Scammers are calling people up pretending to work for Microsoft in the latest social engineering hack.
According to the Guardian, the scam is really simple the phone rings at someone’s home, and the caller, usually with an Indian accent, asks for the householder, quoting their name and address before saying “I’m calling from Microsoft”.
The caller claims that Redmond has had a report from their ISP of “serious virus problems” from your computer.
After predicting the end of the world if the problem is not solved, the caller asks the user to open a program called “Windows Event Viewer”. Of course it lists errors, some labelled “critical” which causes most people to make the fatal mistake of trusting the caller.
The computer owner is directed to a website and told to download a program that hands over remote control of the computer, and the caller “installs” various “fixes” for the problem.
Then the bloke from Microsoft asks for a £185 for a “subscription” to the “preventative service”.
Not only has the person paid for something they don’t need, but they have also given their entire computer over to the scammers.
The Guardian said that the scam has been going on since 2008, but lately it has grown after being run from call centres based in Kolkata.
The scam is run by teams believed to have access to sales databases from computer and software companies and is being done without the legitimate outsourcing company’s knowledge.
However the Guardian seems to have worked out that the scammers are probably just using the phone book.
The Guardian has been told that the entire scam is the brain child of one bloke in Kota in Rajasthan.
He has provided fake documentation to a number of payment companies including PayPal and Alertpay, a Montreal-based online payment company, to set up accounts which route money to a bank account in Kota with Axis Bank.
In March, site hosting company Hostgator shut down one of the longest-running sites used for the alleged scam, F1Compstepuk.com, after complaints.
Redmond seems to think that the whole thing was being used by dodgy people within the Microsoft Partner Network. It said that it had terminated its relationship with certain partners who are clearly misrepresenting their relationship with us and using our company name in order to facilitate their telephone scam operations.”
Not that that has stopped the scammers. Two sites alleged to be involved were still listed as “Microsoft Gold Certified Partners”, which Microsoft says means that they must have “demonstrated expertise” and “must employ a minimum number of Microsoft Certified Professionals”.
Just to clear matters up. Microsoft never rings anyone up.