“We’ve noticed you have a virus on your computer…”

The following was originally posted on the Shoreline Area News, February 22, 2014 as part of the Tech Talk series.

This week I had intended to follow up with part 2 of my exploration of how to make your computer adjust better to your needs. However, as they say in the news media: We interrupt our regularly scheduled program for this important announcement:

IF YOU RECEIVE THE ABOVE MESSAGE UNSOLICATED FROM SOMEONE CLAIMING TO BE FROM MICROSOFT

 

HANG UP THE PHONE.

Seriously, hang up! They will be persistent and patient. They have been doing this for years. You will need to steel your nerves, abandon your usual phone etiquette and hang up without comment.

They were talking to my client a week ago when I showed up for our regular appointment. Relieved, she said to the caller, “You can explain all this to my computer specialist.”  They hung up the phone before I said “hello.”

 

The Sordid Truth
Have you guessed by now? She wasn’t called by anyone from Microsoft. That is because Microsoft never calls people out of blue to tell them they have an infected system.

It is and has been a scam going around since at least 2009. Microsoft does not send unsolicited emails either. What confused my client especially was this email:

From: Microsoft Corporation

Sent: Fri, Feb 14, 2014

To:

Subject: Microsoft Corporation

This is to let you know that your computer has been sending us some error notifications as its been filled with a lot of junk programs which are malfunctioning with your computer from DELL and it may crash your system at any point of time.

Hence, you got a call from one of our representative.

Thank You.

Regards,

MicrosoftCorporation.

I haven’t seen this wrinkle before. Normally these kinds of calls are more random. However this email is not from an official Microsoft support email address, contains grammatical errors and assumes that Microsoft’s error collection service (Windows Error Reporting) collects information that can be used to identify individual users.

 

How the Scam Works
The method is consistent. You are informed that Microsoft has received information that your system is infested with viruses or problematic software and the caller, identified as a support person from the Windows Technical Department Support Group / Microsoft Support / Windows Service Center or other appropriate-sounding name has been asked to help you.

Their actual goal is to collect more information from you, either by having you download remote access software so they can get into your computer or by having you share account or credit card information that they can use. If you stay on the phone with them but appear resistant, they will claim that “unless something is done soon, your computer will crash.”

Depending on the caller, they can become quite argumentative. During one of my calls, (I have had three), I explained that I used to work for Microsoft and knew they were a scam … and they still argued. As long as they have you on the phone, logic must be that you can be worn into submission.

We must getting a lot of these calls right now because A.G. Schneiderman, New York’s Attorney General, issued an consumer alert earlier in the week warning New Yorkers about the scam.

So Want Can You Do?
First, learn about this problem so when you receive the call, you can recognize the scam. Microsoft has information on this kind of scam and other common scams that use its name.

Second, know your computer and its current health so you won’t be vulnerable to this scam. Besides your regular anti-virus software, run a second malware scanner monthly or quarterly that uses a different engine and virus database to get a second opinion. Malwarebyes Free Edition, Kaspersky Security Scan and Trend Micro’s HouseCall are excellent free scanners for this purpose.

Third, spread the word about this problem to your friends and family. The chances of someone you know having this experience is high. Besides my client, two other immediate members of my family have had these calls.

Explain that if the scammer has gained access to the system, they should uninstall any remote software on the system added, run complete malware scans (See Step Two), and change any system passwords as well as passwords to financial or critical websites to avoid potential identity theft (more information). They can also file complaints with the FTC, and your state attorney general (WA state).

Fourth … when your turn comes and the “Microsoft” tech person calls for you … hang up!

---