We’ve written before about the abundance of spam emails, but while scammers are clearly branching out into the digital realm this doesn’t mean that email is their only tool. In fact, within the last few years we have experienced a number of scam phone calls that purport to be from Microsoft or the more generic “tech support.” After ignoring a series of calls from 012345678 for several days, our CTO, Megan Durham, finally decided to pick up and see what the caller had to say. Here’s a rundown of how that call went:
MD: Hello?
Caller: Yes, is this Megan?
MD: This is Megan. Who is this?
Caller: I’m calling from Microsoft Tech Support to let you know that your Windows computer is sending us hundreds of error messages and it might be infected.
MD: Really? How did you know this?
Caller: Like I said, we’re receiving error messages from your operating system.
MD: Are you sure?
Caller: Yes.
MD: I have dozens of computers here at this location. How do you know it’s me?
Caller: Because of the error messages. Can I walk you through verifying them on your system?
MD: (sigh) Sure.
Caller: So, first thing I need you to go to the start menu so that you can open of the Event Viewer and see…
MD: (interrupting) The, the start menu you said?
Caller: Yes ma’am.
MD: But I have a Mac. I don’t have a start menu.
Caller: Then why did you say you had a Windows machine?
Me: I didn’t. You did.
After that, the caller got angry and hung up. Now, while Megan admits she may have been a bit rude to the gentleman, there were a couple of red flags in the phone call that tipped her off to the fact that this was a scam.
- Microsoft, Windows, and tech support agents do not call you out of the blue to tell you about errors on your computer. They have programs built into your OS for that. You will never get a legitimate call from one of these companies to fix your computer.
- The number was off. Most of these scammers are overseas but use VoIP technology to hide their location and phone number.
- Asking her to go to Event Viewer. Now, we don’t use PCs at the office, but many of us have one at home and are well acquainted with Event Viewer. It’s an application within Windows that aggregates every single log file for your computer, and is usually used to diagnose errors. However, most of the events that it keeps track of are harmless errors that don’t even require fixing. But to the untutored eye, the red exclamation points and yellow warning signs look a lot like virus warnings and can be used to trick you into thinking your computer is actually infected.
Megan ended the phone call early, mostly because even when her desire is to waste scammers’ time, she doesn’t have a lot of patience with them. However, after doing a little bit of research online, a pattern emerged as to what would have happened had she stayed on the phone (and actually had a PC):
- The caller would have shown her all of the errors in Event Viewer (or stopped programs in msconfig, CPU spikes in task manager, error logs in System Information, Prefetch files, temp files, directory contents and paths in cmd.exe, pings on a Mac, or any number of other options).
- They would have tried to convince her that the computer was in imminent risk of death and destruction.
- They would have a couple of options:
- They could have her start a remote access session with them so that they could “clean the computer,” allowing them full access to just about anything they were looking for.
- They could send her to download a program that is actually a Trojan or other malware file in disguise.
Either way, they would have been potentially able to access everything on her computer: all of her files, documents, and information. They could install a keylogger to grab her logins and credit card information, or they could turn her computer into a zombie bot. They could have even locked her out of the computer. This scam is very well structured to bring in the unwary. It provides enough evidence to anyone not well versed in computers that they might very well fall for it.
So what can you do?
Tell your friends and family. Let them know that they need to be wary of cold calls like this, and that if they do get one, they should verify that they do have a virus with an actual computer repair company they trust or their service provider, rather than letting a stranger on the phone have access to their computer. Have them make sure their virus software is up to date, and remind them that the Internet is still a bit like the old west. It’s wild out there.