Helping people with computers... one answer at a time.
A very common scam has people supposedly from Microsoft or your ISP or other authorities calling to help you with computer problems. Don't fall for it.
A family member got scammed by a telephone call from someone saying that they were from Microsoft, calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help! Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded on to a new HD/computer?
•
As you point out, it's a scam. Microsoft doesn't call people because of errors on their computer. Neither do ISPs, security companies, or pretty much anyone else who might claim some role of internet authority or otherwise.
To quote Admiral Akbar: "It's a trap!"
I've been getting lots of reports of this scam and its variants of late. Fortunately, many people are rightfully suspicious and cut it off before it goes too far.
Unfortunately, having fallen for the scam puts you in a difficult and dangerous position.
To start with, let's not hook up that external hard drive just yet.
•
The Scam
The scam is very simple: someone calls you claiming to be from Microsoft or your ISP or your anti-malware provider or some other authoritative company. Of course, they are not.
They claim that they've detected that your computer is causing many errors on the internet or that there are "problems with your account". To prove that there's something wrong, they ask if your computer has been crashing recently. Or they have you open up the event viewer and point out the many, many errors listed there. Crashes are, unfortunately, too common and the event viewer is a mess - full of messages, warnings, and errors, even on a machine that's working just fine. They simply use this confusion and misinformation to claim that your computer has a problem.
And, of course, they can fix it.
The scammer asks you to connect to a remote access site, such as logmein.com or ammyy.com, so you can give them access to your computer and they can correct the problem for you. Important: Sites like logmein.com, ammyy.com, and perhaps other remote-access services used for this are not involved in the scam. They're just web services that the scammer happens to use and nothing more.
That then leads to the scam's hook. While accessing your machine, the scammer does typically one of two things:
-
They install malware.
-
They determine that you'll need to purchase something - perhaps software, extended services, or whatever. At this point, they ask for your payment information.
You're either left with a malware-laden machine (that won't be "fixed", by the way), bogus charges on your credit card, or both.
It's a classic scam.
Avoiding the scam
It's classic scam-avoidance 101: never completely trust someone who you don't know who calls you.
Listen to them, if you like. Ask questions, if you feel so motivated, but never ever give them access to your PC and never ever give them your payment information.
Let them know that you'll have your local tech look into it (even if you don't have one).
Once it's clear that you're not going to fall for the trap, it's very likely that you'll get hung up on or that the caller may even become abusive; at that point, you can hang up on them.
If you're concerned that there is a real problem, do the research yourself, or contact the technical resources that you trust and ask them about it.
Chances are there's nothing to see here.
Recovering from the scam
If you handed over payment information, you've just given that information to a complete stranger. Immediately contact your credit card issuer or other payment provider and put them on fraud alert.
If you allowed the scammer access to your machine ... well, things get ugly.
The short answer is that you have no idea what they did. If you saw them install software in the guise of tools to help repair your system, it's very possible that it's really a bundle of malware that's now residing on your machine.
Even if you didn't see them download something, they still could have placed malware on your machine.
You just don't know.
And there's no way to prove that they didn't.
There are two approaches at this point:
-
Assume the worst. Revert to a system image backup taken before the access was granted. If you don't have such a backup, then backup your data, reformat, and reinstall Windows. This is the only way to know that whatever the scammer might have left on your machine is truly gone.
-
Hope for the best. Run up-to-date anti-virus and anti-spyware tools, making sure that each is running with an up-to-date database. I'd be tempted to scan with an additional tool or two; I would specifically recommend a scan with MalwareBytes Anti-Malware, which seems to catch a lot of the more aggressive malware. I'd be tempted also to try the process outlined here, as well as the new Microsoft Standalone System Sweeper.
And then hope that whatever may have been left was caught.
It's a scam
This appears to be a common scam right now and the best defense, as you can guess, is to not fall for it in the first place.
If you do, then the next best thing is to make sure that you have regular system backups that you can revert to.
And if you walk away remembering just one thing, remember this:
They won't call you.
If "they" do, be very, very suspicious.
Article C4863 - July 4, 2011
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
We have gotten several calls from {phone number removed}, mostly hang ups. I reported them to the National Do Not Call Registry. This morning they called again, and a woman I could barely understand said I had a "hidden infection" on my computer and would I turn it on so she could take a look. After getting nowhere with her, I asked to speak to her supervisor to get some answers. The guy, whose English wasn't much better, said that he was working with Microsoft to fix infected computers. He said he was from Xion Technologies. I asked which of my PCs was infected, he just kept insisting that I chose a PC and turn it on so he could "look." I asked several times for a call back number, he danced around it then finally said he couldn't provide that info "right now." While I had him on the line, I looked up Xion Tech and sought out answers from Microsoft. What I found was: Microsoft does not make unsolicited phone calls to help you fix your computer.
Posted by: Pnoon at January 20, 2012 9:54 AMI received a call today from a man who spoke very broken english telling me my computer was sending messages to them that it was infected with malware. I asked him which computer, since I have 4 and he went on to try to tell me it was the one I use the most, which I told him was an apple computer. He kept on and on until I asked to speak to a supervisor who I could understand, who by the way wasn't much better at english. They tried to convince me to turn on my computer, and I kept telling them I was at work. They offered to call me back when I got home. I asked for the name of the company and tried to verify that they were
Posted by: Nfield at February 21, 2012 2:45 PMunder contract to Microsoft. They then tried to convince me that because the warranty had expired on my computer that was the reason it was infected. I again asked for the company name and he told me Xion Technology, I googled it and then told the guy that I was looking them up and it appeared they were a fraud . I kept asking him what are you trying to sell me? What are you phishing for? He got very upset with me and proceeded to tell me to "Go to Hell" (his ecaxt words)
and hung up on me
Hi Leo i have so many warning or errors in event viewer what i can do for removing them from my computer? plz send me reply ASAP.
Posted by: Sharanjit kaur at February 22, 2012 4:53 AM@Sharanhit
Posted by: connie at February 22, 2012 8:09 AMYou might want to try the Microsoft Standalone System Sweeper. Leo has a great article about that here:
Microsoft Standalone System Sweeper Clean Malware from your Machine
I just got off the phone with these characters. I kept them on the phone for as long as I could (about 10-15 minutes). I asked several questions - the name of the company (they told me Xion Technology - like above), their phone number, the CEO of the company,... Of course they didn't answer, just kept on telling me that they were under contract of Microsoft and that my computer has been sending error messages to them for a long time and I had severe problems. I told them (spoke to a "tech" and "supervisor" as described above) that I think they are a scam. They finally told me that the call was over.
Posted by: MFulmer at April 28, 2012 6:25 PM