An edited article by Woody Leonhard, Windows Secrets

“I’m from Microsoft and I’m here to help.” At least, that’s what reader MP thought he heard when he answered the phone. It wasn’t.

Con artists all over the world are bilking big bucks out of unsuspecting Microsoft customers — including savvy Windows users.

In this new epidemic, the scammers are sophisticated, glib, and oh-so-convincing. Know the warning signs. You may be next.

Inside one con that almost succeeded

Here’s how MP describes his experience:

“I was having a problem with Windows XP and posted an inquiry on one of the [presumed to be] Microsoft support sites. My wife received a call from someone wanting to talk to me about my computer. She gave a time when I would be home. I was expecting a call from my ISP. The call came at the arranged time, but it was not the ISP. The caller said he was working on behalf of Microsoft and directed me to a very convincing website for confirmation of his company and his credentials. The caller knew my name and telephone number.

“We talked about the problems I’ve been having with Windows XP. He said it sounded like a virus. He guided me into Windows XP’s Event Viewer and showed me a number of red and yellow flags for applications and systems, which he said were indicative of a malware attack.

“He offered to get a technician to sort the problem for free and directed me to a website, where I had to enter some contact information and my Windows activation code, from the sticker on my PC. He talked me through the process — we were on the phone for almost an hour at that point — and it all went smoothly until I had to enter some sort of warranty code that I didn’t have. He told me to hang on while he checked with his boss.

“A few minutes later, he was back and gave me the unfortunate news that my free support period had ended. He told me I would have to pay $99 for extended support and directed me to a place on the website to enter my credit card information. I’m not sure why, but I smelled a rat, so I hung up on him.

“The caller knew what he was talking about, knew my name and phone number, knew that I was running Windows XP, and knew that I was having problems. I’m a professional electrical engineer and fully aware of phishing and other scams, but I was nearly taken in.”

MP sent me the address of the site the caller used for a reference. I won’t repeat it here because, to this day, I’m not sure whether it’s a legitimate consulting firm site or whether it exists only to provide a backstory for swindlers.

The website certainly had an air of legitimacy. It identified the caller’s company as a “Microsoft Registered Partner” with an official Microsoft logo. “This company is a Technical Support Provider,” the site says. “As computers have become more popular and sophisticated, the job of keeping them running has fallen to an ever-expanding group of specialists, collectively known as Solution Engineers.”

The site went on to say, “The first point of contact is generally the manufacturer’s tech support. However, as manufacturers and others scale back on in-house technical support to control costs, innovative and entrepreneurial technical support companies are building a robust business of providing help and a sense of security to consumers.”

Then I noticed that the site’s mailing address is in Kolkata and the domain is registered in Jharkhand, India — a long, long way from MP’s stomping grounds.

Robust? You could call it that.

Be aware of tricks of the con artist’s trade

I wish MP’s story were unique, but it isn’t.

How in the world did the con artist take him in? It’s easier than you think.

In MP’s case, it’s possible that somebody milked his name from a Microsoft tech-support site and looked him up in a phone book. But it’s far more likely that the con artist simply called phone numbers randomly. Think about it. If you called 100 people and told them (with a ring of friendly authority in your voice) that you were from Microsoft and wanted to help them with the PC problem they reported, what percentage would take you up on the offer? I’d guess it’s at least 10%.

Tricking users such as MP (or his wife) into revealing names or PC problems is a con artist’s stock in trade: if you aren’t immediately suspicious, casual banter will often reveal a wealth of personal information. For example, it can take a scammer all of five seconds to find out whether you’re using Windows XP or Win7: “Do you see the big circle in the lower-left corner? Oh, sorry, I meant do you see the word ‘Start’ in the lower-left corner?”

Everybody’s Event Viewer has red and yellow flags. Check yours right now and you’ll see them:

• Windows XP: Click Start, Control Panel, Performance and Maintenance, Administrative Tools; then double-click Computer Management.
• Vista: Do the same, except for the final step. Double-click Event Viewer instead.
• Win7: Click Start, type Event, click Event Viewer.

On the left of the Event Viewer window, expand the Windows Logs/System branch. See the ocean of colored flags? They’re mostly harmless, although they look alarming — which is why Windows makes it difficult to find them. It’s good fodder for a flimflam.

The website used for establishing the caller’s credentials may be completely legit — or maybe not — it’s very, very hard to tell. Anybody can become a Microsoft Partner; it takes maybe two minutes, and all you need is a Hotmail account or other Windows Live ID. (Don’t believe it? Go to the Microsoft Partner Network site and fill out the forms.)

As for the “Technical Support Provider” claim on the website — the term has no official meaning, as far as I can tell. The site’s owners may be guilty of puffery, but that’s a widespread defect among consultancies. The fact that the site’s based in India, and MP lives halfway around the world from there, isn’t a definitive sign — but it certainly doesn’t inspire confidence. Although Microsoft has tech support offices overseas, it’s a stretch to think that an overseas Microsoft affiliate would be assigned to follow up on a tech support issue on the other side of the planet. Is the site legit? I don’t know.

The overwhelming con give-away — the big red flag — in all of this? Microsoft doesn’t work that way. Think about it. Microsoft isn’t going to call you to solve your problems unless you’ve received a very specific commitment from a very specific individual within Microsoft — a commitment that often comes only after repeated phone calls on your part, generally accompanied by complaint elevation to second- or third-level support engineers. Microsoft typically doesn’t respond to random online requests for help by calling a customer and spending a lot of time with them. Sorry, it just doesn’t happen.

What to do if you think you’re being scammed

You think you’re on the receiving end of a Microsoft Tech Support scam phone call?

If you aren’t sure whether you’re being conned, ask the person on the other end of the line for your Microsoft Support Case tracking number — every MS tech support interaction has a tracking number or Support ID. Then ask for a phone number and offer to call your caller back. Con artists won’t leave trails.

If you think a con is being run from overseas — much more common in these days of nearly-free VoIP cold-calling — your chances of nailing the perpetrator slide from extremely slim to none. It’s prudent to be suspicious of any Microsoft expert who doesn’t seem to be calling from your country.

Whatever happens, don’t give a stranger with unverifiable credentials full access to your computer. I see reports of people who were talked into setting up a Remote Desktop connection, allowing the ersatz expert unfettered permission to download and install any program that suited his criminal fancy. If that has happened to you, my best advice is to restore a complete backup of your PC made before the call or completely reinstall Windows.

If you believe you’re being conned, get all the information you possibly can. Then, immediately after you end the conversation, call the police. Be sure you keep records (or use your browser’s Back button) to keep track of the websites you’ve visited, and offer that information to the authorities.

If you’ve already been conned — you’ve given out personal information or a credit-card number — start by contacting your bank or the credit-card issuing company and follow the identity-theft reporting procedures.

Now you know. Warn your friends.

Click here for the full article.