Over the last several years, Dymin has helped hundreds of customers who have fallen prey to what is known as the “Microsoft Tech Support Scam.” Armed with the insider information we share below, you’ll be prepared to thwart these cybercriminals before they can con you out of your hard-earned money. Learn what you're up against—and how to fight back.
What is the “Microsoft Tech Support Scam”?
The “Microsoft Tech Support Scam” is a widespread cybercrime tactic that has been prevalent for over 3 years, and is still common as ofnow in early 2016. In short, the scam is a ploy of “social engineering” wherein cybercriminals make you believe that your computer is broken in some way and needs to be fixed (for a fee, of course).
Victims typically receive a phone call from someone claiming to be from “Microsoft Tech Support,” or, in some cases, may see a fake error message on your computer advising you to call a number purporting to be Microsoft Tech Support. Once they have your attention, the perpetrators will use a variety of tactics, which are very convincing to the everyday computer user, to make you think your computer is truly broken.
How does the scam work?
Commonly, the scammer will ask you to allow him to use legitimate remote tech support software (such as ammyy.com or teamviewer.com) to gain remote control of your computer. Once he’s got access, he will show you many different “errors” on your computer that are in fact normal, everyday things that would be present even on a brand new computer but which many ordinary computer users don’t have any reason to know about. This can be very convincing, and frightening.
Criminals will use many different tricks during this process to validate their claims that your computer is broken, but they all have the same objective: encouraging you to believe and trust the scammer. After they’ve convinced you that they’re legitimate and you need their “services,” they follow up with the punch line: asking you to pay a “fee” for their “help,” which often amounts to several hundred dollars!
In more isolated incidents, a scammer may even “break” your computer by installing malicious software once they’ve convinced you to allow them remote control, which only helps them to further their goal. Sometimes this malicious software will even “lock” your computer so you cannot access it without paying what amounts to a ransom!
The slideshow below shows examples of some popular scam set-ups along with the facts about each.
How did they get my phone number?
Cybercriminals often use publicly available data to obtain your information, like phone directories and public records from your city or county such as your home owner data. These criminals use the shotgun approach, making “cold calls” to thousands of phone numbers in the hope that they can get a few people to believe them.
Another tactic cybercriminals use is taking advantage of ads built into websites. Even reputable websites have been known to inadvertently allow malicious ads to appear on their sites. These ads typically take the form of a pop-up message that appears to be a legitimate warning message from your computer telling you that you have a severe problem and need to contact Microsoft Tech Support to get it fixed. Of course, the phone number displayed in these phony error messages puts unsuspecting viewers directly in touch with the cybercriminals, and they continue their charade to make believe they’re legitimate.
What do I do if I actually get a call from Microsoft Tech Support?
Quite simply, you won’t.
Microsoft will never contact you in any way or attempt to charge you for security, IT services, or software fixes. Here are some of the departments that cybercriminals may claim to be from:
- Windows Helpdesk
- Windows Service Center
- Microsoft Tech Support
- Microsoft Support
- Windows Technical Department Support Group
- Microsoft Research and Development Team (Microsoft R & D Team)
If you get a call from someone claiming to be from any of the above organizations, simply hang up. If you’re not sure, follow your gut instinct! If it seems fishy, it probably is.
I have already been called, and I fell for it. What do I do?
It’s natural to be worried about all the possible things that scammers could have done to your computer, but in general they’re really only after one thing: your credit card. Usually, their entire goal is to convince you to believe them long enough to willingly pay for their phony services with your credit card. If you have not given them your credit card, then you’re likely just fine.
- Did you give them your credit card? If you did give out your credit card number, call your bank or credit card company immediately and report the card as compromised so they can issue you a new one. You should also review your recent charges and dispute any that may have been made by the scammers.
- Change your passwords. Change the password you use to sign into your computer, as well as those to your main email accounts and financial accounts.
- Scan your computer. If you have the Dymin Malware Protection package, you can quickly and easily scan your computer with Microsoft Security Essentials and MalwareBytes to make sure you eliminate any viruses, spyware, or malware. These scans typically take less than an hour and you can continue using the computer while they do their job.
- Have a professional look at it. If you’re worried, consult the pros at Dymin Systems. We’ve helped hundreds of customers recover from this and other scams. We can ensure that your valuable pictures and documents are safe and help you with virus & spyware removal.
How do I avoid these scams?
- Do not purchase any software or services from a company that you do not already know.
- If your computer gives you an error message and says you need to take action (such as installing certain software or calling a certain phone number), it’s most likely a scam. You’ll do less harm by ignoring it and simply clicking the “X” in the top-right corner to close it. If you can’t close it, turn your computer off and back on again.
- Check out a company’s phone number. A quick Google search of the phone number will tell you whether a company is legitimate. If the phone number is a cybercriminal’s, you’ll likely get lots of results in the first page from others who have been scammed
If in doubt, call Dymin! We’ve seen it all, and we’ll know if something is legitimate. We can help you understand, prevent, and repair any problems caused by scams like these. Contact us today to learn more about the Dymin Malware Protection package as well as our other comprehensive IT support services and managed IT support for business programs in the Des Moines, Iowa metro area.