Microsoft released findings of a survey concerning an emerging form of Internet scam that targets English-speaking markets and costs victims, on average, $875. In this type of scam, criminals pose as computer security engineers and call people to tell them they are at risk of a computer security threat.
The scammers say they are providing free security checks and claim to represent legitimate companies and use telephone directories to refer to their victims by name. Once they have tricked their victims into believing they have a problem and that they can help, the scammers are believed to run through a range of deception techniques designed to steal money.
To examine this emerging form of Internet fraud, Microsoft surveyed 7,000 computer users in the U.K., Ireland, the U.S. and Canada. The survey, commissioned by Microsoft Trustworthy Computing and conducted by Dynamic Markets, showed that across all four countries, 15 percent of the respondents had received a call from scammers. In Ireland, 26 percent had received a call.
Of those who received a call, 22 percent, or 3 percent of the total survey sample, followed the scammers' instructions, which ranged from permitting remote access to their computer and downloading software code provided by the criminals to revealing credit card information and making a purchase.
Additionally, 79 percent of those deceived in this way suffered a financial loss. Seventeen percent said they had money taken from their accounts, 19 percent reported compromised passwords and 17 percent were victims of identity fraud. More than half (53 percent) said they suffered subsequent computer problems.
Across the four countries surveyed, the average amount of money stolen was $875, with the range from $82 in Ireland up to $1,560 in Canada. The average cost of repairing damage caused to computers by the scammers was $1,730-rising to $4,800 in the U.S.
"The security of software is improving all the time, but at the same time, we are seeing cyber-criminals increasingly turn to tactics of deception to trick people in order to steal from them," said Richard Saunders, director of international public and analyst relations at Microsoft. "Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money."
While Microsoft's research shows the huge scale of the phone scam issue, at this stage it is believed to only affect countries where the main language is English. However, according to Saunders, it's only a matter of time before the scammers acquire skills in other languages and look to expand their operations. "Fake lottery scams and other forms of Internet scams have followed this pattern," he said.
Because phone scammers rely on deception, Saunders said he believes the most effective protection lies in consumer education to prevent people from becoming victims in the first place. Microsoft recommended being suspicious of unsolicited calls related to a security problem, even if they claim to represent a respected company and warned never to provide personal information, such as credit card or bank details, to an unsolicited caller.
The company also recommended not going to a Website, typing anything into a computer, installing software or following any other instructions from someone who calls out of the blue. Instead, those contacted should take the caller's information down and pass it to the authorities, use up-to-date versions of Windows and application software, make sure security updates are installed regularly, use a strong password and change it regularly, and make sure the firewall is turned on and that antivirus software is installed and up-to-date.