Security alert: Bogus tech-support phone calls

By Fred Langa

“Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection.”

The call is a scam — an extremely prevalent one. Here’s how it works and what you need to know to stay out of the trap.

Scams come and go, but this particular one seems to have staying power — and it’s spreading quickly. It’s now so common, the Internet Crime Complaint Center (a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center) issued a Jan. 7 special alert, “New twist to online tech support scam.”

Windows Secrets reader Scott Brande was recently on the receiving end of a typical tech-support con. Recognizing it for what it was, he carefully documented the attempted snow job, then sent in his notes as a service to all Windows Secrets readers.

His narrative, plus the resources I’ll list at the end of this article, can help you — and the people you care about — avoid falling prey to this malicious tactic.

Scott’s description of how the scam played out:

  • “This morning I received a telephone call (the second such call in two weeks) about infected files on my computer; the caller then offered to fix the problem. Suspecting a scam, I decided to play along.

    “I think it was the same caller both times. He had a strong accent, the kind I’m used to hearing on outsourced help lines. I asked the caller’s name both times; the first time he replied, ‘Mike Tyler,’ and the second time he was ‘Andrew.’ He began the call by saying that he’s with Microtek, an authorized supporter for Windows operating systems. (My spelling of the company’s name was a guess; the caller never spelled it out.)

    “I asked immediately whether this was a sales call. Without directly answering my question, he launched into what sounded like a script. He stated: ‘Our servers have received information from your computer that indicates it is infected.’

    “When I questioned him about his company, he told me I’d find ‘Microtek’ listed on [an online business directory] — as if a listing in the directory were proof his call was legitimate! When asked where the company was located, he replied, ‘Houston, Texas.’ I then asked for his employee ID; he gave me ‘MSCE079502.’

    “(After the call, I ran an online search and came up with a Microtek in Houston; it’s a training facility for business computer users — not a technical-support center. I assume the caller just picked Microtek’s name off the Web. I don’t believe the real Microtek had anything to do with the bogus tech-support call.)

    “Changing topics, I asked how he knew my computer was infected. He replied that his company is an authorized Microsoft Partner and, because I use Microsoft Windows, my computer sends notifications to Microtek servers.

    “I then asked how he knew about my specific computer; he stated that his server gets updates from my PC. He then asked whether I ran Windows Update. When I said yes, he went on to say that Microtek servers got the information about infected files in my system via Windows Update.

    “I countered, stating that Windows Update goes only to Microsoft servers — not Microtek servers. But he simply repeated that Microtek is an authorized Microsoft Partner.

    “Next, I asked him which one of my computers was infected (I have several at home), to which he said something vague about a MAC address. When asked which MAC address he had for my machine, he would state only that, for ‘security reasons,’ he couldn’t tell me the MAC address (even though it was my own PC).

    “At this point, I expressed my doubts about all this information. But he was quite persistent; he stated that ‘some of our clients in your area have been affected by the infected files on your machine.’ He then claimed I had upward of ‘1,000 infected files.’ When asked who these local clients were, he said he couldn’t tell me that (of course).

    “I asked how his clients’ machines could possibly be affected by my home computer. He didn’t answer this but went directly to the following: ‘OK, I’ll show you the infected files on your computer.’ He instructed me to enter .inf into the Start menu search box, then declared that all these files were ‘infected’ (that .inf stands for ‘infected’ or ‘infection’).

    “At that point, I said I didn’t believe that was true; it was my understanding that .inf was a particular type of file that comes with software installed on my computer.

    “At this point, he ended the call — probably because I knew that .inf didn’t refer to infected files. As it was, I’d had him on the line for a good 15 minutes.

    “As I mentioned, this is the second such cold call I’ve received in about two weeks. The pitch given in the two calls was very consistent; I surmise there must be many others who have been presented with the same scam.”

Great job, Scott! Your suspicions are totally correct: This was just a scam. And yes, it’s extremely widespread.

Bogus tech-support call raises red flags

Two of the caller’s assertions in Scott’s narrative immediately indicate a scam:

  • Microsoft or one of its partners made the call: False! Microsoft flatly states:

    “Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. … Do not trust unsolicited calls. Do not provide any personal information.” (See the full text on Microsoft’s “Avoid tech support phone scams” page.)

  • Windows Update collects personally identifiable information: False, again! Even if it wanted to, Microsoft — or a Microsoft Partner — can’t track you down and cold-call you via information acquired by Windows Update. You’ll find more details on the online “Windows Update privacy statement” page; a more colloquial version on the “Using Windows Update” page states unequivocally: “Windows Update is committed to protecting your privacy and does not collect your name, address, e-mail address, or any other form of personally identifiable information.”

Scott’s caller raised other red flags, too. For example — just as Scott thought — .inf stands for information, not “infection.” An .inf is just a plain-text file containing information Windows uses when it’s installing a driver.

Knowledge of INF files is somewhat specialized — not everyone will know what they’re used for. But the first two red flags should be easily recognized by any experienced Windows user.

Bottom line: If you get an unsolicited call from anyone offering to “fix” your computer (especially if they claim to be from Microsoft or a Microsoft Partner) hang up immediately — it’s a scam!

Further scam-proofing — and reporting scammers

For more information about how to recognize the type of scam Scott ran into, see the MS Safety & Security Center page, “Avoid scams that use the Microsoft name fraudulently.”

You’ll find additional ways to generally scam-proof yourself on the U.S. Federal Trade Commission (FTC) site, “Telemarketing Scams.”

If you receive (or have already received) a scam-related phone call, the FTC requests you dial (toll-free) 1-877-FTC-HELP or visit the Complaint Assistant site.

If you’re on the receiving end of an attempted scam via the Web (rather than by phone), file a complaint on the Internet Crime Complaint Center’s free website.

And here’s some preventive medicine that might help. Register all your phone numbers with the National Do Not Call Registry (free; site). You need to register a number only once; the registry never expires. This won’t stop all unsolicited calls, but it will stop most. If your number is on the Registry and you still get calls, they’re likely to be from scammers ignoring the law. In that case, call the FTC number listed above and file a complaint.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s