Here's the situation: You're sitting at your desk one day, alternating between spreadsheets and a gossip blog where you've been reading up on all the latest Kanye West dirt.
Your phone rings. A panicked voice on the other end tells you they just got off the phone with Microsoft Tech Support and now their endpoint's compromised.
"I was only following their instructions," the voice bemoans. "I need your help."
You might think we're joking here, but we're not. Scams like this are on the rise. Microsoft (the real one, not the scammers) have reported a 24% rise in Tech Support scam calls. Last year the Redmond Tech giant counted 153,000 customer support complaints from people who fell for scams like this.
Now we know nobody's perfect and anyone can fall for one of these calls (or from their closely related cousins; like the scammers claiming to be from the IRS who call me and everyone I know regularly).
That said, I thought it'd be a good idea to give you a pointer or two (or three or seven) on how to avoid what could be a costly pitfall. Without further ado, here are Security7 Networks' seven steps you can take regarding How to Stop a Tech Support Phone Scam.
Step 1: Microsoft is Calling You - If you haven't been living under a rock for the last 43 years, you know a thing or two about Microsoft. They're absolutely massive in size and user base. It's difficult to manage all of that, keep it up and running and keep every user safe. They're a huge target for hackers, scammers and the ilk.
Microsoft couldn't possibly keep in contact with everyone using their product out in the wild or close every security loophole proactively. They're doing their best, sometimes it's just...well, a lot to manage. It's why companies like Security7 Networks are around. We try to pick up the slack and do what Microsoft can't.
That being said, the notion someone from Microsoft Tech Support is calling to let you know your system has been compromised should be amusing, not concerning. According to Business Insider, there are 1.25 BILLION Windows users out in the wild. Even with a net worth of $560 billion, I find it highly unlikely/implausible they budget tech support staff for each of those 1.25 billion users.
Bottom line: Microsoft Tech Support doesn't make outbound calls to let people know their computer's infected with malware. Microsoft is well aware you'll call them (or your handy dandy MSSP) if you've got a problem.Step 2: Don't always trust caller ID - Most people screen phone calls to their personal phone number. Telemarketers, scammers, your mother, you name it. There are oodles and oodles of people out there who'd like to bother you on the phone, given a chance.
If you're anything like me, if you don't recognize the number and it doesn't register on caller ID, you hit ignore and let it go to voicemail.
However, that's not so easy to do in the business world. You might not always recognize the number someone's calling you with. Caller ID can be a valuable asset in identifying whoever it is on the other end of the line.
That's where these scammers get ya.
See, Caller ID spoofing is a thing. A lot of people calling in to scam you at work nowadays are smart (well...reasonably so I guess, I'm hesitant to think the jamoke you'll end up talking to envisioned this nefarious scheme in the first place).
Scammers have figured out a way to register the number they're calling from as being a LEGITIMATE (enough) looking Microsoft phone number. Microsoft Technical Support or some variation is likely to pop up on your caller ID screen. It makes things tricky.
Our advice is this: ask yourself why in the world would Microsoft be calling you in the first place? Did you call them first? Why wouldn't they want to talk to your IT Department?
If you can't think of a viable reason as to why you're getting a Microsoft Technical Support phone call, you're probably best off letting it go to voicemail and then asking your friendly neighborhood IT specialist what the heck is going on.
Step 3: They don't sound like they are who they say they are - This one's a little tricky to discern, but it needs mentioning if the person calling you has a thick foreign accent and sounds like they're in a call center, be cautious. Especially if they're trying to mine you for sensitive data.
I don't want to come across as insensitive but this could be a dead giveaway that something fishy is going on. To be perfectly clear this step is specifically in reference to inbound calls, not an outbound call that someone's made to a real tech support or customer service department. The majority of these scam calls come from off-shore sources, mainly places like India, Pakistan and Ukraine (to name a few).
These are places where there's a relatively low cost of doing business and little oversight. The people on the other end of the phone aren't personally out to get you, they're trying to make a day's wage. It's the person who contracted the call center or cooked up the scam that is.
Using a heavy accent, or broken English does not automatically denote the caller has criminal motives. It's the accent as well as the context of what they're saying that should clue you in that something's up.
Step 4: They'll use fear to intimidate you, guaranteed - Fear's the driving factor here, and we all know it's what ultimately leads to the dark side of the Force.
These scammers might not be Sith Lords, but they know how to leverage fear pretty darn well. They'll start with simple, tiny, little things to make you feel that maybe, just maybe, they're on the level. All it takes is for one seed to take root and you'll eventually sow your destruction.
Watch out for keywords/phrases like "your computer is sending out error number xxxxxxxxx" or "your computer has been infected with a new virus that is undetectable to scanners." They're banking you'll react before you think about what they're saying. That'll open you up to the next step.
Step 5: They'll use circumstantial evidence to close the deal - After scaring the heck out of you, the scammer will probably tell you to open up your Event Log so they can show you "evidence" of the problem.
I don't know how many of you have ever experienced the "Blue Screen of Death" before for no good reason, so I'll let you in on a little secret: Microsoft Windows is rife with errors and issues that are entirely normal for it to experience. I'm betting you're already aware of this, but the OS is far from perfect.
The average user, however, has no idea. The scammers are leveraging this fact for their benefit. The best thing you can do is open up your Event Log, start looking for these instances and Googling them. You'll find a plethora of information on the interwebs regarding every one of these things, and ultimately you'll realize it's normal for them to be there, and more importantly, how harmless they are.
If you find yourself on the phone with one of these jerks, I recommend you Google the instance they mention while on the phone so that you can see how quickly they hang up on you when they realize they haven't called a run of the mill stooge.
Step 6: They recommend you go to a website, download and install the tool you find there so that they can help fix the problem - Remember when you were a little kid and your parent's told "don't touch that! You don't know where its been"?
Shockingly, the same goes for websites and downloads you're directed towards by someone on the phone, especially if you don't know that someone personally. It's more than likely they're trying to gain access to your system via malware.
Step 7: They tell you that the only way to continue is if you give them your credit card number because there's a fee attached to the service they're offering - Folks, I'm not going to spend that much time on this one. You should never, ever, EVER give your credit card number to somebody over the phone.
It'd be like answering a request for a money transfer by email or giving your PIN to someone who claims to be from your bank and needs it for "verification purposes."
It's the goal of these scammers to milk you for everything your worth, and if they get your credit card number, it's "game over," so to speak. They've accomplished what they've set out to do. The fool and his or her money have parted ways.
Interested in learning more about Security7 Networks and how we operate? Download our FREE Intelligence in Depth eBook today!