Beware of Fake Microsoft Support Techs

According to an article in today’s Computerworld, there’s been a rash of bogus Microsoft Support Techs trying to sell pirated Malwarebytes software to the unsuspecting. What’s made it worse is that while most computer users have long expected that a bogus support tech would have an Indian accent, as most of these companies are in India, recent fake callers have “American” accents, making it seem like they do work for Microsoft.

From the article:

In a new trend, scams have gone home-grown, said Malwarebytes on Monday, with twists that include bogus warnings driven by malicious websites that urge users to call a toll-free number.

“This is the first instance [of a Windows support scam in the U.S.] on this scale that I’ve found,” said Jerome Segura, a senior security researcher with San Jose, Calif.-based Malwarebytes. “Most scammers are in India, but we wanted to expose this because they’re harming U.S. customers, who will feel more comfortable with a [native] English speaker.”

I recently was called, not once, but twice, from a person with a 206 area code, which is Seattle.  This, of course, would make one think that the call was indeed coming from Microsoft Tech support.  However, both times this caller had an Indian accent.  I flat out told him he was a scammer, and then hung up.  The Computerworld article detailed several different ways that the scammers scare their prey into purchasing their “goods”.  One is the good old “ransomware” technique, using scary graphics. 

Rather than cold-call victims — most India-based scammers blindly dial telephone numbers, figuring that most people who answer will have a Windows PC — E-Racer relied on fake alerts. The warnings, which were embedded in fraudulent websites, those sites often tied to URLs that might appear in search results for Windows errors, scream “Warning! Your computer may be at risk. For emergency Tech Support call immediately.” A toll-free number is prominently displayed.

As I’ve told my students (and WSAV, when I was interviewed by them), the best way to get out of this situation is to “X-out” of the window, as the scammer cannot control Microsoft’s window controls.  Then turn off your computer.

The other way that they get the gullible computer user into becoming a victim is to direct the user to look at a Windows log on their computer that contains harmless entries.  To a user who isn’t tech-savvy, these could look serious, but they’re not.

As expected, the article states that the fraudsters are often targeting the elderly, because they’re just not as tech-savvy as younger users (or users younger than, say, 50), and recent FBI IC3 stats for 2013 bear this out. 

Users have to understand that their Microsoft Event Viewer is not tied to MS without their permission, and the default setting is off.  But even more important, users have to remember that if they have not requested such a service, if they’re not expecting such a call, then how would the caller know that there is something wrong with their computer?

So if you get a phone call like the one described in the article, before you just hang up, tell the caller that you’re going to report their number to the Federal Trade Commission.  If you get a window with the message, don’t click in it, just “X-out” and perhaps restart your computer.  Don’t fall victim to this kind of scam!

Here’s the article from Computerworld