These Microsoft scams are still going about.
And they shouldn’t be..
Recently we attended a client who fell for a Microsoft scam, made me think about what can be done to prevent and cure.
Microsoft will not call you out of the blue. They have no reason to. Same for any major company. Even if you request support with one of their products, they will deal with it over digital means.
How to prevent these calls;
- Try to limit where your telephone number appears, Google it and see what comes up. If entries appear with your name and/or address, contact the website owner for a take down. It’s also possible your number will be in a list on random websites. Contacting the owners will likely to be useless. ICO/Google might try a Right to Forget on it.
- ex-directory will stop in country callers who use updated phone books.
- Not answering the phone. Using caller display and number lookups will help determine whether the call is valid.
What happens if you stay on the phone;
Microsoft, or any big company, WILL NOT call you to fix your computer.
The person will use Social Engineering techniques to find a Computer they can compromise. A problem with it they can ‘help’ with. They’ll convince you to download their remote access tool (usually TeamViewer or VNC).
They’ll run through some basics troubleshooting, run commands and check Windows Event logs. Before locating version numbers, keys and possible password lists. Some will try to steal documents and cover their tracks by deleting history, and logs.
When they finish looking for an issue they try to use ‘Syskey’ to lock access to the computer. When they’ve locked it they demand payment, which is where most people tell them to bugger off.
If it gets this far, you should contact the Police and report it!
Contact ActionFraud to report the intrusion and get advice on what to do next.
We can help with our tools to unlock the Computer and clean up anything else leftover.
Unfortunately the people who fall for these Microsoft Scams are either busy, or elderly. There is some tricks to prevent these people getting in and doing damage, this is all theory and can be complex.
- Set security permissions on Syskey.exe to another system account. This can prevent the scammer attempting to use it to lock the computer.
- Install Teamviewer and other remote tools. add them to the blocked programs list under Policy Management or your Firewall rules.
- Backup and Encrypt documents to an external drive.
- Install a decent Firewall and pre block any remote access tools you can think of/find.
We’re looking at making a tool what can close weak points, tell users and much more.. But that feels like it should be bigger companies should be doing it.
Luckily, the system we looked at didn’t have its recent Registry backups removed. Which was great as our password removal program couldn’t spot the Syskey flags. Once we got into our PE and copied the backups to the correct folder, the system recovered.
future proofing and infrastructure level prevention
We hope the Telecoms industry will pick up the pace. Help find the people behind these Microsoft Scams stop them.
The Investigatory Powers Bill could help track and stop these people. But technical, ethical and sensible questions aren’t answered. It’s long reaching, blanket like national surveillance seems fixed upon terror. Nothing about crime detection or protection of vulnerable targets.