What should I do if I fell for a scammer claiming to be Microsoft and let him into my computer?
This question was answered on October 11, 2018. Much of the information contained herein may have changed since posting.
The sophistication level being used to con people into thinking that they are talking to Microsoft continues to evolve.
Even the most levelheaded folks can be convinced by a skilled con man, especially if they can ‘prove’ to you that your computer has a problem.
How it Starts
The scam typically starts with a phone call from out of the blue with someone claiming that they are with Microsoft and that your machine is sending out distress signals that they’ve detected and can help you with.
They’ll typically use caller ID spoofing techniques to make it look like their number is either a local or toll free number.
Another trick, which is becoming more common, is that they’ll setup rigged websites that will pop up an official looking Windows alert with instructions to call Microsoft at a toll-free number.
Often times, the scammers will tell you to go look for yourself and instruct you to open a program like the ‘Windows Event Viewer’ to see your errors.
They know that virtually every Windows machine will have some form of error message in the Event Viewer and that the average user will have no idea what error messages actually mean.
Their ultimate goal is to get you to allow them to access your computer remotely, so they can ‘help you’ clean things up.
If you allow them in, there’s very little that they can’t do, because it’s as if they are sitting in your home, typing on your keyboard and clicking with your mouse.
In most cases, they’re trying to convince you to pay for the cleanup or sign up for an ongoing subscription service.
Though it’s rare, they could also plant malware like hidden keyloggers that will allow them to silently capture all your keystrokes from then on, even after they ‘finish’ their work.
What Should You Do?
Since there will be no obvious signs of what they have done, as a safety precaution, it’s best to disconnect your computer from the Internet until you can properly evaluate what changes may have been made.
If you’re technically inclined, you can search for new entries that have been setup in the various operating system folders such as Program Files, Program Data and Windows as an initial check. If you’re familiar with the Windows Registry, you can search for new or unusual entries in the various Run keys.
Your security software would not necessarily detect the malicious program because skilled scammers can make them look like a legitimate program and even approve the installation if a warning came up during the install, but you should still run a deep scan with all of your security programs.
Another safety precaution is to change the passwords on any of your sensitive accounts because they can easily scrape your browsers ‘saved passwords’ while they have access to your computer.
If you did provide your credit card number, expiration date and security code to the scammers, be sure to contact your card issuer to setup an alert and replace the card for good measure.
About the author
Posted by Ken Colburn of Data Doctors on October 11, 2018