by Fred Langa for Windows Secrets Newsletter
Tech Support-call Cons
“Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection.”
The call is a scam — an extremely prevalent one. Here’s how it works and what you need to know to stay out of the trap.
Scams come and go, but this particular one seems to have staying power — and it’s spreading quickly. It’s now so common, the Internet Crime Complaint Center (a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center) issued a Jan. 7 special alert, “New twist to online tech supportscam.”
Windows Secrets reader Scott Brande was recently on the receiving end of a typical tech-support con. Recognizing it for what it was, he carefully documented the attempted snow job, then sent in his notes as a service to all Windows Secrets readers.
His narrative, plus the resources I’ll list at the end of this article, can help you — and the people you care about — avoid falling prey to this malicious tactic.
Scott’s description of how the scam played out:
“This morning I received a telephone call (the second such call in two weeks) about infected files on my computer; the caller then offered to fix the problem. Suspecting a scam, I decided to play along.
“I think it was the same caller both times. He had a strong accent, the kind I’m used to hearing on outsourced help lines. I asked the caller’s name both times; the first time he replied, ‘Mike Tyler,’ and the second time he was ‘Andrew.’ He began the call by saying that he’s with Microtek, an authorized supporter for Windows operating systems. (My spelling of the company’s name was a guess; the caller never spelled it out.)
“I asked immediately whether this was a sales call. Without directly answering my question, he launched into what sounded like a script. He stated: ‘Our servers have received information from your computer that indicates it is infected.’
“When I questioned him about his company, he told me I’d find ‘Microtek’ listed on [an online business directory] — as if a listing in the directory were proof his call was legitimate! When asked where the company was located, he replied, ‘Houston, Texas.’ I then asked for his employee ID; he gave me ‘MSCE079502.’
“(After the call, I ran an online search and came up with a Microtek in Houston; it’s a training facility for business computer users — not a technical-support center. I assume the caller just picked Microtek’s name off the Web. I don’t believe the real Microtek had anything to do with the bogus tech-support call.)
“Changing topics, I asked how he knew my computer was infected. He replied that his company is an authorized Microsoft Partner and, because I use Microsoft Windows, my computer sends notifications to Microtek servers.
“I then asked how he knew about my specific computer; he stated that his server gets updates from my PC. He then asked whether I ran Windows Update. When I said yes, he went on to say that Microtek servers got the information about infected files in my system via Windows Update.
“I countered, stating that Windows Update goes only to Microsoft servers — not Microtek servers. But he simply repeated that Microtek is an authorized Microsoft Partner.
“Next, I asked him which one of my computers was infected (I have several at home), to which he said something vague about a MAC address. When asked which MAC address he had for my machine, he would state only that, for ‘security reasons,’ he couldn’t tell me the MAC address (even though it was my own PC).
“At this point, I expressed my doubts about all this information. But he was quite persistent; he stated that ‘some of our clients in your area have been affected by the infected files on your machine.’ He then claimed I had upward of ’1,000 infected files.’ When asked who these local clients were, he said he couldn’t tell me that (of course).
“I asked how his clients’ machines could possibly be affected by my home computer. He didn’t answer this but went directly to the following: ‘OK, I’ll show you the infected files on your computer.’ He instructed me to enter .inf into the Start menu search box, then declared that all these files were ‘infected’ (that .inf stands for ‘infected’ or ‘infection’).
“At that point, I said I didn’t believe that was true; it was my understanding that .inf was a particular type of file that comes with software installed on my computer.
“At this point, he ended the call — probably because I knew that .inf didn’t refer to infected files. As it was, I’d had him on the line for a good 15 minutes.
“As I mentioned, this is the second such cold call I’ve received in about two weeks. The pitch given in the two calls was very consistent; I surmise there must be many others who have been presented with the same scam.”
Great job, Scott! Your suspicions are totally correct: This was just a scam. And yes, it’s extremely widespread.
This excerpt appears with permission from Windows Secrets Newsletter.