Computer owners beware: you might take time off work to celebrate the holiday, but scammers don’t. You already know to be on guard against phishing attempts sent to your e-mail, but it looks like the old dormant “phone call from Microsoft” scam has been revived, and a friend of ours almost got caught in it.
What’s that, you say? You’ve never heard of the “Microsoft phone call” scam? To be honest, neither had I (although Mark Huffman wrote about it a few months ago) until a couple days ago, when our friend “Sammy” (not his real name) posted this on his Facebook page:
I just nearly got scammed. Phishy phone call from "Microsoft Technical Support Security Team" alerting me to possible malware and viruses being spread from my computer every time I logged onto the web. Sounded scammy, but also possible... dude had me run a few simple commands to "prove" he was legit and I fell for them. I'm ashamed to admit I went so far as to download and run a remote connection application and watch as they took total control of my PC. I finally said no and pulled my LAN cable out of my router when they claimed my OS was out of warranty and they could update me remotely for a fee. I'm really hoping they didn't get anything in the minute or so they had control.
Currently changing every login and password I use from this second computer.
Beware. I consider myself savvy - but they got me.
For what it’s worth, Microsoft support page says they will never call you. They will use ISPs as intermediaries to resolve any possible issues that might come up. So if you get a call from Microsoft, hang up. (Thing is, the scammers called about six times in a row, insistent there was a problem. I finally gave in despite considerable misgivings from the get-go.)
General rule: anytime somebody contacts you out of the blue seeking personal information or control of your computer, and you feel any misgivings ... don't listen to them. Just hang up. (Though it's completely understandable how six phone calls in a row might have worn someone down, too.)
Yet the “Microsoft phone call” scam is nothing new. In October 2012, the scammers tried calling Ars Technica writer Nate Anderson, who noted:
When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.
This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such "boiler room" call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.
When Sammy read Anderson’s story, he ruefully admitted: “that Ars Technica article is the exact thing that got me. Folks, read that to see what I just went through. I even got the same ‘John’ with the clean Indian accent!”
So here we are, 14 months after the FTC announced its major crackdown and Ars Technica wrote about it—and the exact same scam is still playing out.