Today’s call came the same way it has almost daily for the last couple of weeks. Shortly after I got to my desk, the phone rang, and a voice with a thick South Asian accent said, “This is Windows support…”
Then it went on to tell me that my computer was infected with all sorts of dreaded malware. The person on the other end wanted me to open up a support session so he could look at my computer.
For a while it was a minor enjoyment to play with the caller, to see how long it would take to throw them completely off of their script. On today’s call it happened when I said, “But my computer runs Linux.”
While a call to me might be a scammer’s nightmare, the same isn’t true everywhere. In far too many small and medium businesses, the person who answers the phone has only a vague idea of who Windows Support might be and likely will fall for the trick.
Once that happens, your network security is gone as the scammer breezes through most forms of protection while he installs some handy malware onto the unfortunate employee’s computer.
This basic scam has been going on for a while now, and apparently it’s successful enough that it’s still going. Worse, this scam and others have been ramping up lately. Robocalls, for example, have peaked during November. According to YouMail, which keeps track of such things, these calls are up 43 percent in the month of November. That comes out to nearly one billion calls in just one month.
Of course, those are robocalls, but indications from others are that other scam calls are also rising rapidly. One of the most insidious are those calls purporting to be from Microsoft, but of course actually aren’t.
With those calls, the scammers prey on the ignorance of people who aren’t experts in IT or security, but rather on people who have heard about bad things, but who aren’t familiar enough with their computers or with their company’s IT policies to know when something isn’t right.
“We hear via our front-line support team, and even from friends and family, that these scammers are getting bolder,” a Microsoft executive said in a recent blog. The blog goes on to explain how these calls work.
“This tech scam follows a well-known pattern. A phone call comes in from a blocked or international number, and the caller urgently claims to be a Microsoft-certified tech agent who has detected viruses or malware on your Windows PC that must be fixed right away.
These callers use scare tactics such as telling you to check your Event Viewer to reveal a bunch of ‘errors’ or even ask to take over your PC remotely to reveal more so-called problems. And, inevitably, they demand payment via credit card or online payment system, usually to the tune of several hundred dollars, to clean your PC. If you resist, they often get angry or even threaten to destroy data on your computer.”
Cyber-Scammers Step Up Volume of Robocall Schemes During Holidays
What’s worse, unfortunately, is that the scammers are now apparently in league with the same people who try to plant malware on your computer using phishing schemes you’ve heard about. These schemes usually start with an email that requires you to click on a link that seems to be legitimate, but that instead installs malware on your machine.
Unfortunately, an attacker can move beyond phishing if that’s proven ineffective, and use that tech support scam phone call instead. This works because many companies, in an effort to provide good service, put their employee phone books online. This means that the scammer knows whom to call and who to pretend to be when someone answers the phone.
Preventing this is certainly possible. First, your employees need to know that Microsoft will never call them to tell them that they have malware on their computer. Second, your IT department needs to be visible enough to the staff that they know what to expect.
Will your help desk make a phone call in such a circumstance? Or will they come by for a visit? Whatever the policy is, it should be consistent and your employees should know what to expect.
In addition, your security staff needs to be aware that your employees might get such a call and be asked to connect to a remote control program. A good security system can sometimes detect such a remote control session and raise an alarm. Unfortunately, because these connections go through Websites and use Secure Sockets Layer, detection is hard.
Meanwhile, train your staff to be alert to these scams and never to provide any credit card or other payment information to someone who calls in offering to fix their computers remotely. Microsoft, for its part is taking action against those scammers when they can find them. If someone on your staff gets such a scam call, you can tell the Federal Trade Commission and you can tell Microsoft.
In some companies another option, if the scammers are becoming a real problem, is to route calls through a switchboard instead of providing direct dial numbers for most employees. In addition, it’s important to keep as many phone numbers and names off the Internet as you can. That may seem less convenient for doing legitimate business, but it can sure help out security in this scam and others.
Most of all, help your employees understand that they should never give out information over the phone and that they should never connect their computers to anyone from outside. Then make sure your own help desk and support staff are readily available and that employees know who they are.
Microsoft, along with other legitimate IT companies, will never ask for personal information over the phone and they won’t call you and ask for credit card information in return for technical services—ever.