Please read: Don’t fall for phony phone tech support calls claiming to be from Microsoft
Here’s another form of Internet fraud that combines a variety of other common scams—social engineering, fake security software, and phishing.
Cybercriminals have started calling people on the telephone, claiming to be from Microsoft, and offering to help solve their computer problems. Once cybercriminals have gained a victim’s trust, they can do one or more of the following:
- Trick people into installing malicious software on their computer.
- Take control of a victim’s computer remotely and adjust settings in order to leave the computer vulnerable.
- Request credit card information so that cybercriminals can bill for the phony services.
Microsoft will not make unsolicited phone calls to help you with your computer. If you receive a phone call like this, hang up.
LONDON — June 16, 2011 — Microsoft Corp. today released findings of a survey* into an emerging form of Internet scam that targets English-language markets and costs victims on average US$875.
The scam works by criminals posing as computer security engineers and calling people at home to tell them they are at risk of a computer security threat. The scammers tell their victims they are providing free security checks and add authenticity by claiming to represent legitimate companies and using telephone directories to refer to their victims by name.
Once they have tricked their victims into believing they have a problem and that the caller can help, the scammers are believed to run through a range of deception techniques designed to steal money.
To establish the extent of this emerging form of Internet fraud, Microsoft surveyed 7,000 computer users in the U.K., Ireland, U.S. and Canada. The survey showed that across all four countries, 15 percent of people had received a call from scammers. In Ireland this rose to 26 percent.
Of those who received a call, 22 percent, or 3 percent of the total survey sample, were deceived into following the scammers’ instructions, which ranged from permitting remote access to their computer and downloading software code provided by the criminals to providing credit card information and making a purchase.
The vast majority (79 percent) of people deceived in this way suffered some sort of financial loss. Seventeen percent said they had money taken from their accounts, 19 percent reported compromised passwords and 17 percent were victims of identity fraud. More than half (53 percent) said they suffered subsequent computer problems.
Across all four countries surveyed, the average amount of money stolen was $875 (U.S.), ranging from $82 (U.S.) in Ireland up to $1,560 (U.S.) in Canada. The average cost of repairing damage caused to computers by the scammers was $1,730 — rising to $4,800 in the U.S.
“The security of software is improving all the time, but at the same time we are seeing cybercriminals increasingly turn to tactics of deception to trick people in order to steal from them,” said Richard Saunders, director of International Public and Analyst Relations at Microsoft. “Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money.”
While Microsoft’s research shows the huge scale of the phone scam issue, at this stage it is believed to only affect countries where the main language is English. However, according to Saunders, it’s only a question of time before the scammers acquire skills in other languages and look to expand their operation. “Fake lottery scams and other forms of Internet scams have followed this pattern,” Saunders said.
Because phone scammers rely on deceiving, Microsoft believes the most effective protection lies in consumer education to prevent people from becoming victims in the first place.
The following is Microsoft’s advice:
| • | Be suspicious of unsolicited calls related to a security problem, even if they claim to represent a respected company. |
| • | Never provide personal information, such as credit card or bank details, to an unsolicited caller. |
| • | Do not go to a website, type anything into a computer, install software or follow any other instruction from someone who calls out of the blue. |
| • | Take the caller’s information down and pass it to the authorities. |
| • | Use up-to-date versions of Windows and application software. |
| • | Make sure security updates are installed regularly. |
| • | Use a strong password and change it regularly. |
| • | Make sure the firewall is turned on and that antivirus software is installed and up to date. |
| • | Microsoft Security Essentials is a free antivirus product and is available athttp://www.microsoft.com/en-us/security_essentials/default.aspx. |
The Microsoft survey showed that 67 percent of people who lost money were able to recover, on average, 42 percent of it. Microsoft advises anyone who thinks they may already have been a victim of a phone scam to do the following:
| • | Change their computer’s password, change the password on their main email account and change the password for any financial accounts, especially bank and credit cards. |
| • | Scan their computer with the Microsoft Safety Scanner to find out if they have malware installed on their computer. |
| • | Contact their bank and credit card companies. |
