May 28, 2011
Beware of Microsoft Virus Removal Phone Scam
There’s a phone scam making the rounds from people claiming to be from Microsoft. They insist a person’s computer may be infected with viruses and that they can connect to the computer and remove them.
First of all, Microsoft DOES NOT offer free over-the-phone tech support, and they will not call you out of the blue like that.
According to Microsoft themselves:
“We do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or fix your computer,” Microsoft said on its Web site. “If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the message or hang up the phone.”
A similar phone scam made the rounds in 2010, using slightly different methods, but both scams have the same goal of getting people to pay for their supposed technical support and allowing the hackers into computers using a variety of remote connectivity solutions available on the market, including TeamViewer.
“In previous iterations of this scam,” says the SANS institute, “the person on the phone would get you to click through to the event viewer to “find something red”. Strangely enough, there is usually something red in most people’s event log. However, do not despair if you don’t have anything red, yellow is just as bad (note: this does not necessarily indicate virus activity). Once the problem (well, any problem) was identified, your support would have expired, and they redirect you to a web site where you can part with your money and download some version of their malware.”
“The new iteration of the scam goes one step further. Rather than get the victim to look [for supposed problems], they get you to install TeamViewer (or similar software). They take control of your machine and start moving the files across. Manually infecting, sorry fixing, your machine.”
By the way, TeamViewer is perfectly legitimate software used by many people for remote tech support, although other similar tools are likely used by the scammers as well. It’s what the scammers do once they have access to your computer that is the problem.
The scam is obviously still working. It seems they have figured out that users can’t be trusted to click a link, but installing remote control software and getting you to install the malware for them is ok.
There have also been reports that the scammers will get you to download a program named very similarly to Malware Bytes, but is actually malicious software that the scammers have created. Hackers and scammers are using widely trusted company names, like Microsoft, Malware Bytes, and TeamViewer, to fool you into trusting them or letting them access your computer.
“We are having a number of reports of clients being scammed by people calling saying that are from Microsoft and they offer to help the person fix their computer,” said Chris Rose, a member of Nerds On Site in St. John’s, Newfoundland. “I am sure others are familiar with this type of scam. I sent a press release and was called by the local CBC and a local outfit called NTV.
You can find the CBC video below.