Just the other day, my friend received a phone call from someone claiming to be from Microsoft technical support. They informed her that they found a problem on her computer and that they could fix it, but they would need to log in. She proceeded to let them into her computer, but she felt something wasn’t right.
Knowing I worked in the IT field, she called me for a second opinion. I confirmed her suspicions and told her to shut the computer off immediately, severing any connection between this supposed Microsoft technician and the laptop. I went to her house to look for damage to the PC. Luckily, nothing was lost. When the “technician” called back, I answered the phone. I informed him that I knew he was running a con and that I would notify the police. His tone immediately turned hostile and he hung up. When I tried to call back, the number was disconnected.
A similar situation occurred to someone else I know, however this one didn’t turn out so well. A client of ours received a similar phone call. A “technician” claimed he was from Microsoft and found an “error” in her system that needed to be fixed. So she helped them establish a connection into the computer for him to use. They proceeded to tell her that her PC had a virus on it and that they could remove it for $250. She proceeds to pay the “one-time charge” with a Green Dot Moneypak card (specifically requested by the “technician”). A few minutes later, she was told that a refund will be processed because they were unable to fix the issue. However, in order to refund the money, an additional $100 amount must be paid to process the refund. At this point, she called into our office.
Cybercriminals Are Getting Sneaky
Both of these people were victims of cybercrime. A cybercrime is essentially any crime conducted via the internet or computer. There are many different types of cybercrimes, but this one is known as Social Engineering (or at least a form of it called Quid Pro Quo).
By definition, Social Engineering is the art of manipulating a person in such a way that they reveal confidential information. It relies heavily on developing human interaction and tricking people to break normal security procedures. Social Engineering breaks down into two categories: human-based and computer-based. Quid Pro Quo is a human-based form of Social Engineering that tricks an end-user into giving something up to receive something in return.
In the second story, the money she gave to the fake technician was lost. He was savvy enough to request a wire transfer via MoneyPak card, which is completely untraceable.
How to Protect Yourself
The amount of cybercrimes taking place is growing, and they are taking on many different forms. Informing people ahead of time is the best way to prevent potentially devastating losses. These two stories happened months apart but were almost exactly the same. Criminals do not take breaks, they do not stop, and they are constantly looking for new victims. So how can you prevent this from happening to you?
- Stay educated. Knowledge is power and the more you understand the threats, the more prepared you’ll be to combat them.
- Know that Microsoft will NEVER call you and claim there’s a problem with your PC and charge you for computer fixes. Usually any major company that does provide tech support services will require the user to call in, create a case, have a support plan, etc.
- Never let anyone you do not know on your PC unless you can confirm that it is a legitimate representative of a support team with whom you are already a customer.
- Understand that most legitimate companies will require a major credit card or account number to charge when purchasing support plans – not a MoneyPak card.
Finally, if it feels wrong, more than likely it is wrong. Trust your gut instinct. If you ever find yourself in a situation like this, call an IT provider you trust. A two minute phone call can prevent potential financial loss!
Find more information about Microsoft phone scams and how to report them here.