Anatomy of a scam: Phone caller warns your PC is infected

|

windows-7-security-iconAlmost anyone with an Internet connected computer has seen browser popups warning that your PC is infected with a virus and offering to scan and clean the system. Of course, most folks know by now that these are actually attempts to place malware on your system, followed by a demand for money in exchange for removing it.

But what many folks don’t know is that there’s a counterpart to this scam in the “real” world, in which con artists contact victims by phone to tell them their computers are infected. I hear several times a year from people who’ve fallen for this scam, and they often end up being tricked into giving up credit card numbers and losing large sums of cash as a result.

Now, the Windows Secrets newsletter has some notes from a tech-savvy reader who was called twice by such scammers. Veteran tech journalist Fred Langa details what happened, providing an insight into how these bad guys operate.

And the story has a Houston connection, though it’s likely a random one.

Windows Secrets reader Scott Brande tells Langa that he received two calls from the scammers within as many weeks, and the second time he decided to play along and take notes:

“This morning I received a telephone call (the second such call in two weeks) about infected files on my computer; the caller then offered to fix the problem. Suspecting a scam, I decided to play along.

“I think it was the same caller both times. He had a strong accent, the kind I’m used to hearing on outsourced help lines. I asked the caller’s name both times; the first time he replied, ‘Mike Tyler,’ and the second time he was ‘Andrew.’ He began the call by saying that he’s with Microtek, an authorized supporter for Windows operating systems. (My spelling of the company’s name was a guess; the caller never spelled it out.)

Brande pressed the caller on the company and was told it was out of Houston. Indeed, there’s a Microtek here, but it’s a Houston branch of an Illinois-based computer training company. It doesn’t do tech support. Brande said he suspects the caller pulled the company’s name at random off the Web. (There’s also a small computer sales and service business in Houston called MicroTech, but it’s also likely unrelated.)

Brande asked the caller how he knew Brande’s PC was infected, and was told that “because I use Microsoft Windows, my computer sends notifications to Microtek servers.”

“I then asked how he knew about my specific computer; he stated that his server gets updates from my PC. He then asked whether I ran Windows Update. When I said yes, he went on to say that Microtek servers got the information about infected files in my system via Windows Update.

“I countered, stating that Windows Update goes only to Microsoft servers — not Microtek servers. But he simply repeated that Microtek is an authorized Microsoft Partner.

The caller told Brande that his PC was infecting the computers of MicroTek’s clients. Brande challenged him, and he then offered to show Brande the infected files on his computer. What happened next is especially galling:

“I asked how his clients’ machines could possibly be affected by my home computer. He didn’t answer this but went directly to the following: ‘OK, I’ll show you the infected files on your computer.’ He instructed me to enter .inf into the Start menu search box, then declared that all these files were ‘infected’ (that .inf stands for ‘infected’ or ‘infection’).

Brande knew that wasn’t true. The .inf extension actually stands for INFormation. It’s a text file typically used for installing hardware drivers on Windows PCs. Of course, a search for this on a Windows system will turn up dozens of these files, likely scaring the bejesus out of someone who doesn’t know better.

Brande’s challenge to this ultimately caused the caller to hang up. But had Brande been less savvy, the caller probably would have wanted a credit card number to perform a cleanup, or may have placed malware on the system in the guise of an antivirus program.

As Langa points out, Microsoft and its partners never make this kind of call, and Windows Update doesn’t collect personally identifying information that would enable such cold calls.

At the end, Langa provides a list of ways victims can report attempted – or, sadly, successful – scam attempts:

For more information about how to recognize the type of scam Scott ran into, see the MS Safety & Security Center page, “Avoid scams that use the Microsoft name fraudulently.”

You’ll find additional ways to generally scam-proof yourself on the U.S. Federal Trade Commission (FTC) site, “Telemarketing Scams.”

If you receive (or have already received) a scam-related phone call, the FTC requests you dial (toll-free) 1-877-FTC-HELP or visit the Complaint Assistant site.

If you’re on the receiving end of an attempted scam via the Web (rather than by phone), file a complaint on the Internet Crime Complaint Center’s free website.

As I said, I hear regularly from readers who’ve experience this type of scam, so it’s pretty common. Have you gotten one of these calls? Tell us your story in the comments.

Dwight Silverman | Techblogger, social media manager

Comments are closed.