October 16, 2013 by Robert Hodges
Be Aware and Stay Protected
Have you ever received calls from Microsoft Support? Or could this be a possibility since you use Microsoft products? Be aware of recent phone call scams, share this information with your coworkers and maintain information security best practices to remain secure.
Your employee answers the phone and the caller identifies himself (or herself) as someone from Microsoft or another software application you likely use. The caller states that they have been asked to remotely access your PC to diagnose and fix a problem. Many times the caller may correctly guess your operating system in order to gain your trust, then ask you to go to a website to install software that will allow them to “fix your computer.” Or they ask for personal information, like a username or password.
According to Microsoft’s Safety and Security Center, here are some of the organizations that cybercriminals claim to be from:
- Windows Helpdesk
- Windows Service Center
- Microsoft Tech Support
- Microsoft Support
- Windows Technical Department Support Group
- Microsoft Research and Development Team (Microsoft R & D Team)
What Actually Happens
Once the caller successfully social engineers their way into your computer, they will download whatever sensitive data they can find. You may not even see this as they could have connected your file system to theirs while initiating the remote connection.
How to Handle This
Make sure your employees/ coworkers are aware of this threat. As a best practice, anytime you receive a call from any kind of Tech Support that you did not solicit, or that your technology team did not make you aware of, you should immediately be on guard. Do not give out any information (especially payment information and other personal and organizational information), and do NOT allow the remote connection. Check with your organization to see who the best contact is for reporting such fraud internally, if it is you, then share this information with your team.
- If you wish to report phone fraud http://www.consumer.ftc.gov/articles/0076-telemarketing-scams
- As Microsoft is the primary "caller" (company the caller reported is calling from), you may wish to review: http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
- I strongly advise that your annual security awareness plan is updated annually, not only for compliance audit/ liability reasons, but more importantly to address threats like this and help your employees avoid causing a breach. Contact us if you would like more information on what to look for in an effective security awareness program.