I just got a peculiar telephone call on my house phone. A woman with an accent that suggested that she was from India or Pakistan, said that she was from the “Windows technical department” and was calling me about my computer. She said that there were errors detected on the “main Windows server” and that she was calling to help me walk through solving the problem.
In the heat of the moment, one doesn’t necessarily think of every reason why something like this makes no sense. I had just posted some questions on a Windows forum about how to stream DirecTV video to my Surface tablet, and I’m a frequent user of Microsoft OneDrive which involves Microsoft servers. My brain wanted to file this under those topics, although I knew it didn’t fit. Still my scam alert went off immediately because Microsoft (a word she didn’t use) doesn’t call people like that, and there is no “main Windows server.”
I stayed on the line to get an idea of what was going on because this particular approach at social engineering was novel to me. So she asked me if I was in front of my Windows computer (which I was). My reply was “which computer?” She said, your Windows computer that you are using at that location. I said: “Which one? I have several Windows computers.” She hung up.
After the call, I noted other anomalies:
- They never asked for me by name. If Microsoft knew my phone number, they would have had my name also.
- They never mentioned Microsoft
- How could they know I had an error?
I found references to scams like this going back to 2010. Usually the caller will eventually ask for a fee to help remove a virus. They might also ask for remote access to the computer and then they could plant malicious software to steal passwords and financial information.
Surprisingly, Microsoft may actually call you about an infected computer, according this Microsoft article (may require a Microsoft account login to read). Here is the relevant portion:
There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.
- Beware of the Windows Phone Scam – UK Personal Finance Blog
- Similar story – Who Called us?
- Hello, I’m definitely not calling from India. Can I take control of your PC? – Ars Technica
- Tech Support Scams – Federal Trade Commission
- ‘We’re with Windows’: The anatomy of a cold-calling scam – NBC News
- Don’t fall for phone phone tech support – Microsoft