on your computer.' He instructed me to enter .inf into the Start menu search box, then declared that all these files were 'infected' (that .inf stands for 'infected' or 'infection').

    "At that point, I said I didn't believe that was true; it was my understanding that .inf was a particular type of file that comes with software installed on my computer.

    "At this point, he ended the call — probably because I knew that .inf didn't refer to infected files. As it was, I'd had him on the line for a good 15 minutes.

    "As I mentioned, this is the second such cold call I've received in about two weeks. The pitch given in the two calls was very consistent; I surmise there must be many others who have been presented with the same scam."

    Great job, Scott! Your suspicions are totally correct: This was just a scam. And yes, it's extremely widespread.

    Bogus tech-support call raises red flags
    Two of the caller's assertions in Scott's narrative immediately indicate a scam:

    Microsoft or one of its partners made the call: False! Microsoft flatly states:

    "Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. … Do not trust unsolicited calls. Do not provide any personal information." (See the full text on Microsoft's "Avoid tech support phone scams" page.)

    Windows Update collects personally identifiable information: False, again! Even if it wanted to, Microsoft — or a Microsoft Partner — can't track you down and cold-call you via information acquired by Windows Update. You'll find more details on the online "Windows Update privacy statement" page; a more colloquial version on the "Using Windows Update" page states unequivocally: "Windows Update is committed to protecting your privacy and does not collect your name, address, e-mail address, or any other form of personally identifiable information."

    Scott's caller raised other red flags, too. For example — just as Scott thought — .inf stands for information, not "infection." An .inf is just a plain-text file containing information Windows uses when it's installing a driver. (See the MSDN article, "Overview of INF files [Windows drivers].")

    Knowledge of INF files is somewhat specialized — not everyone will know what they're used for. But the first two red flags should be easily recognized by any experienced Windows user.

    Bottom line: If you get an unsolicited call from anyone offering to "fix" your computer (especially if they claim to be from Microsoft or a Microsoft Partner) hang up immediately — it's a scam!

    Further scam-proofing — and reporting scammers
    For more information about how to recognize the type of scam Scott ran into, see the MS Safety & Security Center page, "Avoid scams that use the Microsoft name fraudulently."

    You'll find additional ways to generally scam-proof yourself on the U.S. Federal Trade Commission (FTC) site, "Telemarketing Scams."

    If you receive (or have already received) a scam-related phone call, the FTC requests you dial (toll-free) 1-877-FTC-HELP or visit the Complaint Assistant site.

    If you're on the receiving end of an attempted scam via the Web (rather than by phone), file a complaint on the Internet Crime Complaint Center's free website.

    And here's some preventive medicine that might help. Register all your phone numbers with the National Do Not Call Registry (free; site). You need to register a number only once; the registry never expires. This won't stop all unsolicited calls, but it will stop most. If your number is on the Registry and you still get calls, they're likely to be from scammers ignoring the law. In that case, call the FTC number listed above and file a complaint.

    Additional steps you can take to foil scams
    The tech-support con plays on our too-often-justified fear of malware infections.

    To ensure your PC is configured properly to prevent malware infections, download and run the free Microsoft Malware Prevention troubleshooter (site). The software is a form of automated fixit that checks whether various Windows settings (Policy, User Account Control, Proxy, etc.) are configured for maximum safety. If anything's amiss, the troubleshooter can make changes for you automatically — or let you make them manually.

    If you suspect that your PC is already infected with some type of malware, immediately run one of the free standalone security tools, such as ESET's Online Scanner (site), Microsoft's Safety Scanner (site), or Trend Micro's HouseCall (site).

    And always, always, always use a good, constantly-on anti-malware tool — there are many good products available, both free and paid. I list six products in the Feb. 16, 2012, Top Story, "Is your free AV tool a 'resource pig'?" You'll find much more on protecting your PC in this week's LangaList Plus column in the paid section of the newsletter.

    Keep everyone safe: Share this article!
    This bogus tech-support scam is widespread and on the rise. It's entirely possible you — or someone you care about — will be a target.

    As a Windows Secrets reader, you likely already have the knowledge — as Scott did — to recognize the scam for what it is. But computer novices, the technologically unsophisticated, and the elderly often fall prey to this kind of fraudulent pitch.

    So do them a favor and send this article to everyone who depends on you for tech support!
    ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++

    Regards. Barr1e

  • #2
    Re: Security Alert: Bogus tech-support phone calls

    I had a call with the same sort of patter claiming to be from BTVIRGIN internet the other week.
    The name gave it away from the first line.

    Yip, be careful of these sort of things.
    Being left handed my brain sometimes works sdrawkcab

    All the best

    Andy

    E1,E5,E420,E-M5,OM1(N),14-54,12-60SWD,7-14mm,50-200,50mm F2.0 macro,25mm pancake,EC14,Sigma 50-500 HSM,m4/3 14-150,Om50mm(F1.,OM28mm(f2.,FL36,HLD4,HLD2,Epson P3000,crap tripod,Manfrotto 680B monopod,various filters/CF cards.

    My Flickr

    Comment


    • #3
      Re: Security Alert: Bogus tech-support phone calls

      Thanks Barrie, very useful. There's a lot of it about - if I get many more calls I'll soon be on first name terms with them, even if their accents are a little unusual for George, Peter or James!
      John Perriment

      A photograph is more than a record of what you see - it's a window to your soul

      Comment


      • #4
        Re: Security Alert: Bogus tech-support phone calls

        Thanks for all that information Barrie you certainly handled that well. I have the call preference service on my phone, I had a cold call yesterday and told the caller that I am on call preference service and the reply was that they did not come under that,my reply was that I came under that they then declined and I put the phone down. You really have to keep on your toes. John*chr

        Comment


        • #5
          Re: Security Alert: Bogus tech-support phone calls

          I got the same call - but since I use Linux I was pretty sure my machine wasn't sending personal information to a Microsoft partner

          Just tell them you use Linux and they go away real quick.

          D.

          Comment


          • #6
            Re: Security Alert: Bogus tech-support phone calls

            Originally posted by David View Post
            I got the same call - but since I use Linux I was pretty sure my machine wasn't sending personal information to a Microsoft partner

            Just tell them you use Linux and they go away real quick.

            D.
            Hehe, sometimes it's more fun to act dumb.

            "Are you sitting at your computer at the moment Mr Perriment?"

            "Yes."

            "Good. First I need you to press the button with the Microsoft logo."

            "Oh, I didn't say it was switched on."

            "OK, switch it on and tell me when your desktop appears."

            After a long pause......

            "Do you have the desktop yet, Mr Perriment?"

            "No, all I've got is this blank blue screen."

            And on it goes!
            John Perriment

            A photograph is more than a record of what you see - it's a window to your soul

            Comment


            • #7
              Re: Security Alert: Bogus tech-support phone calls

              I don't have the time or your patience, John! Because our phone is listed under my wife's name, whenever someone calls and asks 'Am I speaking to Mr X?', it's a dead giveaway and the answer is 'No'. It can be amusing when they try to get back on their script, but I often end up giving them a few seconds' blast of my Dad's old ARP whistle!

              Andrew

              Comment


              • #8
                Re: Security Alert: Bogus tech-support phone calls

                Originally posted by Andrew Riddell View Post
                I don't have the time or your patience, John! Because our phone is listed under my wife's name, whenever someone calls and asks 'Am I speaking to Mr X?', it's a dead giveaway and the answer is 'No'. It can be amusing when they try to get back on their script, but I often end up giving them a few seconds' blast of my Dad's old ARP whistle!

                Andrew
                Hi Andrew, unfortunately I do have the time to waste (well, usually, but it does depend what mood I'm in) and at least it delays them getting to their next victim. Also, it can be quite entertaining when they finally realize that they have been had and lose their composure!
                John Perriment

                A photograph is more than a record of what you see - it's a window to your soul

                Comment


                • #9
                  Re: Security Alert: Bogus tech-support phone calls

                  I've had a few of these and my first question to them is "For security reasons can you tell me what version of Windows I am using?" This sometimes sends them away but even if they give an answer I then say "Wrong, I use OSX"!

                  David

                  Canon 7DII, Sigma 150-600mm Sport, Sigma 18-300mm, Sigma 8-16mm, National Geographic Expedition Carbon.

                  "It is better to light a single candle than curse the darkness" - Confucius (551479 BC)

                  Comment


                  • #10
                    Re: Security Alert: Bogus tech-support phone calls

                    Originally posted by John Perriment View Post
                    Hehe, sometimes it's more fun to act dumb.
                    What you're describing is known as "scambaiting". The best site to read about the activities of these brave and courageous individuals is http://www.419eater.com/

                    Just be aware that you'll be there all day when you start reading what some people do to bait these scammers. I'm stunned at how far some of the scammers are prepared to go when they have the merest hint that they might get some money out of you.

                    The "tech support phone call" is one such scam that's been baited. I read one once (probably on that site) in which someone baited them for over an hour - pretending to follow the advice of the phone call, but really just sitting there with his arms folded no doing anything.

                    They do say that they don't advise the uninitiated to go baiting because some of these scammers do have "contacts" here in this country and, if they find out who you are, you may get someone knocking on your door.

                    In short, leave the scambaiting up to the "professionals" and content yourself with reading their activities on that website.

                    Comment


                    • #11
                      Re: Security Alert: Bogus tech-support phone calls

                      Originally posted by JSR View Post
                      They do say that they don't advise the uninitiated to go baiting because some of these scammers do have "contacts" here in this country and, if they find out who you are, you may get someone knocking on your door.
                      That's a good point, they obviously use the telephone directory because our number is still listed under my wife's maiden name, we just never bothered to change it. Whilst they do not have my real name, and this acts as a great indicator of a scammer, our address is, of course, also listed in the directory.
                      John Perriment

                      A photograph is more than a record of what you see - it's a window to your soul

                      Comment


                      • #12
                        Re: Security Alert: Bogus tech-support phone calls

                        Originally posted by John Perriment View Post
                        That's a good point, they obviously use the telephone directory because our number is still listed under my wife's maiden name, we just never bothered to change it. Whilst they do not have my real name, and this acts as a great indicator of a scammer, our address is, of course, also listed in the directory.
                        I thought the numbers were just generated at random, probably computer generated.

                        All my calls are screened through an answering machine but if, by chance, I pick up a call and it's a spammer or other nuisance caller, I simply say "sod off" then hang up on them. Not very ladylike but effective.

                        Pol

                        Comment

                        Working...
                        X