I have been in IT for many years and have seen many scams come and go. The most important thing is to be on your guard at all times and if you are not sure then don’t do anything just ignore it and delete it.
I read a story in my local free paper Hearld & Post (10 April 2014) about an elderly gentleman who was conned by a caller claiming to be from Microsoft. The ‘engineer’ informed him that he needed to upgrade his security software and needed access to his machine. The gentleman called them back on a 0800 number and handed over control of his computer the ‘engineer’.
Now most people will consider this to be okay, however, here are the warning signs in this case;
Microsoft engineers will not call individuals or any other software vendors, unless a support ticket has been logged. Also Microsoft engineers have sufficient knowledge that if the security software needed upgrading, they will do so via the normal updates method, Windows Updates. They have millions of customers and it is not possible for them to call all of them.
The upgrade of the security software was the gentleman using one of Microsoft security software or a 3rd parties, if the latter then this should have been a warning straight way. The security software comes with the Windows operating system is Windows Defender and Windows Firewall and any issues with these are updated via Windows Update, so there is no reason for an engineer to call.
To make the call appear to be genuine, the caller gave a 0800 number so the end user will call back. These days numbers can be brought easily, so in this case the first thing I would do is to check out if the number was from Microsoft. I would do this by logging onto a website called SAYNOTO0870.COM and type in Microsoft in the Company Name box or the number that the caller gave me into the alternative number box.
I am glad that when the gentleman was asked for payment, he refused and got suspicious. Imagine how many would have provided the con person their card details. However, the gentleman now has to get his computer cleaned up, and is likely to cost him.
Today (11 Apr 14) I received an email from my Bank advising me that several attempts have been to access my online account and that it is suspended. This email was sent to an email address that I know is not on personal online account. This email is asking me to download the attached document to reactivate my account and review the activity. If I open the attachment I know that my computer will be infected with malware, a Trojan or a virus and I would have to investing time and effort in cleaning up the computer. If you want to check if the email is genuine the call your banks online fraud team for advice.
There are so many ways that we can be conned and we can all be caught out once or twice, however, being cautious is a good thing.
Disclose your password
Disclose your PIN number
Disclose your card security number
Disclose any personal information