In the July issue of Microsoft’s free Security for Home Computer Users newsletter(sign up here), there was an article entitled “Is that Call from Microsoft a Scam?” The answer in a nutshell was: yes, it is a scam.
Microsoft is not going to call you. Neither is Hewlett Packard, Dell, Symantec, Comcast, your ISP, Google, Yahoo, or your email service provider. If you get a call, and they are trying to tell you that they can tell your computer is infected with hundreds of horrible viruses, just hang up the phone. No one can tell that on a phone call, and the call is totally bogus.
The usually progression is to have you open Event Viewer and look at all the Windows errors, saying that this is proof that you have malware, and they can fix it. They will ask you to accept an invitation form some sort of remote access and control product, it might be TeamViewer or LogMeIn or something else, but remote control is a footstep away from being a Trojan Horse. Before you know it, they are asking for your credit card information so they can charge you $300 to fix it. One of the questionable India-based firms engaging in this chicanery is iYogi, but there are others. They can claim to be calling from New York, San Francisco, or even your own town. The can and do spoof their Caller ID phone number to look local or at least like they are US-based.
My advice is simple: JUST HANG UP!
The other variation I have been hearing about from my clients is the fake support link on Google or other search engines. Let’s say you want to contact Microsoft support, so you Google that into a search box. Here is what you get:
The first three results are paid ads for “Microsoft Support” from companies that have nothing to do with Microsoft. These companies are:
The fourth listing is the Microsoft customer service number, and appears to be legitimate.
The fifth entry is the actual Microsoft support web site. Look at how microsoft.com is in the green colored web address under the blue heading.
In fact, when Googling up information such as this, you really need to look for the green web address under the blue headline. If the web address looks odd, your results will probably be odd as well.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com