Helping people with computers... one answer at a time.
A very common scam has people supposedly from Microsoft or your ISP or other authorities calling to help you with computer problems. Don't fall for it.
A family member got scammed by a telephone call from someone saying that they were from Microsoft, calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help! Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded on to a new HD/computer?
As you point out, it's a scam. Microsoft doesn't call people because of errors on their computer. Neither do ISPs, security companies, or pretty much anyone else who might claim some role of internet authority or otherwise.
To quote Admiral Akbar: "It's a trap!"
I've been getting lots of reports of this scam and its variants of late. Fortunately, many people are rightfully suspicious and cut it off before it goes too far.
Unfortunately, having fallen for the scam puts you in a difficult and dangerous position.
To start with, let's not hook up that external hard drive just yet.
The scam is very simple: someone calls you claiming to be from Microsoft or your ISP or your anti-malware provider or some other authoritative company. Of course, they are not.
They claim that they've detected that your computer is causing many errors on the internet or that there are "problems with your account". To prove that there's something wrong, they ask if your computer has been crashing recently. Or they have you open up the event viewer and point out the many, many errors listed there. Crashes are, unfortunately, too common and the event viewer is a mess - full of messages, warnings, and errors, even on a machine that's working just fine. They simply use this confusion and misinformation to claim that your computer has a problem.
And, of course, they can fix it.
The scammer asks you to connect to a remote access site, such as logmein.com or ammyy.com, so you can give them access to your computer and they can correct the problem for you. Important: Sites like logmein.com, ammyy.com, and perhaps other remote-access services used for this are not involved in the scam. They're just web services that the scammer happens to use and nothing more.
That then leads to the scam's hook. While accessing your machine, the scammer does typically one of two things:
They install malware.
They determine that you'll need to purchase something - perhaps software, extended services, or whatever. At this point, they ask for your payment information.
You're either left with a malware-laden machine (that won't be "fixed", by the way), bogus charges on your credit card, or both.
It's a classic scam.
It's classic scam-avoidance 101: never completely trust someone who you don't know who calls you.
Listen to them, if you like. Ask questions, if you feel so motivated, but never ever give them access to your PC and never ever give them your payment information.
Let them know that you'll have your local tech look into it (even if you don't have one).
Once it's clear that you're not going to fall for the trap, it's very likely that you'll get hung up on or that the caller may even become abusive; at that point, you can hang up on them.
If you're concerned that there is a real problem, do the research yourself, or contact the technical resources that you trust and ask them about it.
Chances are there's nothing to see here.
If you handed over payment information, you've just given that information to a complete stranger. Immediately contact your credit card issuer or other payment provider and put them on fraud alert.
If you allowed the scammer access to your machine ... well, things get ugly.
The short answer is that you have no idea what they did. If you saw them install software in the guise of tools to help repair your system, it's very possible that it's really a bundle of malware that's now residing on your machine.
Even if you didn't see them download something, they still could have placed malware on your machine.
You just don't know.
And there's no way to prove that they didn't.
There are two approaches at this point:
Assume the worst. Revert to a system image backup taken before the access was granted. If you don't have such a backup, then backup your data, reformat, and reinstall Windows. This is the only way to know that whatever the scammer might have left on your machine is truly gone.
Hope for the best. Run up-to-date anti-virus and anti-spyware tools, making sure that each is running with an up-to-date database. I'd be tempted to scan with an additional tool or two; I would specifically recommend a scan with MalwareBytes Anti-Malware, which seems to catch a lot of the more aggressive malware. I'd be tempted also to try the process outlined here, as well as the new Microsoft Standalone System Sweeper.
And then hope that whatever may have been left was caught.
This appears to be a common scam right now and the best defense, as you can guess, is to not fall for it in the first place.
If you do, then the next best thing is to make sure that you have regular system backups that you can revert to.
And if you walk away remembering just one thing, remember this:
They won't call you.
If "they" do, be very, very suspicious.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.