If you receive a phone call from a security 'expert' offering to fix your PC - it's a scam. Here's how to avoid the 'Microsoft phone scam', and what to do if you fear you have fallen victim to it. See all PC security advice.
Recently I was asked to comment on a news story by a local TV station. There's nothing particularly unusual about that, but it struck me that this particular 'news' story was anything but new. It was in relation to a scam commonly known as the 'Microsoft phone scam'. This is something as a misnomer, as Microsoft has nothing to do with it, but the software giant's name is used by criminals in order to solicit money. Visit Security Advisor.
A quick check on Google Trends shows that the term 'Microsoft phone scam' first became popular in mid 2009, and peaked in September 2011. But the scam is still around, and my recent televisual experience suggests lots of people are being caught out. Indeed, there are regular posts about receiving calls on our forum. So here is how to avoid the 'Microsoft phone scam' in the first place, and what to do if you are a victim.
Microsoft phone scam: how it works
Scammer calls you, and asks for you by name. They say they are a computer security expert from Microsoft (or another legitimate tech company). The 'security expert' is plausible and polite, but officious. They say that your PC or laptop has been infected with malware, and that they can help you solve the problem. What happens now depends on the particular strain of scam with which you have been targeted.
Some crooks will ask you to give them remote access to your PC or laptop, and then use the access to harness your personal data. Others get you to download malware that will do that task for you. A more straightforward scam is to simply ask for money in return for a lifetime of 'protection' from the malware they pretend is on your machine.
Here's the important bit: no legitimate IT security pro is ever going to call you in this way. For one thing, they can't tell that your PC is infected. They've got your name from the phone book, or any one of the thousands of marketing lists on which your details probably reside. They know nothing about your home computing set up - it's a fishing trip to see if they can hook some low-hanging fruit (forgive the torturous mixed metaphors).
Basically, somebody is sitting in a room calling number after number hoping to find a victim. It's not personal, but it is ultimately dangerous to your financial and technological health.
Microsoft phone scam: what to do if you are called
1. Number one: put the phone down. Get rid of the caller and move on with your life. It is not a legitimate call.
2. During your conversation, don't provide any personal information. This is a good rule for any unsolicited call. And certainly never hand over your credit card or bank details. Just don't do it.
3. If you've got this far, we can only reiterate point number 1: get off the phone. But whatever you do don't allow a stranger to guide you to a certain webpage, or instruct you to change a setting on your PC or download software.
4. If possible get the caller's details. You should certainly report any instance of this scam to the police.
5. Finally, change any passwords and usernames that could plausibly have been compromised, and run a scan with up-to-date security software. Then ensure that your firewall and antivirus are up to date and protecting your PC.
Oh, and there is a number 6: tell everyone about it. This scam preys on people's insecurity about lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge. It is much easier to put the phone down if you are forewarned.
Microsoft phone scam: what to do if you have been a victim
First of all don't beat yourself up. This could happen to anyone (and does). You need to change all the personal data that you can change. As much as you might like to you can't change your date of birth, and changing your name and address seems extreme. But you can change all your passwords and usernames, starting with your main email account and any bank- and credit card logins. Also, contact your bank to ask them to be on the look out for anything dodgy.
Again, use up-to-date security software to scan and cleanse your PC, and if the scammer did get you to do something to your PC using System Restore to roll back the settings is always a good idea. And tell the police. If you have lost money, it's possible your credit card company or contents insurance will cover the loss.