Microsoft issued formal warnings last week about phone scammers pretending to be employees of the company fixing security problems with user's computers.
It follows a report by CRN last month about scammers attempting to dupe Australians into paying for fake system repairs.
Microsoft released the results of a survey which asked companies about the scripts used by scammers as well as malware designed to siphon personal details such as banking passwords.
The company said the phone scam employed similar tricks to that of a fake antivirus software scam, also known as scareware, circulating the Internet. Microsoft said that the live phone version of the scam involves miscreants impersonating help desk engineers from legitimate software companies. The scammers then pretend to warn users that their PCs could be infected with malware and then offer a free security check.
In reality, the scammers trick users into allowing them to remotely access their computer, download malware on their systems and part with their credit card numbers to purchase fake security software. Microsoft reports that the average victim who falls for the English language scam loses $824.
The scam prompted Microsoft’s Trustworthy Computing Group to commission a survey determining the techniques behind the scam and the affected victims. Out of survey pool of 1,000 computer users in the U.K., Ireland, the U.S. and Canada, 15 percent said that they received a call from a scammer. Out of those who received a call, 22 percent, or 3 percent of the total survey pool, said that they fell for the scam.
Microsoft warned in an advisory that the phone scammers often posed as Microsoft employeesfrom a variety of departments, including Windows Helpdesk, Windows Service Center, Microsoft Tech Support, Windows Technical Department Support Group and Microsoft Research and Development Team.
Microsoft said that the scammers tricked users into installing malicious software designed to capture sensitive or financial data, including online banking credentials and passwords, and later might charge the victim to remove the software.
Scammers were also known to take control of the victims’ computers remotely and adjust settings in a way that would leave them easily accessible to attack.
During the scam, cyber thieves also request credit card data, and bill users for phony services or direct users to fraudulent Web sites that request users to enter credit card data and other personal or financial information there.
“The security of software is improving all the time, but at the same time we are seeing cybercriminals increasingly turn to tactics of deception to trick people in order to steal from them,” Richard Saunders, director of international public and analyst affairs of Microsoft’s Trustworthy Computing, in a statement. “Criminals have proven once again that their ability to innovate new scams is matched by their ruthless pursuit of our money.”
According to the Microsoft report, 79 percent of those who fell for the scam said that they suffered some kind of financial loss, with 17 percent losing money withdrawn from their accounts, 19 percent having their passwords stolen, and 17 percent becoming victims of identity theft.
In addition, 53 percent of the victims said that they suffered from computer problems after the scammer downloaded malware or bogus software onto their computers. Meanwhile, the average cost of repairing the damage to PCs was around $4,500.
To avoid becoming a victim, Microsoft advised users not to purchase any software or services from a telephone solicitor. If approached, users should ask if there is a fee or subscription associated with the service and then hang up if there is.
Microsoft also strongly warned users against giving control of their computer to a third party unless they could without a doubt confirm that it was a member of the Microsoft support team, and advised against users providing credit card or financial information over the phone to someone claiming to be from Microsoft tech support.
In addition, Microsoft advised users to take down the solicitor’s information immediately and report the scam to local authorities.