Today's call came the same way it has almost daily for the last couple of weeks. Shortly after I got to my desk, the phone rang, and a voice with a thick South Asian accent said, "This is Windows support…"
Then it went on to tell me that my computer was infected with all sorts of dreaded malware. The person on the other end wanted me to open up a support session so he could look at my computer.
For a while it was a minor enjoyment to play with the caller, to see how long it would take to throw them completely off of their script. On today's call it happened when I said, "But my computer runs Linux."
While a call to me might be a scammer's nightmare, the same isn't true everywhere. In far too many small and medium businesses, the person who answers the phone has only a vague idea of who Windows Support might be and likely will fall for the trick.
Once that happens, your network security is gone as the scammer breezes through most forms of protection while he installs some handy malware onto the unfortunate employee's computer.
This basic scam has been going on for a while now, and apparently it's successful enough that it's still going. Worse, this scam and others have been ramping up lately. Robocalls, for example, have peaked during November. According to YouMail, which keeps track of such things, these calls are up 43 percent in the month of November. That comes out to nearly one billion calls in just one month.
Of course, those are robocalls, but indications from others are that other scam calls are also rising rapidly. One of the most insidious are those calls purporting to be from Microsoft, but of course actually aren't.
With those calls, the scammers prey on the ignorance of people who aren't experts in IT or security, but rather on people who have heard about bad things, but who aren't familiar enough with their computers or with their company's IT policies to know when something isn't right.
"We hear via our front-line support team, and even from friends and family, that these scammers are getting bolder," a Microsoft executive said in a recent blog. The blog goes on to explain how these calls work.
"This tech scam follows a well-known pattern. A phone call comes in from a blocked or international number, and the caller urgently claims to be a Microsoft-certified tech agent who has detected viruses or malware on your Windows PC that must be fixed right away.
These callers use scare tactics such as telling you to check your Event Viewer to reveal a bunch of 'errors' or even ask to take over your PC remotely to reveal more so-called problems. And, inevitably, they demand payment via credit card or online payment system, usually to the tune of several hundred dollars, to clean your PC. If you resist, they often get angry or even threaten to destroy data on your computer."