- Part 1 - Phone call from ‘Microsoft’ about virus is a scam
- Part 2 - 2012 Update to the ‘Microsoft’ phone scam call about a virus
- Part 3 - Questions and Answers about the ‘Microsoft’ virus phone scam
It has been a couple of years since I wrote my original article on the phone scam calls from companies claiming to be Microsoft. The response to the article has been phenomenal, to date over 60,000 people have read the page, over 250 have commented on it and over 2,000 people have Liked it on Facebook, not to mention the other social media networks that have picked it up.
It’s now mid-2012 and I had hoped that by now this kind of thing would be dying off, but the truth appears to be the complete opposite. This scam is more prevalent now than ever before.
Here is my original post on the ‘Microsoft’ virus phone call scam in case you have not read it. At the bottom of this post there is a link to some of the most common Questions and Answers about the phone scam and a virus / malware removal guide.
What I want to do in this post is summarise how the scam seems to have evolved and spread, based on the comments you have generously left.
Where the phone scam is currently active
While we had heard of this being a growing scam in the UK and Ireland, it is also affecting homes all across the USA, Canada, Australia, New Zealand, the Netherlands (Holland), Denmark, Norway, Spain, South Africa, Switzerland, Singapore and Zimbabwe! And these are just the countries where someone has been kind enough to leave me a comment and let me know about their experience.
How the phone scam works
They will know your address (quite often because they are just reading entries out of your country’s Phone Book).
They will either claim to be Microsoft or a company working on behalf of Microsoft, or sometimes they don’t even bother and they just say they are a Technical Support company, or they will mention recognisable key words like Windows or Operating System.
Important: Microsoft will not call you directly about anything like this. Although your copy of Windows should be registered with Microsoft, they normally do not know who you are or exactly where you live, unless you have informed them in some way, which is unlikely. So anyone that cold calls about a virus and knows your name and address, and claims any relationship with Microsoft, is a scammer.
In the background, you might hear other voices indicating that they are in a busy call centre. You may even hear another operator reading from exactly the same phone scam script.
They will then try to convince you of one or more of the following,
- Your computer is infected with a virus and it has ‘somehow’ reported that fact to the technical support company.
- Your computer is infected with a virus and it is sending out spam emails to people.
- Your computer is ‘somehow’ reporting critical software or hardware errors to the technical support company, or sending out error messages, and it is in imminent danger of breaking or failing.
- Your Windows Operating System is corrupted and about to fail.
They will make it sound like this is an urgent problem that needs your immediate attention.
Here are some common things they will get you to check or do, to add weight to the believability of the scam,
- They might ask you to check the Event Viewer. In Windows, the Event Viewer is a way of seeing various messages generated by programs installed on your computer.
- Even on a healthy, brand new computer from the shop, there will be lots of messages in the Event Viewer. Almost all of these messages are general information messages, something has started up, user has logged on, etc, etc. A very small percentage are real errors, but they tend to be hardware device problems relating to printers or other hardware, or they are to do with a program that has crashed.
- It is extremely unlikely that you will see anything in the Event Viewer that directly indicates the presence of a virus. And even if there was something relevant in there, it would take an experienced IT person to decipher it. So whatever they show you in the Event Viewer, don’t be fooled into thinking it is a virus.
- They may ask you to check random folders within the Windows directory that general home computer users will have never had need to look at before. The caller will indicate that a lot of files in this folder, or no files in this folder, is a very bad sign! Rubbish.
- You might have to type various commands into the ‘Run’ box or start simple Windows diagnostic programs that are installed by default on your computer. Various screens will appear and the caller will say this looks very bad…
- They might ask you to run a registry checker program that will show hundreds of ‘errors’. It is common for the Windows Registry to have ‘errors’ in it, but it generally does no harm at all. In fact, running an aggressive registry cleaner can do much more harm, and potentially leave you with a computer that will not boot up.
Once they have you hooked, they will ask you to open up the Internet and go to a website where you will be asked to download a program that will allow them to take remote control of your PC.
Quite often, the website that they direct you to is perfectly legitimate. For example, the AMMYY program which is downloaded from www.ammyy.com is a perfectly legitimate program for remotely accessing a computer. Similarly, LogMeIn is a perfectly legitimate remote access program.
Usually these programs are used by office workers to access their work PC from home, or access work files while they are on a business trip. However, scammers can make use of these legitimate remote access tools for their own malicious ends.
I would strongly recommend that you do not let them talk you into downloading a remote control program. Once you have done this, you really are out of control. You will see your mouse pointer moving around, and they may download information from your computer.
They will also try to convince you that you now need to pay for their ‘fix’ services to correct the problems.
They might take you to the PayPal site and take a payment from you. Or they may take you to another website requesting credit card payment. Or they may ask over the phone for your credit card details.
If you do pay for their fix, they may play about with your computer settings, or install what appears to be fix tools, but personally I would not be trusting them. I have not heard any reports of them doing any good. And more likely, they are stealing personal data or installing trojans or other malware that will steal from you.
If you back out and don’t pay, a common consequnce is that they will hide your desktop icons. All the little images on your desktop of files or programs will vanish. If that’s the worst that happens, you got away lightly. Here is how to fix the problem of missing desktop icons.
As I have previously discussed in my other post, if you have any doubt about whether they might have installed any malicious software on your computer, I would strongly recommend that you take your computer to a reputable computer repair shop, or ask your computer repair guy to call out to your home. If there is a problem, they will be able to fix it for you.
I hope that in the next couple of years we will see this type of phone scam reducing and going away, but something tells me it won’t. For as long as there are people out there who can be taken advantage of, scammers will try to con them.
All that we can do is try to spread the word about this phone scam to friends and family, neighbours and colleagues. The more people know that the phone scam is going on, the better chance we have that decent, honest people will not get scammed.
Keep bringing me your stories.
- Common Questions and Answers about the ‘Microsoft’ phone call virus scam
- How to Remove a Computer Virus or Malware Yourself