The Microsoft Tech Support scam isn’t new, but it’s becoming more prevalent in areas where it hasn’t been seen much- in this case, Oklahoma. Here’s what you can do to spot and respond to one of these scam calls.
Welcome to a (hopefully) recurring series of posts on OrksandCats.com. Since I’ve worked in IT throughout my entire adult life, I’ve picked up a few tips and tricks that I wanted to share with you all. I had a few ideas for what I wanted this first post to be, but a coworker’s experience made me change my mind at the last moment.
Am I Being Scammed?
A few days ago, Tabetha (name changed, of course) was home for the day and something happened that concerned her enough that she called the IT department at work. She wasn’t on her laptop when her phone rang. A very polite, authoritative young man greeted her with a brusque “Hello” and asked to whom he was speaking. As so many of us are conditioned, she immediately responded with her name. “Well, Tabetha, I’m Joel with Microsoft. We’ve been alerted to illegal activity originating from your computer, and…”
The conversation went on from there. Joel told Tabetha he needed to remote into her computer and inspect it for malicious content. He knew what he was talking about and was firm but polite. She did everything he asked: she powered on her computer, went to a website he specified, installed some software, and let him get on her computer and take control of it to perform his supposed checks. After about 10 minutes of this, she started thinking that something wasn’t right, and called us. We instructed her to power off her computer immediately, which she did. Joel was cut off and we restored her PC when she brought it in the next morning.
When we told Tabetha that she had let a scammer on to her computer, she was understandably horrified. “Well, how am I supposed to know if he is who he says he is?”
It’s Easy: Keep a Clear Head
Scammers like Joel rely on the first rule of any kind of social engineering or phishing: Don’t give the victim time to think. If they have time to think, they will quickly see the holes in what you’re saying and break contact. Your best defenses are:
- Be on guard every time you answer your phone. If someone calls you and demands you identify yourself, refuse. Make them identify themselves first, then demand they identify who they’re trying to reach. If it’s a legitimate call, they already know your name and contact information and can provide it. If they refuse to identify themselves or can’t tell you who they’re trying to reach, break contact.
- Think critically for a moment about what you’re being told. Why would Microsoft contact you if your computer is sending out illegal malicious content? Microsoft doesn’t enforce the law, law enforcement does. They don’t contact you when you binge watch too many episodes of Fringe on Netflix, because that’s not their concern either. If it doesn’t feel right, break contact.
- If someone calls you (out of the blue) and asks you to go to a website, refuse. There’s almost no chance it’s a legitimate site.
- Never allow someone to remotely access your computer unless you requested it first.
There are many other things you can do (see the links below; they are very much worth your time,) but the most important thing is to remember that you are the one in control. They can’t take it away from you and they can’t do a thing to you, your computer, or your data unless you surrender that control. They’ll try hard to make it sound otherwise, but if you stand your ground and follow the tips above, the scammer will move on to other targets.
There are a lot of great resources out there to give you more information:
Thanks for checking out my first Tech Tuesday post! I hope you find the advice helpful. If you have anything feedback or suggestions for upcoming topics, let me know in the comments!