“Hello, my name is Bob with Microsoft tech support; we’ve detected viruses and hackers on your computer.”
“Hello, my name is Joe with Microsoft tech support; we’re showing that your Windows license is invalid.”
“Hello, my name is Sam with Microsoft tech support; our records show that you’re eligible for a refund on your Microsoft product licenses.”
And on. And on. And on.
Phone scams from people claiming to be from Microsoft have been running rampant for the last couple of years. We see it all the time. No matter what the script, the end goal is either to weasel you out of money, or to remote in to your system, fuss around a bit, and charge an exorbitant amount for the “service.” And, of course, to sign you up for a three-year protection plan for only two hundred more dollars!
I’m sure that the majority of people reading this have gotten one of these calls. The scammers doing this are persistent, frustrating, and frequently use enough technical jargon to confuse a layperson. They hit on the key phrases that you see in the news—things like viruses, worms, Russian hackers, or Trojans. Your average person doesn’t necessarily know exactly what these things are, but that person knows one thing: they’re bad.
So what do I do? Really, the answer is straightforward: hang up the phone.
If they haven’t taken you down the path yet, you can just hang up on them. The most they can do then is to try to call you back and convince you to grant them access, and you can keep hanging up or you can block their number.
What if I already paid them? There shouldn’t be a huge concern here, either. Take your system to a repair shop (like us!), explain your situation, and leave it with them to run scans and check for open doors that will allow the scammers back into your machine. Change passwords to anything that might be compromised—if you’re the type of person who stores a spreadsheet or a document with all of your passwords written out, then yes, this means all of them. If you don’t store passwords in a document, but you have accounts that automatically log you in (if you don’t need to enter a password every time you access your email or Facebook, then the password is stored on your machine), you’ll need to change those passwords to insure your security.
The next step is to contact your bank to reverse the charges on whatever card you gave the scammers. In our experience, the banks have dealt with this kind of thing no small number of times, and it’s usually a minimal hassle to reverse the charges.
Once you’ve verified that your system is clean, reversed the charges, and changed your passwords, you should be in the clear.
What if they’re in my machine right now? Turn it off. If it’s a desktop computer, just pull the power cord from the back. If it’s a laptop, hold the power button down for 5 seconds to force the machine down. Alternatively, if you’re using a wired internet connection, you can pull the Ethernet wire from your computer. Because you’re no longer connected to the internet, they can no longer do anything.
In this case, you’ll still want to change passwords and have a repair shop scan your system for unwanted software—but at least you haven’t paid the scammers anything.
Another thing to note is that these scammers, once they think they had you on the line, may try calling back repeatedly to convince you. The thing to do is keep hanging up, ignore their calls, or block their number. We’ve also (very rarely) received reports of these guys cursing and yelling at people once they wised up to the scam, so if you’re going to confront them, then be prepared for a little vulgarity.
If you’ve had your system remoted into by a scam support company, definitely take it to professionals to have it looked at. You can always call About-Face at (413) 863-5447 if you’re uncertain whether you were scammed, or if you have any questions.