Microsoft rings alarm bell on fake Windows support calls
22% of people called by phony support technicians fell for scam
Computerworld - Microsoft today warned that scammers have taken to the phone lines to dupe Windows users into putting malware on their machines or paying for worthless help.
The ploy isn't new -- security experts have seen it in circulation for at least a year -- but Microsoft was the first to quantify the problem.
According to Microsoft, which sponsored surveys in the U.S., the U.K., Ireland and Canada, 15% of the people polled said they had received unsolicited calls from fraudsters posing as computer support technicians who claimed they were offering PC security checks.
The scammers try to trick users into believing that their computer is infected -- often by having them look at a Windows log that typically shows scores of harmless or low-level errors -- then convince them to download software or let the "technician" remotely access the PC.
The con artists charge for their "help" and often get people to pay for worthless software. In actuality, the software is malware that steals online account information and passwords.
"They're taking advantage of ignorance," said Sean Richmond, a senior technology consultant for Sophos, in a podcast today.
In many cases, the scammer asks the user to open Windows' events log, which records significant events on the PC, including program errors. Richmond noted that the log typically contains scores of such errors, which may look alarming to many users.
Of the people who received such calls, 22% fell for the scam, Microsoft said.
Most who were duped suffered some kind of post-call financial loss, which Microsoft claimed averaged $875 per victim. Among the losses, people cited compromised passwords, balky computers, identity fraud and cash pilfered from their bank accounts.
"Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money," said Richard Saunders, the director of one of Microsoft's public relations teams, in a Thursday statement.
Although the scam currently targets Windows users -- and for now is limited to English-speaking countries -- there's nothing to stop criminals from expanding their scheme. "Presumably, when these guys smarten up a little bit ... they could pull exactly the same trick [on Mac users]," said Paul Ducklin, Sophos' head of technology for its Asian and Pacific division.
Richmond agreed. "The demographics for Mac users is that they have more money to waste, so I wouldn't doubt that they would become a target," he said.
These phone scams aren't new. Last year, for example, Symantec noted similar schemes making the rounds.
"It's a natural extension of the fake antivirus stuff," said Marc Fossi, a director in Symantec's security response team, in an interview today.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts