The phone conversation always starts the same way:
Me: Hey, this is Ken.
Joe: Hey Ken, it’s Joe. I think my computer is infected by a virus.
Me: Oh man, what are the symptoms?
Joe: Well, I was just browsing the web and suddenly I got a pop-up that said my computer was infected.
Me: OK, then what? (inside voice: please tell me you didn’t call the 800 number)
Joe: Well, I tried to close the browser, but it wouldn’t close and there was a voice playing through the speakers stating that the computer is infected and not to shut down.
Me: So what did you do? (inside voice: please tell me you didn’t call the 800 number)
Joe: There were these pop-ups that I couldn’t close, with a message to call Microsoft Tech Support at this 800 number. Oh, and the recording told me to call Microsoft.
Me: Yeah, this is a pretty common scam and it’s not really Microsoft (inside voice: please tell me you didn’t call the 800 number)
Joe: So I called the 800 number….and I got this Microsoft technician who barely spoke English …. who asked me a bunch of questions and walked me through some steps to see if my computer was infected.
Me: Mmmm…..Did you provide remote access? (inside voice: please tell me you didn’t give them remote access)
Joe: Yeah, he had me install this remote access tool and took control of my computer and showed me more viruses and infections.
Me: (Actual voice) Please tell me you didn’t give him your credit card number……
Joe: So I gave him my credit card and he cleaned up the viruses and offered 2 years of support for $400. Is this OK?
Wow! Nailed again. I have had this exact conversation a dozen or more times with clients and friends, each of whom have received shiny brand new credit cards or checking accounts as a result. That’s right. Not only is your computer security compromised, you have also given a scammer access to your credit card or checking account.
This is a very common scam and has various attack vectors. For a while, the most common approach was via phone call. I used to receive a couple of calls a week from overseas callers claiming to be from Microsoft stating that they had noticed dangerous virus activity on my computer. I typically strung them along long enough to find my trusty sports whistle, which I blew loudly into the phone. This usually resulted in a prompt dropped call.
I also tried providing access to a virtual machine just to see what they would do but they usually got wise to me when I strung out the call. Here’s a very entertaining fake support “technician” that called a seasoned security researcher at Malwarebytes who turned on his recorder and had some fun with the caller. This is a very long audio session, but is worth your time. Heck, some readers will recognize the script from their personal experience. Ultimately, he angered the caller, who attempted to delete stuff off of his computer which is yet another reason that you should simply hang up on these guys.
My first exposure to this type of scam was a very bright friend of mine who ended up with 2 compromised machines and a new credit card!
Another attack approach is via email. However, the most common vector today seems to be via “drive by attacks” where the user either clicks a link, such as an ad, or clicks on a rogue search result and lands on a malicious website. For example, say you search for WRAL and the top result is wral.net (a bogus link), and you inadvertently click on it, instead of WRAL.com. Instead of seeing today’s headlines you get a gnarly web page:
These are extremely intimidating alarms, even for seasoned web users. Not only do they lock the browser, preventing you from closing Chrome, Firefox, Safari, or IE, but they also have a recorded message that seemingly cannot be silenced. The warning purports to come from Microsoft or another trusted tech company and provides a support phone number. The user is warned NOT to close the browser without calling the number, as bad things will happen. The secret here is that closing the browser will swiftly defeat the scam. If you cannot close the browser by conventional methods or by using Task Manager, simply save and close your work in Word, Excel, AutoCAD, etc. and then reboot your computer. This solves the problem if you don’t navigate back to the same rogue website.
Now, once the computer reboots, you should run a virus scan using whatever virus protection suite is installed on your computer. As a safety net, download and run Malwarebytes just to be sure.
These scams are more bark than bite, unlike the ransomware attacks that have monopolized headlines over the last year. But, they are extremely profitable for hackers and a massive headache for victims.
Remember: Don’t be intimidated by these scary pop-ups, and never, never, never give your credit card or banking information to random callers. When in doubt, call your trusted tech provider as we have seen these scams time and time again.
Oh, and one more thing: Be safe out there.