Protecting yourself on the internet: the unsolicited Microsoft Support scam

RBC | For some time now, scammers have been impersonating Microsoft Technical Support in an attempt to steal your personal information.  Please let me try to put this into perspective… Having worked in a help desk environment for a number of the early years of my career, let me assure you that help desk personnel are NOT prone to soliciting more work for themselves.  Microsoft has its hands full dealing with all their incoming calls, much less making calls to unsuspecting customers to report a problem.  It would be nice if they would do that (maybe), but they don’t.  Even major corporations that pay exorbitant fees for Microsoft “Platinum Support” don’t get that kind of treatment.

Here’s how the scam works; You receive an unsolicited phone call from someone identifying themselves as a Microsoft employee (or something to that affect).  They proceed to advise you that your personal computer is infected with some sort of evil malware and they want to assist you in eliminating this dangerous threat.  Depending on how willing you are to cooperate, they may ask you for a “nominal fee” for their assistance and all you have to do is provide them with your credit card number and they’ll handle the “dirty work” (pun intended).  If you present yourself as being somewhat skeptical, they may simply offer to take remote control of your computer deal with the problem.  If you let them take remote control of your computer, they then install their own flavor of spyware that collects anything of intrinsic value and upload it to their server, even while you’re still on the phone with them.

This scenario can also arise is a slightly different way.  Instead of an unsolicited phone call, you may get a pop-up message on your browser with a warning that Microsoft has identified your computer as being infected with a nasty piece of malware and they will assist you in dealing with it by calling a toll-free number.  What’s worse is that the pop-up won’t go away until you deal with the “problem”.  This isn’t entirely true because you can close the browser and restart it which makes the pop-up go away, but it’s just temporary.  What has happened is that your computer has in fact been breached by something referred to as a PUP (Potentially Unwanted Program).  It’s so innocuous that most anti-malware systems don’t even bother dealing with it.  They will identify it as a PUP, but will wait for you to decide what you want to do with it. What makes it so hard to get rid of is that this PUP has the ability to generate the described pop-up and then change the name of the program that created it.  Here today, gone tomorrow.  It’s a real moving target and it can sometimes be hard to eliminate.  It’s a true annoyance, but not particularly harmful unless you take the bait and make the call to the faux-Microsoft support center.

Because a lot of people are trusting souls, this scam is pretty effective.  If you took the bait, made the call and allowed the scammers to access your computer, you have some work to do but don’t panic.  The first thing you need to do is make sure your important accounts are safe.  DO NOT use your breached computer to change your passwords!  If the bad guys are still watching, they’ll be able to collect your new passwords the second you change them.  Either use a different computer to access your accounts, or make voice contact with the entities (banks, shopping sites, etc.) and have them work with you to secure your accounts.  Banks are especially sensitive to this issue and are almost always anxious to help.  The next step is to secure your computer by making sure the remote access software has been removed.  This can be a little daunting, so don’t hesitate to ask for help from someone with a little more experience.  Essentially, you need to search the list of installed applications on your system, identify the remote access application and uninstall it.  A couple of applications that seems to be popular in this regard are TeamViewer or LogMeIn.  Unless you’re paying for an online support service, you don’t need these apps installed on your computer.  Once any possible remote access applications have been uninstalled, then flush your browser’s cache (as mentioned in a previous article).  This still doesn’t guarantee that the pop-up won’t come back on its own, but at least you’re secure.  Make sure that your anti-virus/anti-malware system is up to date.  If the pop-up continues to reappear, here’s a good article on how to track it down and eliminate it…  The article touts an anti-malware system called “Malwarebytes” which is a really good system and they have a fully functional trial-ware version that you can download and use for 30 days.  There are other systems referenced in the article, but Malwarebytes usually does the trick.