MICROSOFT IMPOSTORS PHONE SCAM
Cyber-net criminals are using publicly available telephone databases and cold-calling those telephone numbers. When the call is answered, the criminals say they are calling from Microsoft to inform them that Microsoft is receiving “errors” from that persons computer. Most of these cyber-net criminals sound very convincing and professional, and they endeavor to gain the persons confidence.
They make a offer to check-out the persons computer for free, via Remote Access Software. If the phonecall recipient agrees to the free offer, a remote connection is made.
In a manner that the computer owner doesn’t particularly notice, “trap door” code and 1 or 2 User Login applets are very quickly installed. The trap door code will allow the criminal to access the computer in the furture when the computer is online, and the User Login Applets will require a user name and password upon a reboot, which the computer owner has never been presented with before, and does not know the credentials to. Once when I was using a password cracking tool, which reveals the password, the password part of the credentials was simply the word “computer”.
The cyber-criminals Caller ID phone numbers are always VoIP(voice over IP) numbers, which can have pratically any area code and exchange regardless of where the criminal is physically located, and are pretty untraceable. The phone calls are routed always through mutilple and very fast proxy servers, and / or also make use of the TOR network, which is very resist to network traffic analysis.
The criminal’s, in further endeavoring to establish credibity, might after remotely accessing the computer, inform the computer user that it was a very minor issue, and file was fixed, and there is no charge for doing so. They may provide, of course, a fake case number and a real call back phone number, and politely say goodbye after asking if there is anything further that they would like help with. The computer user may or may not ask for futher help. If yes, the criminal will pretend to examine the software futher, and then quote prices. Or the criminal may just end the call if the computer user says they desire no further help.
Then the cyber-criminals will call back in a few days and inform the person that the errors have begung again and increased, and recommend that the call be transferred to the Microsoft Software Resolution Department where a Microsoft software technician will fix the issue. They then just tranfer the call. If the computer user hasn’t hung up the phone by now, the next criminal comes on the line and explains how much time it’s expected to take, and that they can begin immediately. They quote prices in the area of $399.00. They of course require the person’s credit card upfront and a VERY IMPORTANT part of the the scam is that they state that the service is guaranteed and the charges are fully immediately fully refundable for up to 7 days, if not satisfied with the improvement and results of the service. This of course is a lie.
If the person goes along, and the credit card is processed, they cyber-cirminals usually do no further harm, though they do leave the “trap-door” installed and renamed from its .exe to something innocuous, and hide it deep within many directories, where many anti-malware softwares won’t look or wouldn’t recognize it to be malicious. They also leave the User Login software installed but neither are activated.
If the person refuses to provide the credit card information and refuses the service, the tide then turns dramatically. The cyber-criminal go into rapid “malicious mode”, whereby in a split second, activates the trap door code and the Login Applets, which kick-in upon the next reboot of the computer. So until the computer user reboots the computer, which could be days or weeks (some user’s very infrequently reboot or shut down.) Upon the next reboot, the maliciously installed User LogIn dialog appears, and the computer user can’t provide the login credentials for it. The trap door code is launched also and the criminals are informed that the code and User Login dialogs have been also. The computer user is “stuck” at the Login Dialog, and can go no further and can’t user the computer. Well if they can’t get passed the first login roadblock, why did the criminal bother to install 2 or even 3 roadblocks? I think that its for this following reason…..using available credential cracking software, Princeton Computer Repairs & Tutoring has encountered a triple User Login dialog, and failed a couple of times to crack the 3rd User Login dialog.
On those couple of occasions, in order to restore the normal usefullness of the computer to the computer user, its hard disk drive(HDD) had to be formatted, which erases, deletes, wipes-out ALL the software on the HDD, both good software and bad software, followed by the reinstallation of the operating system and all the users program applications. Only one of my clients in those triple User Login dialogs situations had done a recent backup of their personal user files, which were then reinstalled on the newly formatted HDD. The other two client were behind the 8 ball, and lost all her user files, pictures, book-in-progress, music, etc.
What To Do If Microsoft Impostors Phone Scammers Call You
You are now wise to this possible phone call. If you receive one, note the phone number on your Caller ID anyway, and immediately report it to your local police. Certainly DO NOT agree to a Remote Access Session.
If these cybercriminals determine that the “heat”, law enforcement authorities are moving in on them, they’ll simply switch ISP’s, and are prepared to do so. They are often located throughout the Asian continent, which makes US law enforcement difficult too. And believe it or not, the banks though which these fraudlulent credit card transactions occur, aren’t as aggressive as you’d think in going after these bad guys. The funds are flowing from the criminals merchant account into the bank, through Visa, Mastercard, Discover, AmEx etc., and the bank is making it’s usual profitable fee. When a particular group of cyber-criminals really rakes in super big bucks through a particular merchant account upon which consumer complaints begin to mount and mount, if usually only then that the banks act. They might shut down the cyber-criminals merchant account, but by that time the funds have already been transferred and or converted to real currency or other currencies. The cyber-criminals can also move operations to other merchant accounts without missing a beat, with hardly and interruption of their business activity. Sometimes they will flow the credit card transaction with legitimate merchant account enterprise they also operate or are criminally affliated with.
End.