Hello, this is Microsoft tech support. We'd like to rob you.

Date Created: 8/6/2014 11:12:13 AM


Naturally, real Microsoft tech support would do no such thing, but anyone can claim to be Microsoft tech support on the telephone, and throwing on your Super Skeptic outfit that gives you incredible critical faculties is a good idea for any call you receive that sounds like this.

Cybercriminals can learn a great deal about you from public source—Facebook, white page directories, Twitter, Instagram—and from these cobble together a script that can be quite convincing to the unguarded that they are receiving a call from a legitimate entity. If you are not alert to such scams from the very beginning, you might be persuaded into installing malicious software that spies on you or captures confidential data, or visiting websites that seem legitimate for entering credit card or other personal information. What's most galling about these attacks is that the criminals convince you to do it to yourself.

Here's an example of a conversation, paraphrased, that actually took place during one of these calls:

Cybercriminal (CC): Hello, Mr. Pivot. This is Serena from Microsoft tech support. We've noticed your computer is running more slowly than it should and we'd like to help you restore performance to optimal for you. Is this a good time?

Pivot: Um, yeah, sure. It did seem to be less responsive, now that you mention it.

CC: Then we called at just the right time! To be sure we're seeing things correctly, could you bring up your Windows error log? Do you know how to do that?

Pivot: Sorry, no. I'm not real tech savvy.

CC: Okay, go to your Start button, then click Control Panel. Once that's up, click Administrative Tools. Then double-click Event Viewer.

Pivot: Aha! Got it.

CC: Great! Now click the plus sign next to Windows Logs and then click System.

Pivot: Okay.

CC: Now in that middle pane you'll see a bunch of log entries, and I want you to scroll down through those.

Pivot: All right...

CC: Do you see and red exclamation points or yellow warning triangles.

Pivot: Not yet...oh wait! Yes, there are quite a few!

CC: This is what we were afraid of. 

Pivot: Is it bad?

CC: Well, Mr. Pivot, even a few of these can corrupt your computer. And if you have more than ten or fifteen, it could well mean that your machine has been taken over by remote netbots or worse.

Pivot: Oh, that is horrible.

CC: That's why we call customers when we notice these slowdowns. I know we can help you. I'm going to turn you over to our technical advisor, Brandon. He'll guide you through it. I just want to say that you've got nothing to worry about. We deal with this all the time and we do a good job of staying ahead of the bad guys. Here's Brandon.

Pivot: Oh, thank you so much!

Brandon: Mr. Pivot? I understand you've got some malware on your computer.

Pivot: I guess so.

Brandon: Please don't worry. I'm here to get this all fixed. Now, unfortunately I see that your security software licenses are expired. Could you do something for me? Go back to your Administrative Services window and double-click System Configuration. Once it comes up, click on the Services tab.

Pivot: Okay, I'm there.

Brandon: Do you see any stopped services?

Pivot: Oh, my goodness, I see a whole bunch of them.

Brandon: Can you name the first few, please.

Pivot: Um, Application Experience, Application Layer Gateway Service, Application Identity...

Brandon: (interrupting) Okay, you can stop. You've definitely got one of the bad ones there.

Pivot: What do I do? How bad is it?

Brandon: If you're lucky, no damage is done yet, and even if there is some, we can most likely recover from it. I will need you to authorize a new security software license, however.

Pivot: Of course!

Brandon: What I'd recommend, given that you have an expired license, is to get the lifetime license which will cover you not only for this computer, but for any computer you buy in the future. It never expires.

Pivot: That makes sense. But how much is is?

Brandon: We have a pretty good deal going this month. It's only $299 for lifetime.

Pivot: That's expensive.

Brandon: Up front, I'll admit it seems like a lot of money. But imagine all the computers you'll own, and if even one gets compromised, it could cost you thousands and thousands of dollars to recover from the damage caused. Do you have homeowner's insurance or auto insurance?

Pivot: Of course.

Brandon: This is essentially the same thing, and I'll bet it's a lot cheaper than those policies.

Pivot: True.

Brandon: And this one is lifetime. Lifetime. Where else do you get that safety? At Microsoft, we want to be absolutely sure you feel secure always.

Pivot: I can see your point.

Brandon: Okay. So if you'll go to this website (gives URL) and then click the download button and let that install, we can get started. It's called TeamViewer and it permits me to clear your problems.

Pivot: Okay. (A few minutes pass)

Brandon: You'll see that I've brought up a Web page on your screen now, using TeamViewer. If you can just fill in the banking information for your PayPal account, we can get your security software activated and clean up this mess.

Pivot: Just a minute...uh...okay...I think that's it.

Brandon: Okay, once the payment clears...aha, there it is. All right. I'm going to kick off your new security package and you should be good for life!

Pivot: Wow! That's a relief.

Mr. Pivot at best is now out $299, and at worst...well, there's no limit, really.

There are any number of red flags in this conversation that should raise suspicion, and it's a good bet you've seen all of them here armed with knowledge that this is a scam. But under the psychological pressure that can come from such a call, we often don't have the objective distance to see how phony all of this is.

How to prevent it? Here's a simple checklist:
  1. A legitimate tech support person will never cold call you.
  2. Do not give any information to a caller—not your name or what operating system you are running, not anything. Doing so just further enriches the database they continuously build up from every bit of information people too easily surrender.
  3. Anyone who calls you asking for any passwords or confidential information is to be denied. Just hang up and call the organization they claim to be from and see if there really is any problem.
  4. If the caller (you're still on the telephone?) directs you to a Web page or wants you to download software, then you know it's a scam.
  5. Once you realize the scam, either hang up or try to get some details about the caller. This is unlikely to be possible, because these are professional criminals well schooled in avoiding detection.
  6. Report it to the police. Cybercrime is taken very seriously these days, and the only way to prevent it is though vigilance and enforcement. There are cybercriminals doing hard time all around the world, and that deterrent plus a shrinking pool of victims is the only way to stop it.
  7. Tell everyone you know about it. Make sure they understand what constitute the warning signals of a scam.
  8. If you get scammed, don't beat yourself up over it. Even experienced tech people get scammed, and sometimes precisely because they think it's not possible. Change your credit card accounts, your passwords, and use the experience to sharpen your vigilance.
This particular scam has been around for over five years, but it still works and yields enough revenue to motivate people to take the risk. Fortunately, it's easy to identify once you know the game. And if you should get such a call, it might just be fun to see how much you can scam the scammers and get them to give up something vital to their eventual prosecution.