Phone scam - "Windows support"

Wednesday, September 24, 2014

By David Matthews

There is a new instance of an old scam being perpetrated right now that I wanted to warn everyone about. 

I am a semi-retired computer security expert so I recognized them for what they were immediately. A person with a very heavy accent called to say he was from "Windows support". I kept him on the line as long as possible to try to get some information to pass on to Law Enforcement and just to slow them down, but he hung up pretty fast anyway. 

Let me help you with your computer...

They will ask you to press CTRL, the Windows key and 'R' on your keyboard and then ask you what pops up. On some versions of Windows that will open the 'Run' window and if you continue to follow their directions, they may be able to gain remote access to your computer - then... game over. They can do whatever they want, and will do so. 

In another version of this scam they will have you open what's called a command prompt (or just use this "Run" window), then type in some commands that will result in output that is normal but they will tell you it indicates a virus. 

Their goal is to have you either purchase fake antivirus or "security" software from them and/or get you to give them access to your computer and/or to get your credit card information from you. All by scaring you into thinking that you've been infected. 

If you get a call like this, record the caller ID (though that will likely be fake) and then hang up (after telling them where to put their "support", if it will add a little cheer to your day! ;-) ). 

You can contact the non-emergency line for your local police and report it. 

Shoreline Police contact info:
24-Hour Non-Emergencies: (206) 296-3311 
(May also call 911 and say "non-emergency")

Lake Forest Park Police contact info:
Non-Emergency: 206.364.8216
(May also call 911 and say "non-emergency")

You can also post a report online to the FTC.

While this fraud is extremely difficult to stop, every bit of information that the FTC or Law Enforcement receives adds to their store of information and in the end it might be usable to prosecute someone. 

Of course, if you've actually been a victim of this or any fraud you should immediately notify police (see above) and take a look at some of the following links on how to deal with fraud or identity theft. 

Be safe out there!

Hillwood resident David Matthews is the former Director of Incident Response for Expedia, Inc. He has facilitated three regional cyber event exercises. He is also the founder of the Cyber Incident Response Coalition and Analysis Sharing group.

Besides the CISSP and CISM he is a Digital Recovery Forensics Specialist (DRFS), and CyberSecurity Forensic Analyst (CSFA). He is the author of “Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval”, published in the summer of 2012. David was the recipient of the 2012 Information Security Executive of the Decade - West award.


Post a Comment

We encourage the thoughtful sharing of information and ideas. We expect comments to be civil and respectful, with no personal attacks or offensive language. We reserve the right to delete any comment.
Facebook: Shoreline Area News
Twitter: @ShorelineArea
Daily Email edition (don't forget to respond to the email)

  © Blogger template The Professional Template II by 2009

Back to TOP