How to Spot a Windows Tech Support Scam
Windows tech support scams have been something of a staple in the world of cyber-crime for a long time now. Much has been done to thwart the attempts of fraudsters to take advantage of this particular method of conning people in recent years, but unfortunately, cyber-criminals have proven extremely tenacious and resolute in this particular regard. In fact, security research data indicates that they seem to be redoubling their efforts and becoming increasingly more active with each passing year.
And that's not just idle talk – according to a presentation that Microsoft gave at an RSA security conference, reports from Windows users about security scams are jumping in double digits annually. For instance, in the period between January and December 2017, Microsoft reported having received approximately 153000 reports of Microsoft tech support scams from users all across the globe.
The good news is that the efforts of Microsoft, as well as other corporations as well as independent security researchers and law enforcement agencies to combat fraudsters seem to be helping. The data presented by Microsoft seems to indicate that nearly 85% of people who reported being the target of a Microsoft Tech Support Scam were savvy enough to actually avoid becoming a victim of said scams. However, while that success margin seems excellent, one must not forget that this means that around 15% of all people that were targeted by fraudsters pushing such scams actually fell for the cyber-criminals' tricks. Tricks that, when you draw the line, cost around 22000 Windows users an aggregate of nearly $110000.
And that's just the money defrauded by cyber-criminals using this particular scam to con people out of their hard-earned cash. What does this mean?
"Knowing that a trap exists is the first step in avoiding it" – Frank Herbert, Dune
Simply put, people need to be educated on the matter. Big tech corporations and law enforcement alike has taken steps to raise awareness on the issue, but since even Windows Tech Support scams, which are some of the most notorious and well-known types of online fraud, continue to be a multiple thousand dollar industry even to this day, clearly people need to know more about how to spot scamming attempts. Here are some tips on doing just that:
Be Wary of Dubious Phone Calls
One of the most widespread methods fraudsters employ to this day is to call phone numbers of users on and then deploy cunning threats or flattery to persuade users into giving up money, personal information, etc. This is not a new tactic, and while it has been around for as long as landlines have existed, it is very easy to counter this type of con. All the user needs to do to is to verify the caller's identity before engaging with said caller in earnest. By now, most people are savvy enough to see the fraud for what it is, but evidently, some aren't, and that can end up costing them multiple hundreds of dollars. Although this should be common knowledge by now, evidently it bears repeating – it is not in Microsoft's company policy to arrange unsolicited phone calls with any of its users. No tech giant company is in the habit of doing that, so be careful of any such interactions.
Dubious Emails and Other Text Messages
Online fraudsters often model their scammy emails and text messages on legitimate communication from entities such as Microsoft to try and trick unwary users into sending back personal information and passwords, or even more cleverly – to input said information into a form and thus make it available to the fraudsters, who can then use it for nefarious purposes. The universal method of avoiding such attacks consists of a simple precaution – users should never follow any links, or open any attachments, contained in a suspicious or unsolicited message.
More Telltale Signs That you are the Target of a Scam Attempt
- The sender's email address and/or phone number is weird. If the other party claims to be a representative from Microsoft, but the originator e-mail address is not Microsoft's own, you are most likely the target of a phishing attempt. Always keep an eye out for similar details.
- The sender got the user's details wrong. If the message that you received features personal information that is wrong or something that you didn't provide to the company in question, you are probably in the process of being conned.
- The message you received starts with a greeting that's too generic. Nowadays, companies have bots who have access to data bases of user information, which ensures that even completely automated systems and notification bots designed to send generic emails don't use "Dear customer" as an opener. To rephrase – when contacting you, Microsoft, as well as almost any other tech company, will always address you by the name, user ID, account name or some other means of identification that you personally set up when registering for their services. If you receive an email that starts with "Dear customer" – that's most likely a fake.
- The message contains a suspicious link. Obfuscated links that may appear to be legitimate, but take the user to a website whose URL doesn't match the address of the company's website are a dead giveaway that someone's actively trying to dupe you.
- You are presented with unusual and suspicious content. If the message you received claims to be from a Microsoft representative, but appears notably different from other messages you have received from Microsoft to date, then it is most likely fraudulent. Keep an eye out for broken grammar and text formatting, the overall tone of the message, the way it is arranged, etc.
- The message requests personal information. This should go without saying, but since people seem to be still falling for similar tactics, here it goes - you should be extremely wary of messages that outright tell you to divulge sensitive information, such as ID, credit card numbers or account passwords.
- Unsolicited message. If an unsolicited message that you received contains an attachment, the chances are that it is some sort of cyber-attack.