Thursday, October 04, 2012

Beware Social scammers that call pretending to be the Microsoft HelpDesk

On 9/21/2012, I received my first social engineering hacking attack. An attempt to obtain access to my computer and my credit card, leveraging my stupidity and lack of computer skills :o)
I'm outlining what happened here so you can save yourself if you get a similar phone call.

Apparently the FTC is aware of this and is cracking down on these support calls, but I figured I’d post this here as well, because well, the end is hilarious.  Additionally, these folks seem to be blind calling (aside from knowing your surname) as they didn’t realize that I actually worked for Microsoft.  In some cases, they call right into honeypots just waiting for their call.

Please note that the first few minutes of this call, I was confused as I had 3 tickets open with the *internal* Microsoft helpdesk about random stuff related to my job.  I found the conversation hilarious.

This phone call from 206-397-1127, the caller idea was a bunch of numbers. This is how the call went:

Me: Hello?
Caller: Hello Mr. Daniel? (I have no idea how they got my name)
Me: Hi
Caller: This is the Microsoft Help Desk calling, we have seen issues that your browser is infected with a virus and we're calling you to help you fix your computer.
Me: Oh? (At this point I'm thinking it might be the internal Microsoft helpdesk, but the number is wrong, which I'm aware of)
Caller: Yes, I'm calling because I can help you fix this problem. Is your computer on?
Me: Yes it's on, I'm sitting at it
Caller: Well, click the start button in the bottom right hand corner of your screen
Me: There is no start button (I'm running Windows 8, if you recall, there is actually no start button anymore)
Caller: Yes, it is there, in the bottom left of your screen, all the way at the bottom, all the way to the left
Me: I'm looking there, I do not see a Start button
Caller: ok, we will do this another way, do you have a keyboard?
Me: Yes (I wish I was using a Surface at this point, as I wouldn't have a keyboard either!)
Caller: Ok, beside the CTRL button, there is a button with a flag on it, 4 squares in a flag. push that
Me: (trying to hold in my laughter at this point). Nice try, you obviously don't know that i'm running Windows 8, and there is no start button, SCAMMER! <click>

As a Microsoft employee, I'll tell those of you who aren't, that Microsoft will never call you about a virus on your computer in this fashion. They do provide you with FREE antivirus solution called Security Essentials for Windows.


Phil said...

I have gotten a call like this before too. I usually hang up on them. That's awesome that you have Windows 8! Very funny.