The phone rings, you answer, and someone says they are from Microsoft or your Internet provider and have detected a virus on your PC. What next?
Well, it depends on how much time you have on your hands and your sense of humor, but before we get to that let's just explain what is going on here.
I've been plagued with these calls, often once or twice a week. Someone, usually with a heavy Indian accent, calls and reports that they are calling from 'Microsoft Security Center', stating that they have 'detected viruses on my machine over the internet'.
Myth buster number one: This is not possible! Firstly, Microsoft never phones people to tell them that their PC is infected (assuming it actually is). Secondly, how would a company get your phone number based on your PC?
I had one such call recently and had a bit of time so I thought I'd a) waste their time so that they were not conning some unsuspecting old lady, and b) find out exactly what they were doing in order to 'prove 'to people that there were problems with their PCs. I had what is known as a 'virtual machine' installed – this is like Windows running as an app in Windows. It is totally ring-fenced, and to the outside world they could not tell any difference. By letting them run in a sand-boxed system I knew that my main system was completely safe.
Step 1 – they gain access to your PC
After you've acknowledged that you have a PC they'll start saying things like 'have you noticed it going slow recently'. Let's face it, all Windows PCs get slower over time, especially without a little bit of house-keeping, and they are never as fast as we want them to be. They will then ask you to go to a website and run an app. This part is actually legitimate as they are using a third party product that allows for remote support. You run an app, it displays a set of numbers which you then read out to the person on the phone, and they enter it into the software at their end – they can see your desktop and control your keyboard / mouse as if they were in front of the PC. Note that at this stage your PC is not infected with anything – you've simply allowed remote control so that they can prove that your PC is compromised.
Step 2 – the convincer
Now they have to prove to you that there is a problem. The person that connected to me did two things:
a. They ran the Windows Event Viewer. This is an app installed on all versions of Windows that logs any errors that happen on the system. Note that an error to Windows is not always what we would consider an error. For example, when Windows boots up it'll check to see what printers are available. If you have a printer driver installed, but the printer is switched off that will log an error. So our friendly 'Microsoft Technician' told me to go into the Event Viewer and proceeded to show me all of the errors on my PC. He told me on no account to click on any of the line items as he said that this would damage things further. In reality he was worried that I would read the error log and see that it was telling me that my printer was not switched on …
b. Next he opened a Dos window by running 'CMD' from the Start / Run option. He typed TREE / S, which is a simple command that shows every single file and folder on the PC. As you can imagine on even a fresh install of Windows there are tens of thousands of files, so this takes a few seconds as they go whizzing up the screen. And while that is going on he's typing something in the background which is only displayed once the computer has finished listing all of the files and folders. So at the end of this I could see 'System Error: Antivirus software disabled'. Of course, this was not actually the case!
At this point he's now 'convinced' that my PC is heavily compromised and that I need upgraded antivirus software. Bearing in mind that up to this point it had taken about 15 minutes.
Step 3 – the closer
They use standard sales tactics here of offering 'either / or' options rather than yes / no. He did not say 'we can provide protection – would you like it'. It was more a case of 'we can provide one year at £ 199 or three years at £ 299'. For that he would download and install some antivirus software for me. Most probably this software would have loaded with its own viruses or malware, or worst still it would silently log all of your keystrokes and pass it back to them, providing all of your passwords as you move around the Internet. £ 199 is a lot of money in anyone's book for antivirus software. I do not pay anything for mine – there are plenty of free antivirus apps which sit quietly in the background doing their thing without costing you anything.
Anyway, back to our friendly tech support guy, who is now pushing to see which of his two options that I want. At this point I had seen enough and advised him that he was playing around with a virtual machine and that I was simply wasting his time so that he did not scam any innocent people. Strangely he hung up after that …
So in summary all he'd done was connected to my PC, opened the Windows Event Viewer and ran a harmless command in a Dos window before I cut him off, but it is easy to see how people get suckered in.
These rules help against any scammers, not just those trying to sell you antivirus software:
- If someone calls about a virus on your PC it is 100% a scam. Microsoft does not have time to call the millions of people around the world that get viruses on their PCs every week.
- Never give out any personal information on the phone unless you are 100% sure that the person / company calling you is legitimate. For example, I had a call from my bank's security company the other day. They asked me to give them my date of birth to check that I was me. I was not prepared to do that because I had no way to confirm that they were indeed my bank. So I asked them for their number and called them back (after verifying on the Internet that the number was indeed correct). Also, call from a different phone, as often scammers will stay on the line, and when you go to dial out they're pretending to answer the phone so you think that you've run them back again …
- Do not respond to telephone surveys. These are 'phishing scams' – they are trying to collect enough information about you in order to use your identity fraudulently. Maybe they've already managed to get some details about you, such as your name, address and social security number, but perhaps they just ask you to confirm your date of birth or mother's maiden name, which on their own you may not be suspicious of. Note that they may call you a couple of times over a period of time and ask different questions to build a profile on you.
- If they are making you an offer that is too good to be true then it is probably iPad for £ 50 etc. With the Internet these days it is very easy to validate a company. A quick search on the company name or website will generally reveal if it is a scam site or not.
- If you get suckered once you most likely will go onto a hotlist where others will try to scam you again a different way.
If you have time to kill
Finally, when these people do call, and call them will, you can always have a little fun. I actually posted this story onto a business forum I frequent to warn others, and it was hilarious to see what others were doing. My favorites were:
- Passing the phone to a toddler, who would simply make random noises down the phone to them
- Keeping a football whistle by the phone and blowing it full blast down the receiver – my personal favorite and one that I may well use in the future!
- Asking them to call your mobile number as your home phone battery is about to die, and then giving them a premium rate gay sex line
- Simply saying 'can you wait a moment, the doorbell's gone' a few minutes into the call, then keep coming back to the phone every few minutes saying 'there will not be a moment'. One guy kept them on the line for 35 minutes
- Of course, the old classic of screaming down the phone at them is always great for relieving tension
If at least one person is not scammed as a result of this article then I'll be happy. These people preying on others that are trying to make the best of technology that simply do not have the IT skills to know that they are being duped and are putting their PC and identities at even more risk.