It’s an old scam but apparently still profitable for criminals. Fake phone support pretending to be from Microsoft to ‘help’ fix virus or other non-existent problems with Office or Windows.
They’ve been happening for years but seem to be getting a revival lately.
What you need to know
- Microsoft will NEVER show a message (screen, email, browser etc) asking you to call a phone number to get tech support. The screen message may look official, important or scary but if it shows a phone number to call – it’s a SCAM.
- Microsoft will NEVER call you, saying there’s a problem with your computer and offering to fix. The company simply does not do that.
Microsoft gets about 11,000 complaints every month about these scams. Those are just the ones reported to Microsoft and just those about Windows/Office (there’s similar scams for Apple, Adobe etc).
A few days ago, 26 call centers in India were raided by police. That’s great but isn’t likely to make much difference to the large organized crime gangs.
Inside a Windows / Virus Scam
It often starts with a browser pop-up message warning about a virus infection or system problem. The message tells you to call a phone number for support.
If you see a message saying to call a number, ignore it. Here’s a real example from a friend of Office-Watch.com in Holland:
It alleges that a website has triggered a ‘Windows Defender Alert’ then tells you to call a ‘Microsoft Technician’ with a local (Netherlands) phone number for a ‘Free Checkup’.
The scammers are clever, they have multi-lingual messages with local phone numbers. Most likely that local number directs to a call center far, far away.
A caller is then told to install some remote access software so the criminals can take control of the computer. They’ll see their mouse pointer moving around the screen and changing things.
Who knows what the scammers might do once they control a computer. Installing more malware is just the start. More likely they’ll spin some story about problems on your computer and charge a fee to fix it. Or offer some additional ‘protection’ package which does nothing.
Possibly they also infect your computer with nasty software to cause more trouble in the future but direct charging seems to be the main aim.
In this case they charged 450 Euro (over US$500) for a ‘Lifetime Transferable’ Windows registration and Antivirus combined. Neither of those things exist, let alone are necessary.
The criminals are experienced and clever. They look and sound very credible, right down to the above price list with encourages people to pay the more expensive ‘Lifetime’ ‘Transferable’ package.
Windows Defender
Windows Defender, Microsoft’s anti-virus/security software, comes with Windows free. It’s installs, runs and updates automatically. Perhaps Defender’s main flaw is that it’s too unobtrusive! Many people don’t know it’s there. If Defender does detect a nasty, it will remove or quarantine it right away. It may show a message to warn you, but it won’t ever ask you to call a number
Windows 10 for Microsoft Office users has a chapter devoted to Windows Defender including the very useful ‘Offline Scan’ option to find/remove especially stubborn malware.
If you can’t get rid of a screen message (they can be very persistent) get help from someone you know.
Whatever you do, don’t call the phone number given.
What to do if you’ve been scammed
Microsoft has some advice about these phone scams including suggestions if you’ve been tricked.
That advice is good but somewhat incomplete.
“Uninstall applications that scammers have asked you to install. If you have given scammers access, consider resetting your device. To learn how, see Recovery options in Windows 10.”
Good idea but most people don’t know what was installed! Some malware is hidden away and hard to find, let alone remove.
“Run a full scan with Windows Security to remove any malware. Apply all security updates as soon as they are available.”
Also a good idea but we suggest going a little further. Update Windows and Defender via Windows Update then run Defender’s ‘Offline Scan’.
“Change your passwords.”
Yes, however if the criminals have stolen your passwords they’d have taken advantage of their theft within minutes or hours.
“Call your credit card provider to reverse the charges if you have already paid.”
Good idea. There’s some concern that the criminals will retaliate for the refused payment. If the computer has been properly ‘cleaned’ or reset then there’s nothing the scammers can do.
“Monitor logon activity. Use Windows Defender Firewall to block traffic to services that you would not normally access.”
Everyone should check for unexpected logins. Many large services like Microsoft, Google and Facebook will email if there’s a suspicious or unexpected login (ie from a new computer or location).
Defender should only allow traffic from necessary / installed services.
Backup and Two-Factor Authentication
There’s two other important protections to do. Preferably they are done before the scammers get to your computer. Definitely do them after an intrusion.
Two-Factor Authentication
We keep banging on about Two-Factor Authentication because it’s the very best way to secure your important logins to Microsoft, Google, Apple and other major sites.
Both Windows 10 for Microsoft Office users and Office 2016:the real startup guide have whole chapters devoted to helping setup two-factor authentication.
Think Two-Factor Authentication isn’t for you? Think again – the myth about Two Factor Authentication.
Backups
Always have proper backups of your essential documents, pictures, videos, emails etc.
Windows 8/10 has File History which is a background, multi-version backup system Windows 10 for Microsoft Office users and Windows 8.1 for Microsoft Office users have a File History chapter which goes into a lot of detail.
For full and proper backups see Everyday Backups – protecting your documents, photos and personal info