It’s a great feeling to outsmart a scam artist. I recently had the opportunity to relish this feeling when I received a call from someone who claimed to be from the Windows help desk. The caller warned that my Windows computer was infected with a virus and asked that I download software that would allow him to remotely take over my computer.
It was obvious that this cyber scammer hadn’t done his homework, and the call wasn’t targeted — not only was he calling a cybersecurity professional, but I don’t even own a Windows machine. While I knew exactly what the caller was up to, I decided to play along; I asked several questions and refused to download anything. Eventually, the caller became so irritated that he swore at me and disconnected the call. Mission accomplished.
While I walked away from this encounter unscathed and even a little amused, I thought about the people who will fall victim to this scam, as it’s the scammer’s objective to call as many people as he can until he finds someone to take the bait. When the scammer eventually finds a victim, he’ll likely take control of the person’s computer, hijack it, and demand money to return access to personal documents, pictures, movies, music, and other files.
Following are a few techniques cyber scammers use to lure in their victims:
- Typically, scammers will say they’re calling from the Microsoft or Windows help desk or a similar department.
- Claiming there’s a problem with your computer, they’ll ask you to install malicious software that could corrupt your computer or capture sensitive information, such as user names and passwords.
- Scammers will often direct you to fraudulent websites to download malicious software. They might even send you to a legitimate site to download remote desktop software.
- They’ll ask for credit card information to bill you for software that will solve the fictitious problem.
- While these scams are typically executed by phone, scammers are learning to run these schemes through instant chat technology, initiating a chat while you’re using your computer.
So what should you do if you suspect a scammer is contacting you? First, ask the caller for a number where you can call them back. Most scammers won’t provide this, but if they do, hang up and Google it. Most of the time you’ll find complaints about the callback number. You can also verify the number on Microsoft’s website.
Note that scammers are usually persistent. Don’t be surprised if you get multiple calls — just keep ignoring them. You can also report the calls to http://support.microsoft.com/reportascam or visit the Federal Trade Commission at https://www.ftccomplaintassistant.gov to submit a complaint.
If you do find yourself on the phone with a suspicious caller, remember:
- Never download software.
- Don’t buy any services, especially subscription services.
- Don’t provide personal details, especially credit card information.
If you do find yourself a victim of a cyber scam, here are a few steps to follow:
- Immediately turn your computer off, and unplug it. This will prevent the scammers from doing further damage.
- Disable your wireless connection, or unplug your hardwired network cord. This will ensure the computer doesn’t connect to the Internet when you turn it back on.
- Go to a different computer, and change the passwords to all of your online accounts, especially Internet banking, credit cards, and social media.
- Check your bank and credit card activity to identify fraud.
- Re-start your infected computer, and change your login password.
- Scan and clean your computer using the following software, which is available free of charge from Microsoft:
- Microsoft Safety Scanner. This will detect any malware installed on your computer.
- Microsoft Security Essentials or Microsoft Defender for Windows 8. This will clean your computer of malware
- If needed, reinstall your original operating system, and download data from your back-ups. It’s important to save the original installation disks that come with your computer and back up data on a regular basis.
While we’re on the topic of cyber scams, I think this is a good example of why you shouldn’t save personal documents such as tax returns, bank statements, mortgage documents, and credit reports on your computer. Instead, save them on an external, encrypted storage drive that you can plug into your computer when you need to access the documents. By investing $200 or less in an encrypted storage device, you ensure that if a scammer does gain access to your computer, your personal data and documents will remain safe. I’d even suggest buying a second, back-up drive to keep in a fireproof safe.
A few months ago, a colleague’s stepfather received a call very similar to the one I received, except he did own a Windows device and he was not a cybersecurity expert. He gave the caller his credit card information and downloaded the malicious software. Luckily, no real harm came to him or his data, as he was able to unplug his machine and dispute the credit card charge. He was lucky. Most don’t get off that easy.
The best way to avoid trouble? Know what scammers are capable of, and don’t take the bait.
This content originally appeared at crainsdetroit.com and crainscleveland.com and is part of a special blog series on cybersecurity.