Microsoft: Fake tech support call scam "shows no signs of slowing down"

While we are familiar with hackers who try to take personal information via phishing techniques online, another well known scam involves a more old fashioned approach: the telephone. It starts with a person who claims to be a tech support employee of Microsoft. He or she calls unsuspecting people and tells them something is wrong with their PC, and demands several hundred dollars to "fix" the issue.

This kind of scam has been going on for some time, but apparently it's starting to affect more than just people sitting around in their home. In a new Microsoft blog post, Kirsten Kliphouse the company's Corporate Vice President for Customer Service and Support, stated: 

What’s really alarming is that this type of scam shows no signs of slowing down. Increasingly, we hear via our front-line support team, and even from friends and family, that these scammers are getting bolder, targeting not only individuals but also businesses. It is appalling that they’re taking advantage of your trust in Microsoft in an attempt to steal your money. It’s immoral, it’s disrespectful and it’s certainly illegal.

Kliphouse says that people and businesses targeted by these messages should report them to the Federal Trade Commission web site if they live in the U.S; the U.K and Canada have their own portals to report such calls. Microsoft also has its Answer Desk for anyone to contact directly if they have questions about receiving a call, or a pop-up on their PC, from an alleged company.

Finally, Microsoft has a webpage dedicated to tech support call scams on its Safety and Security website. Kliphouse says the best advice for people who are contacted by these kinds of calls is simply to hang up on them.

Source: Microsoft | Phone image via Shutterstock

Report a problem with article
Previous Story

Windows build 6.3.9740.0 shows up in app logs

Next Story

Major exploit found in OAuth and OpenID login tools

41 Comments

Commenting is disabled on this article.

I've seen people posting videos on youtube letting scammers into a VM and the results are hilarious. One of them ended with the scammer begging to buy him p*rn.

Just yesterday one of my clients got sammed like this. She called me with "I have been calling with Microsoft from New York (we live in the Netherlands) for 3 hours, it is all really complicated. They will call back later, can you help me?"

My first response: "This is not Microsoft, it is fake what info like bank info have you given ?"
From the incoherent response I understood se gave everything imaginable.
So i told her she did not need to explain anything more buy needed to call the bank immideately and block everything.
It was already too late, minutes after the call large of money was already transfered, not enough for a living on the bahamas for the rest of your life but enough for some people to get in to financial problems.

It did not stop there, the pc was locked with a password, viruses were loaded, teamviewer was installed as a service. Her luck the files were not encrypted for ramsome. Files could be retrieved on an other pc.

This machine is now sitting on my desk in the process of being reinstalled after a goof wipe of the harddisk.

And yes she thinks she did something stupid...

I must be the only person with caller ID.

Why even pick up the phone unless it is someone you know or a call you are expecting? Just screen the call, then block the unwanted callers.

I got that call once asking to RDP so they fix the "problem". I said sure and guide ne through the process. He wanted the IP so he can RDP. Told him 127.0.0.1

Idiot actually tried for a while and said ###### and hung up. LOL

Very good, hahaha. You should mix it up a bit though, because 127.0.0.1 is much more wildly known as the loopback, however, not everyone knows that anything starting with 127 is also a loopback, so mix it up a little and you'll also get those who are a little bright, but not quite bright enough.

Ideas Man said,
Very good, hahaha. You should mix it up a bit though, because 127.0.0.1 is much more wildly known as the loopback, however, not everyone knows that anything starting with 127 is also a loopback, so mix it up a little and you'll also get those who are a little bright, but not quite bright enough.

Oh I gave tried both the 127 and 192.168 ranges. Damn fools. Muhahahahaha....

People that fall for this......dear god LEARN!!!!!

You let some cold caller talk you into letting them into your pc. You get what you deserve.

Last time they called me, I went off, and ended up getting through to a supervisor.

I told him that the error log had nothing to do with it, and I said "Mate, I do not have time for this, is this ######## or not?"

He giggled as said "Oh, a smart guy. Yes it's ########".

I thanked him for his honesty, and hung up. I was a bit surprised.

my favorite thing when they call me, is have them remote into a VM that is locked down, then sent them a Trojan via injection into their network stream back to their RDP client....

I call BS on that. The first part about letting them connect to an isolated VM is legit, but unless you know of an unpatched flaw in the Remote Desktop Client (or whatever RDP client they are using), you cannot simply send something to the client. If you build it into the RDP steam, the client would reject it, unless, like I said, you found an unchecked buffer you could overflow. About the best you could do is put something like "CreditCardNumbers.txt.exe" in your documents folder and hope they transfer it to their computer.

francescob said,
That's not BS. That's what can happen when you cross the network streams. Don't cross the network streams!
Never. I heard that can also warp the time space continuum and create a mini black hole as a result.

A friend of mine used to get the calls all the time, they knew his name and address, he had n old computer read for their next call as the 1st time he told them to F.Off and a couple week later they called him back, he told them he wasn't near his computer but he does have problems and to call him back a few days later they called him back, he followed through with their instructions to see what it is they would do , the made him download a program so they could access his PC remotely they got in and were snooping for around, there was nothing on the PC but he unplugged the Ethernet cable from it and hung up, they still kept calling them him, until he changed his phone #.

A friend of mine got scammed - I actually warned her but she wouldn't listen. And this was a week after I'd spent 2 hours remoted into her PC fixing things, mostly viruses from illegal movie downloads and streaming sites.

I think I should take up a collection to get her a Surface RT - she'd get into a lot less trouble that way.

I get these all the time, and I usually mess with them for a bit. Last call however I simply asked them if their mother was proud of the son that harassed people over the phone and tried to scam them out of money. Didn't really have a response to that one. :)

This is why I state that a system could be the most secure in the world, all it takes is a clueless user to compromise it. Most users are not informed on what to do in a situation like this.

Doesn't even have to be just technology. If you present yourself as a figure of authority and have confidence in your delivery, most people will believe what you say and accept it. Works on all sorts of scams, which is quite scary when you think about it.

I get these calls routinely, as does my mother.

She is a 67 year old lady, who tells them "Do you want me to make you stop talking by choking you with my giant dick, or would you just #### off on your own?"

rr_dRock said,
I get these calls routinely, as does my mother.

She is a 67 year old lady, who tells them "Do you want me to make you stop talking by choking you with my giant dick, or would you just #### off on your own?"

I think i may be in love with your mother.

MikeChipshop said,
I think i may be in love with your mother.

You have a thing for 67-year old ladies with giant dicks?

Since they have started I have gotten a bunch of calls from people who said they got the call and let them remotely connect into their PC. One older lady was going to give them her credit card but she said she couldn't find it.

Good move MS. On the other hand scammers are evolving: no longer emails " From the Director of FBI" which I personally always found laughable, a call about their computer security is definitely more insidious.

as more and more people move from PC's to mobile devices, the scams will become less and less since more people that keep a PC would be more likely to be knowledgeable about this type of scam. I am sure that some scam callers will eventually move to calling people about their tablet saying the same thing, but i think most of it would be limited to android devices to side-load various malware apps.

rippleman said,
as more and more people move from PC's to mobile devices, the scams will become less and less since more people that keep a PC would be more likely to be knowledgeable about this type of scam. I am sure that some scam callers will eventually move to calling people about their tablet saying the same thing, but i think most of it would be limited to android devices to side-load various malware apps.

Makes no difference. Social engineering can be used on any device.

Kliphouse says the best advice for people who are contacted by these kinds of calls is simply to hang up on them.

Where's the fun in that? I've yet to get one of these but looking forward to messing with them.

Max Norris said,

Where's the fun in that? I've yet to get one of these but looking forward to messing with them.

I always play dumb for the first 5 or so minutes. It's really funny listening to the problems they present to me and how they just assume the technical lingo doesn't have to make sense.

techbeck said,
I have used an air horn before hanging up on them.

Sadly, due to the way phones work, that hurt your ears way more than theirs.

sphbecker said,
Sadly, due to the way phones work, that hurt your ears way more than theirs.

huh? How would that hurt my ears by blowing a horn in the receiver?

know an old guy who likes to fart down the phone at these type of calls, he likes to boast about it, when he in the pub.

sphbecker said,
Sadly, due to the way phones work, that hurt your ears way more than theirs.

The secret is not to listen to your phone at the same time!

My wife usually gets these calls whilst I'm at work. I've left her instructions to tell the people that I work for whatever company they're calling from and can she have their extension number so I can get back to them.

Funnily enough, they always hang up... :p