With so much in the news lately about Heartbleed and Microsoft's end of support for XP, hackers are taking advantage of a heightened sense of confusion and fear. We've seen an uptick in the numbers of attacks, and wanted to warn you about the revival of the Microsoft Tech Support scam in particular.
This morning, one of our clients received a call from someone claiming to be from Microsoft. The caller said that they were receiving lots of virus alerts and problem reports from our client's computer, and that they needed to connect to the computer to resolve the problems.
You probably already know where this is going. Unfortunately, the caller in this case was convincing enough that our client agreed, first giving the caller remote access to his computer, then his username and password, then his phone number. Then things started to go really wrong, and that's when he called us.
With this access, the hacker installed a number of malicious packages on the computer. We don't yet know exactly what was installed, but can assume it included a mix of viruses, keyloggers, trojan horses, backdoors, spyware, and malware. Nor do we have any way of knowing what information was stolen. though that at least some information was stolen is guaranteed. Our technician is over there right now, auditing the damage done, but because of the level of access the caller was granted and the sophistication of these attacks, the likely outcome is that we will have to completely wipe the computer and reconfigure everything from scratch.
The client had recently completed a fairly complex migration to Windows 7, with a number of specialized hardware peripherals. Fortunately, we have a good backup of the client's data, but the work of installation and configuration will all need to be redone. Moreover, the client will now have to change all his usernames and passwords, and advise service providers like his banks and suppliers that his security has been breached. A small slip like this is going to become a huge cost in both dollars and time.
First and foremost, be wary. Never take a request for personal information lightly, and never assume it's a trustworthy request. We know you're busy and often can't be bothered to deal with the IT headaches, which is why you work with Compumatik (or should be). But we're not always there, and when it comes to threats like these you need to stay on your toes.
Second, if you're paying attention, a call like this should trigger some suspicions.
How can you verify if it's a legitimate call?
- If the caller hasn't announced himself as calling from a company you recognize, that's a warning sign.
- If he's calling from a company you recognize that doesn't usually call its customers - like Microsoft, in this case - that's a warning sign.
- Ask for a phone number at which to call them back - if you can't call them, that's a warning sign.
- Ask where they're located - if they give you a broad response (like "the United States") or one that doesn't seem to make sense (if they say New York, but the call ID shows Delaware), that's a warning sign.
In general, if they're asking you for information you're not comfortable giving out, don't give it out. It's very rare that a legitimate partner will call you to ask for information like that, and if they are, they'd better make a very convincing argument.
Finally, if you think this may have happened to you, call us immediately. Every second you wait leaves you vulnerable to a growing nightmare of loss and recovery. It's our job to prevent those nightmares as much as possible, and to minimize the damage done.