Fake Microsoft “saves” day

Topic

New Reply

Last week I cleaned up a friends XP laptop computer to as good as new short of reinstalling the OS
— The hard drive was 98% full, there were umpteen infections and I could go on & on
Yesterday she got a call from “Microsoft” who claimed they can fix her laptop real good
— Now keep in mind she was able to use her computer as good as new as I have already mentioned
— Anyway she spent about 3 hours with the caller on taking care of what they claimed needed to be done
— I do not know at this time whether or not they took control of her computer or how much she paid
— On top of that I had already informed her about XP’s EOL on Apr 8 and she should be looking for another computer
— I don’t understand how she was willing to pay a stranger for whatever on a good running computer plus she’s only a little more than 6 weeks away from Apr 8
— But it astounds me how she as well as many others won’t give even 15 minutes to me on what needs to be covered or 30 minutes of their time once a month such as during Patch Tuesday week so they can pro-actively keep their computer well maintained and secured but fall for a stranger over the phone to do their thing (maybe even gain access to their computer) and even pay them

Anyway she’ll be informing me of what transpired very shortly
— One question I’m wondering about is how can someone claim they are a “Microsoft Representative” or whatever terminology they are using
— Isn’t that illegal?
— Or could they be a Microsoft Certified Technician/Engineer but Microsoft isn’t aware of who those individuals are?

One of the things I’ll bring up to her is how did that person know her computer needed cleaning up or fixing or whatever they told her?
— If they were right, they would have had to get into her computer before they called her
— Then remind her she won’t buy or bank on-line because of privacy and security reasons but allows a stranger charge her for payment and I suspect possible remote access

BTW, I’ve seen this happen to my brother and a few other friends also so my friend I’m bringing into this discussion isn’t alone; I just didn’t bring it up back then

I guess I wish I could come up with an easy short explanation to them but maybe “buyer beware” will be good enough

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

Replies

cmptgry,

But it astounds me how she as well as many others won’t give even 15 minutes to me on what needs to be covered or 30 minutes of their time once a month such as during Patch Tuesday week so they can pro-actively keep their computer well maintained and secured but fall for a stranger over the phone to do their thing (maybe even gain access to their computer) and even pay them

Reminds me of the old definition of a consulant (or Profit) anyone more than 50 miles from home with a briefcase. 😆

Of course it isn’t legal but then the crooks don’t care about that now do they! I think your friend better cancel any credit card used to pay these crooks because they sure weren’t from Micorosoft. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Some folks are exceptionally susceptible to social engineering. It is as incomprehensible to me. There has been at least one cold call to a person I support and I think I’ve got them trained because she just said I have a support person for my computer and hung up.

Reply | Quote

I always wondered how the nigerian scammers managed to trick people into paying them. The same feeling applies to whoever believes these people are actually working for Microsoft. I’ll never understand it.

Reply | Quote

Well here is what I found out. She wrote down they were Microsoft Technical Support, at least one of them with a heavy accent claimed he was in NY. She ended up talking with 2 other technicians within a 4 hour period. A couple of times she was told to hang up and someone will call her back on the problems in her computer. Since they did call back and were very knowledgeable she ended up trusting them.
They claimed that her computer was being hacked from Canada, there were 30,120 infections in her computer plus there were 13,000 critical system files found – she couldn’t explain to me what that meant. She said they took control of her computer and showed pictures of what they meant so she believed them. They also told her some license had expired in January.
When I had serviced her computer last week, I wrote down Apr 8 to make sure she wouldn’t forget to stop using her XP but mostly to get another computer. She did ask whoever she spoke to what’s that about Apr 8 and she was told that’s nothing don’t worry about it.
Well she ended up paying $200.00 for a lifetime warranty of some sort and they sent the agreement to her email. Since we live in separate towns I asked her to forward it to me but she couldn’t. Her ISP is Verizon and according to her they blocked it because it was considered spam.

Now there is something more that could be even more disconcerting. They left an icon on her desktop that is titled AWCCARE SETUP V2 PERSONAL or something like that. I don’t know what it is but she’s one of those persons who just doesn’t give exact information when requested. I’m certainly not experienced in this field but I’m wondering if they are monitoring her computer and even could end up using it as a spam-bot or whatever. So it just dawned on me to verbally tell her she should stop using that computer immediately and just go buy a newer computer without waiting until April. I do not want to do emails with her at this point

Another bit of information she gave me is their supposed website is esupport-live.com which appears to be a legal support company but I don’t believe that is the company involved. My friend was given an id number and was told that whoever she got in contact with not to let them know what the id number is up front; just give them her name and let them tell her what her id number is so she knows that she’s talking to a trustworthy person – so to me everything in there is completely fishy

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

Now there is something more that could be even more disconcerting. They left an icon on her desktop that is titled AWCCARE SETUP V2 PERSONAL or something like that.

I think that’s probably just an old program they installed and used to demonstrate some cleanup activity: Advanced WindowsCare v2 Personal

I’m certainly not experienced in this field but I’m wondering if they are monitoring her computer and even could end up using it as a spam-bot or whatever.

I don’t think spammers need or want to spend four hours on the phone in order to discover an insecure account or computer.

Another bit of information she gave me is their supposed website is esupport-live.com which appears to be a legal support company but I don’t believe that is the company involved.

What appears to be legal about that site and why don’t you think that was the company involved?

Bruce

Reply | Quote

What frightens me is if her laptop has a webcam, they could be watching her when she opens the laptop and she not even be aware of it.

I have read about these calls from “Microsoft” and know they are fakes. Anyone that knows anything about Microsoft knows they would never make any calls like this period. I don’t understand how people would fall for these calls especially when you had just spent the previous week cleaning up her computer for her. I would be telling her to not even open that computer up at all and to contact her credit card company and stopping the charge or doing a charge back and reporting the fraud.

Pam

Reply | Quote

Fortunately there isn’t a webcam involved. I believe a big part of the problem stems from people who just don’t understand computer maintenance & security. And for those with older computers they can’t understand how come their computer isn’t as fast as their neighbors modern computer. Another thing I see in common is when something on their computer changes; for example, one of my brothers plays Pogo a lot and all of a sudden some game has a different display, they blame the computer. I had another brother who spent about an hour on a similar phone call and as I came to visit him he asked me to talk with that person, within seconds I told my brother it’s his decision as I’m not going to take part of what was happening and then I gave the person on the phone a good bye with some very choice words; then a lady I knew would have paid whoever called her the $200.00 that person was requesting but the only reason that didn’t happen is because she didn’t have the money.

Anyway in the title of my thread I purposely used “Microsoft” so I’m hoping even if it helps only person reading the title and the scenarios; just don’t get into with them as Microsoft will never, ever, call someone to clean up their computer.
— And while I’m at it, even if any “computer expert” from another company calls for similar reasons, don’t trust them and hang up
— Finally there are people who don’t trust their local computer resources, why in the world do they end up trusting a stranger on the phone

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

It appears to me a big factor when someone agrees to have such a “knowledgeable” person clean their computer is when they are shown a picture of umpteen infections, critical system files etc.

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

Well some good news. She called her credit card company and was able to cancel the transaction and her credit card company is sending her a new card
According to her credit card company the billing information was for go4market place in Australia

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

it astounds me how she as well as many others won’t give even 15 minutes to me on what needs to be covered or 30 minutes of their time once a month such as during Patch Tuesday week so they can pro-actively keep their computer well maintained and secured but fall for a stranger over the phone to do their thing (maybe even gain access to their computer) and even pay them

It used to really irritate me that my wife would trust the suggestions of others over me when they told her stuff that would clearly contradict what I told her.

I tend to be old-school; if something you have works, there’s no need to upgrade just for the sake of upgrading.

She was running AutoCAD 2000, then 2007, with Windows 2000, then XP. She had two computers on a private, peer-to-peer network. When she needed to send or receive a drawing via email, she would use a flash drive to move it to or from her internet-connected computer. (This gave her good protection against malware.)

People would tell her that what she had was outdated. However, to upgrade was going to cost her thousands of dollars, and what she had was working very well; so I didn’t upgrade her. This was a constant source of friction between us.

Moral of the story: some people get caught up in the hype, and they will believe the pied-pipers of the world over good common sense, even though you, their trusted friend, are the one with the good common sense.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

This problem is a social problem rather than a technical problem. Certain people will fall for any good story and women are more likely (IMHO) than men because they want to be friendly and not cause conflict by hanging up etc. I have had to educate a few of my friends about this problem. It is more general than just your computers. Many people call up, come to the front door and send snail mail and what they want is to try and sell you something but they ask you questions first to get you talking. I have (I hope) educated my family that anyone who comes or phones without being requested is not entitled to any information at all. Also that answering yes or no to questions is giving out information that could be used against you later.

There are a few ways to handle calls like these: hang up without saying anything, say you don’t own a computer or if you are more confident just say that Microsoft doesn’t do that. A friend used to just leave the line open and put the handset on the bench for a while. Another way is ask them to hold while you go to the toilet or the chip pot on the stove is smoking and just let them hang for a while.

In the case of this scam, the person calling asks you to run the Windows Event Viewer with some filters. I’m not sure exactly how they do it because I blow these calls off but one way to do it is Win Key + R and then key in EVENTVWR and click OK and once you do that you are hooked. They show you a pile of errors which are always there and usually harmless and by that time you are horrified and reaching for your credit card and the rest is history.

Reply | Quote

I tend to get these calls every week or two – they really are garbage! Even if you can understand the accent………. A few points to ponder:
Since when did Microsoft EVER phone a customer to tell them they had a problem?
How do they know your name?
Where on earth did they get your phone number?
How could your computer be sending them details of problems? Windows just doesn’t do that.

I usually just ask them “Which computer?” as there are 5 in the house. They reply “the one that’s on”. Huh??
Once I asked them “What’s the I.P. address of the computer?” – they gave me my street address 🙂
I then point out that we are on the Australian Government’s “Do not call” register (which is there to stop unsolicited calls) and remind them that there’s a $25,000 fine. Immediate hang-up

Moral of the story – these calls are c***. Tell everyone you know to just hang up on them.

Reply | Quote

How could your computer be sending them details of problems? Windows just doesn’t do that.

Oh yes they do! And so do other software publishers. It’s usually called something like Customer Experience Improvement Program or similar and allows the publisher to collect certain information about your computer and installed software. You can opt out (usually) but Windows (and others) do indeed do that.

Don

Reply | Quote

These people are clever. They don’t start the conversation saying, ‘This will take 4 hours and cost you $200,” they start with something small and credible and slowly draw you in. They keep asking you questions and make it hard for you to think. I had one of these calls and they claimed to be from a Microsoft partner and gave the name of a genuine company. I checked on the Internet while they spoke and it was indeed a Microsoft partner — but of course, they were not from that company. I wrote to the company afterwards and warned them that people were perpetrating fraud in their name and suggested they put a warning on their home page to help the unwary. They assured me they would never cold call anyone like that, but didn’t put up a warning (at least not quickly).
I wasn’t fooled, but less technical people might be.

Reply | Quote

The free computer work I do for n00B family members is conditional on an agreement with them. The agreement specifies never downloading installers without asking me, not running any external program at all without checking with me, changing no system settings without approval and their documenting the change, and them not give anyone access to their computer for any reason at all without checking with me. I eventually realised this level of control and compliancy is necessary for those who have almost no computer nous, as for instance explaining how to know which installers are safe is impossible.

One family member has recently breached her agreement multiple times in a couple of months, including falling for a phone scammer of this type. Scammed or not, she broke the rules. She managed to wreck two computers which will now take me around 100 hours to fully repair and configure.

It’s not the first time a basic commonsense requirement has been ignored, and my patience and spare time have now both expired. I’ve changed our agreement, specifying that any similar breach in future will cost her a minimum of $200 per computer, per repair session (payable to a charity of my choice), and if there are further multiple rapid thoughtless breaches then I’ll be instigating a lifetime ban on all repairs and computer advice.

I now do a partition backup after every repair to external hard disk, and keep it in my home where the user can’t destroy it. Any serious stuff up I fix by copying off user data, restoring from the backup image, then copying back user data. N00B users and self-destructive types can sometimes be taught how to backup, but can’t be relied upon to do it. If they thereby lose all their latest data due to disk failure or whatever, tough.

I used to think repair people who restored a computer from a disk image were slack, and that ‘Real geeks edit registries’. Now I understand why paid service people use reimaging (a pity so many of them wipe all the user’s data without making it clear to them though). Ignorant and/or irresponsible users will waste the hours, days and weeks of your life, if you let them by having you do unlimited free repair work with no requirements on their part or consequences for breaching them.

My new attitude is ‘tough love.’ If you think it too harsh, wait until your friend’s computer is trashed the next time, or the time after that (ad nauseum), perhaps even making the exact same mistakes. If they choose to stay a n00B/unthinking/unmindful/irresponsible (whatever their exact ‘computer nous’ inventory may be), I reckon you’ll be driven into a policy like mine eventually.

Would your friend spend the same time you do doing unpaid favours for you over and over again? If not (or if they just refuse to learn anything of note, not uncommon), I suggest you too make them pay money to charity for any major fixes. The charity will thank you.

Call me World’s Toughest Volunteer SysAdmin if you like, I’m past caring.

Asus N53SM & N53SN 64-bit laptops (Win7 Pro & Win10 Pro 64-bit multiboots), venerable HP Pavilion t760 32-bit desktop (XP & Win7 Pro multiboot), Oracle VirtualBox VM's: XP & Win7 32-bit, XP Mode, aged Samsung Galaxy S4, Samsung Galaxy Tab A 2019s (8" & 10.1"), Blu-ray burners, digital cameras, ext. HDDs (latest 5TB!), AnyDVD, Easeus ToDo Backup Home, Waterfox, more. Me: Aussie card-carrying Windows geek.

Reply | Quote

I’ve been phoned three times for the same thing. The caller id’s himself from “windows technology”…the third time it was a woman, and all have what sounds to me like
an Indian accent. They said I had a virus on my computer and if I’d turn on my computer and type in what they told me and paraphrasing the rest it would fix my computer. Hung right up on him the first time… after a few choice words. Second time I asked him for a phone number and got what he called a call back number.
Asked where he was and said Brooklyn, NY. Asked him what kind of system I had, just to see what he’d say and he said XP, and kept up with the ‘if you type in what
I tell you’ nonsense. Could not understand what his name was at all, the accent. So I asked him what the _ _ _ _ caused him to think I was dumb enough to type
anything into my computer that he said. Then I reverted back to my crude construction worker self and gave him a few more choice words… talking about his mother and stuff and hung up again. Third time a gal called, same guess on the Indian accent, and same sales pitch about they discovered a virus on my machine.
This time(my phone is a landline desktop type) I BEAT the mouthpiece on the desktop for 15-30 seconds or so and then set it softly in its cradle. My landline is Vonage and I have an old US WEST caller ID that works and they come up as Anonymous w/ no number. Maybe next time I’ll record the phone call, after the proper
verbal announcement, and see how much they are willing to reveal.

My main reason for replying was to find out more about your cleaning up somebody elses computer. Since I have a moderately low geek factor the idea of having
someone look at my computers is worth asking about.

Here’ what caught my eye: ” But it astounds me how she as well as many others won’t give even 15 minutes to me on what needs to be covered or 30 minutes of their time once a month such as during Patch Tuesday week so they can pro-actively keep their computer well maintained and secured but fall for a stranger over the phone to do their thing (maybe even gain access to their computer) and even pay them”.

If this is a service you offer, I’d be interested in that and willing to pay for what I get. I hope I’m not out of line on this forum asking about prices and stuff. You can
send it to my email. If this is out of line then I apologize in advance and hope I don’t get kicked off this forum.

Reply | Quote

Bert,
There are likely a large number of reputable folks in your area that will check your system and then handle routine updates and minor troubleshooting for a reasonable fee.
I don’t know the rules here either but I doubt you are breaking any by asking for help. It would be different if you were offering services here.
Anyway, feel free to PM me and I can help you find someone up your way if no one local to you pops up here.

Reply | Quote

The free computer work I do for n00B family members is conditional on an agreement with them. The agreement specifies never downloading installers without asking me, not running any external program at all without checking with me, changing no system settings without approval and their documenting the change, and them not give anyone access to their computer for any reason at all without checking with me. I eventually realised this level of control and compliancy is necessary for those who have almost no computer nous, as for instance explaining how to know which installers are safe is impossible.

One family member has recently breached her agreement multiple times in a couple of months, including falling for a phone scammer of this type. Scammed or not, she broke the rules. She managed to wreck two computers which will now take me around 100 hours to fully repair and configure.

It’s not the first time a basic commonsense requirement has been ignored, and my patience and spare time have now both expired. I’ve changed our agreement, specifying that any similar breach in future will cost her a minimum of $200 per computer, per repair session (payable to a charity of my choice), and if there are further multiple rapid thoughtless breaches then I’ll be instigating a lifetime ban on all repairs and computer advice.

I now do a partition backup after every repair to external hard disk, and keep it in my home where the user can’t destroy it. Any serious stuff up I fix by copying off user data, restoring from the backup image, then copying back user data. N00B users and self-destructive types can sometimes be taught how to backup, but can’t be relied upon to do it. If they thereby lose all their latest data due to disk failure or whatever, tough.

I used to think repair people who restored a computer from a disk image were slack, and that ‘Real geeks edit registries’. Now I understand why paid service people use reimaging (a pity so many of them wipe all the user’s data without making it clear to them though). Ignorant and/or irresponsible users will waste the hours, days and weeks of your life, if you let them by having you do unlimited free repair work with no requirements on their part or consequences for breaching them.

My new attitude is ‘tough love.’ If you think it too harsh, wait until your friend’s computer is trashed the next time, or the time after that (ad nauseum), perhaps even making the exact same mistakes. If they choose to stay a n00B/unthinking/unmindful/irresponsible (whatever their exact ‘computer nous’ inventory may be), I reckon you’ll be driven into a policy like mine eventually.

Would your friend spend the same time you do doing unpaid favours for you over and over again? If not (or if they just refuse to learn anything of note, not uncommon), I suggest you too make them pay money to charity for any major fixes. The charity will thank you.

Call me World’s Toughest Volunteer SysAdmin if you like, I’m past caring.

They’re lucky to have someone like you around.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

They’re lucky to have someone like you around.

+1

I tried the support for free route with friends,. I am retired. It seemed with a few, my support was free so it wasn’t worth much. With one who decided to pay a high price for a consultant to revamp his PC, when he called me again to say he had serious problems with his PC, I said “I understand you have a new professional techie doing your support. Give him a call!”. End of free support and basically freindship. His loss! 🙂

Really wears you down when “I can’t be bothered with backups. I know you set it up so it’s easy. Hi, I have a serious problem. Can you help? No I haven’t done any backups!” Basically I ignored all your advice and now can you help? 🙂

Reply | Quote

StarLounger is right- some people are just gullible. Others are lacking in confidence- they don’t really know squat about computers, scams, etc., but don’t want to admit their ignorance, so someone can sell them a good story about computer vulnerabilities, so they accept a good story from a “helpful” person who can “fix” their “problem” remotely, and they never have to confront or admit their ignorance to a REAL person they know and should be able to trust. In terms of scams, some people just have overweening greed, and will fall for a story that offers something for nothing- or, at least, huge reward for relatively little investment. I know of one other group I really feel sorry for- the older person whose mental faculties are failing, and who may have been a lower-level journeyman computer user in their younger years, but now doesn’t remember enough to avoid scams, avoid clicking on obviously dangerous or questionable websites, and, once coached, fears clicking on truly genuine update messages, such as those from MS Update, Java, etc. Some are just too stupid to know and too stubborn to learn.

I think bigbadsteve has the right approach. I have one such old lady whose old XP computer I fixed repeatedly, and eventually had her replace with a used Win7 model. Because of the OS, she now has far less problems. I set essentially all genuine-source updates to automatic, and also have the defragmenter and antivirus scanner run automatically, nightly, as well. I gave a variant of bigbadsteve’s ultimatum- NEVER load anything over a warning window without consulting me. I visit her about monthly, run a Malwarebytes check to hunt out any malware missed by her antivirus program, check out everything, and then run a backup, so that if she does screw anything up, I can restore from that & lose only a month of data- usually next to nothing for her now, as almost everything she still does is e-mail and on the web. If she has a problem on a major program she needs to use ASAP, I’ll go over and fix it as soon as I can. She used to have a neighbor who she would have “fix” her problems, who usually only managed to make things worse, so she wouldn’t have to “bother” me, (I live on the other side of town,) or, more likely, because she was too impatient to wait until I could come over 1-2 days later. MY ultimatum to her was that she had to choose between the neighbor and me to do her computer work, and if she chose me and ever let the neighbor in for a fast fix, I would stop servicing her computer entirely. Since then, I’ve had no major problems.

Reply | Quote

Sadly there was a point in my life where I had to admit that there are people who just WILL NOT change their habits, behaviors and preconceived notions; they WILL NOT learn, no matter what.

You can only show a horse the water, you can’t make him drink.

Luckily most of these people I have run into are not good friends or family, they are paying customers from the get go. I no longer have any qualms to ask a customer to pay even if he shreds his computer the third time in six weeks because he can’t stay away from the “Asian Preteens” web site or similar (name is my invention).

ALL my customers get plenty of information and a folder with informational material that, if read and heeded, would warn them from 90+% of the currently common ways of getting the computer wasted.

Those that choose to read my stuff call again in three to five years when they need a new computer and ask for buying advice. Those that don’t read call again after x months to get the machine cleaned up again. It is their call and it is their choice, I have to respect that – whether I like it or not.

And I admit, there is a sort of smug little kid in me that thinks something like “Fine, just keep paying me. Keep me in business, thank you.”

I understand cmptrgy‘s qualms about applying “tough love” to close family members and friends. But I know as well that he will burn himself out completely the other way.

And I thank bigbadsteve as well for his post above. Assuming his kind permission I will use something very similar to his “rules” for some people where I feel called to help free of charge.

Reply | Quote

This reminds me of what a security researcher did with one of these calls..
http://www.darkreading.com/end-user/security-expert-fools-records-fake-antiv/240001025

I’ve had several of them call me from anonymous caller id telling me “your windows computer is infected with a virus”. I had to laugh at the first one as I was on a Linux machine at the time. If they can’t tell you the IP address that generated the report, then they aren’t who they say that they are. When I receive calls like this now, I tell them that they are idiots and to remove me from their call list. Most of the calls I’ve receive usually have an Indian or similar accent and are also difficult to understand. My wife was unable to understand anything that they said and handed the call to me.

Reply | Quote

Oh baby, oh baby, your friend isnt the only one taken recently by a phone call saying they are from Microsoft. These guys are really really good in persuading their callers that their systems are infected, and generate all kinds of statistics and popups to support their claim. They even give out phone numbers for clients to call back, get a switchboard autoattendent that implies MS support, and make this whole thing sound like “they are here to help you”.

I run a small PC service and have gotten many, many calls from mature adults (50 and over) that have been called by these guys in the last month. It seems that they are targeting area codes that have lots of seniors in them And Ill say that more than half have been bitten. The other half are at least wary, some to the point where they called me to see if its legit. (Im glad that I have that level of trust with my clients)

Please, Please, put the word out, especially to your older clients that are more gullible, that these guys are frauds. Microsoft, like the IRS and your bank, will never call you, and anyone saying that they represent MS should immediately be suspect. And if they have provided their CC to these guys, have them call their CC sponsors and get their cards replaced.

Reply | Quote

Same thing happened to me just yesterday: phone call from somebody with a hard-to-understand accent claiming to be from Microsoft. My wife took the call and then put her “IT department head” on the phone. I played along for a minute or two and then hung up.

Reply | Quote

I’ve had several calls from these Microsoft security experts. The quickest way I know how to get rid of them is say “How do you know that” then they say some type of response then I say “I don’t even have a computer!” which is usually followed by silence then they hang up. I know it’s not a permanent solution but it works everytime.

Reply | Quote

This may sound harsh, but some people have no business operating a computer.

How many users out there, with little or no awareness, treat a computer like a refrigerator or some other generic ‘appliance’? How many people out there will click on any ‘interesting‘ link in an email? In real life, would they converse with some stranger who approached them on the street? No, but they sure will engage in some ‘shiny new thing’ dangled in front of their face on the interwebs. Click, click, click.

Everything is sunshine and lollipops. Until you click that link. Until you mindlessly click past that firewall dialog. And the Windows warning dialog. And the virus checker dialog. It’s okay, because Aunt Bessie sent me this cool link. Until your bank account is drained, or your machine is a zombie bot. How many PCs out there are compromised and part of botnets? Tens of millions? All because ‘that looks like an interesting game’. Or that link looks interesting.

We all pay the price for this behavior. But, hey, it’s all good. CLICK.

Reply | Quote

I had this occur about eight months ago to one of my clients. She go the usual Microsoft Call and they told her that her system was heavily infected plus XP was going to expire soon. Needless to say, she granted them remote access. They used the Windows Syslock command to basically lock her out of her system. They then told her that if she wanted back in, she needed to pay them $300. She told them she had a “hot-shot” computer repair guy and they informed her that said repair guy could never fix the computer.

Needless to say, she learned a hard lesson but I was able to undo the damage in about three hours and restore the system back again. She also apologized knowing full and well I told her never to trust anyone to get into her system and that it was akin to opening the door of one’s house to a total stranger and inviting them in.

These guys prey on those whose only contact with the outside world may be a computer. Plus, if they don’t know anybody who is tech saavy or they are too far away from a repair place, their desperation to keep in contact with the outside world will compel them to pay those big $$$ to get back into their system again (if the creeps actually give you the passwords to get back in again).

Reply | Quote

This may sound harsh, but some people have no business operating a computer.

Doesn’t sound harsh at all to me. My computers are all used for business. One screw-up can put us out of business and cost all employees their jobs and cost my wife and I a significant portion of our life’s savings which is wrapped up in the equity of our business. We have fortunately been able to train our employees to never click a popup or ignore a warning without calling me first and never to accept technical support from anyone over the phone without me telling them to expect the call. Even my wife, who is very intelligent and reasonably competent with computers, follows that rule. So far, so good, but one employee is of the high-risk category and my fingers are crossed every day that she doesn’t flush us down the toilet.

I am very grateful for the Windows Secrets newsletter which helps me to keep abreast of these things, and for this forum which is full of people more competent than I. I occasionally skim around looking for ways to return the favors, but it seems like someone has already given a better answer than I could to most of the things I can contribute to at all.

Reply | Quote

Doesn’t sound harsh at all to me. My computers are all used for business. One screw-up can put us out of business and cost all employees their jobs and cost my wife and I a significant portion of our life’s savings which is wrapped up in the equity of our business. We have fortunately been able to train our employees to never click a popup or ignore a warning without calling me first and never to accept technical support from anyone over the phone without me telling them to expect the call. Even my wife, who is very intelligent and reasonably competent with computers, follows that rule. So far, so good, but one employee is of the high-risk category and my fingers are crossed every day that she doesn’t flush us down the toilet.

I am very grateful for the Windows Secrets newsletter which helps me to keep abreast of these things, and for this forum which is full of people more competent than I. I occasionally skim around looking for ways to return the favors, but it seems like someone has already given a better answer than I could to most of the things I can contribute to at all.

I’ll bet someone could secure your system a lot better than it currently is, so as to limit the amount of damage that people such as the high-risk employee can do.

Also, are you doing nightly backups? If things are as vulnerable as you describe, backups become all the more important.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I’ll bet someone could secure your system a lot better than it currently is[/Quote]

Probably true. But I have tried to achieve a reasonable balance between security and my ability to continue to do business. We don’t have the budget for the ultimate protection, so we take risks. That is the real world. I mitigate the risks the best I can, but there are surely some areas I could improve on. We are fortunate that our computer illiterate employees do very little web browsing and almost no random browsing. They are women in their 40s so don’t visit the porn sites and such. We had a talk with them about personal browsing and pretty much forbade it during work hours. Mostly they visit the sites of our suppliers so they can show things to the customers, and they visit the ODOT website showing road conditions for their drive home. They are welcome to browse after hours, but who wants to hang around work and browse when they can go home? Not our ladies. It’s more a question of them responding to targeted come-ons that worry me. I have tried making their login a non-admin account, but there are too many limitations on that. I could probably work them all out, but I haven’t had the time and may never. There will just always be trade-offs between safety and usefulness. I’m sure it has been the same since the cave man: which is more dangerous, to attack the mastodon or to go hungry? I can plant my crop in April, but a late frost could kill it, or I can plant in late May and an early fall might kill it. Etc.

Also, are you doing nightly backups? If things are as vulnerable as you describe, backups become all the more important.

Yes. I do a full backup of the two main POS computers that the employees use once a month and an incremental every night. They are backed up to a system that only I can access and reside on a separate drive within that system. (Well, my wife knows the password in case I die, but has never logged on to it.) In addition I mirror my POS database to that same computer four times a day and I upload the full POS backup to an offsite server every night. If the store burns down I lose my full backups, but by the time it is rebuilt we would probably be out of business, anyway. I also do full/incremental backups to the office systems that my wife and I use. Another system is pretty much retired and just sits there because once in a while we need to turn it on for a special purpose. And my wife’s remote system has nothing special on it that I can’t just reload quickly and easily.

Reply | Quote

I’ll bet someone could secure your system a lot better than it currently is, so as to limit the amount of damage that people such as the high-risk employee can do.

Also, are you doing nightly backups? If things are as vulnerable as you describe, backups become all the more important.

I would add to have off-site backups. Two businesses here burned to the ground a while back. Fortunately, their backups were elsewhere.

Reply | Quote

I would add to have off-site backups. Two businesses here burned to the ground a while back. Fortunately, their backups were elsewhere.

My backup experience may be a little outdated by now but it still works quite well. We have three network programs that we use every day (including our accounting software) all with main data files on the server and there is a main “user” folder where all important corporate files are stored and separate sub-folders for each user for their own important files. I have two external portable hard drives – one is marked “odd numbered days” and the other “even numbered days”. Depending on the date on the calendar one of these drives is attached to the server each weekday night. Our IT support person wrote a simple batch file and each weekday night just before midnight, the task scheduler runs the batch file and copies everything from the user folder and the network program data files onto the external drive. The external drive has five folders – one for each weekday – so if it is tomorrow night (March 3) the “odd numbered days” drive would be attached and the files are copied into the Monday folder overwriting anything that was in that folder. The next day on Tuesday, I attach the “even numbered days” drive and everything is copied into the Tuesday folder. Alternating back and forth I then have two weeks worth of backups available in case something happened. And the drive not being used goes home with me every night so the latest backup is always off site. And being an accountant (and maybe a little paranoid too), the last thing I do every day before logging off the network is to copy the accounting data file from the server onto my own computer so there are two backup copies of that one since it would be the most important file we would have.

Fortunately it’s been a good number of years since I actually had to restore anything important. And that leads me to make another point. Always periodically check that your backup actually is working and that you can restore a file if necessary. A good idea there would be to make a temporary duplicate copy of some important files, let them back up, then delete the duplicates and restore from the backup. Easy way to confirm everything is working properly without messing with the real files. I changed a password to the server once not realizing that I also had to put the same password change on the task scheduler so for a couple of weeks the back up had not been working and I didn’t know it until I checked the backup drive and the file dates were not current.

(To digress just a bit, some years ago before our current dedicated server and external backups were installed, we outgrew our small server with tape backup and our IT consultant at the time suggested something called a SnapServer [see Wikipedia] which was basically just a box with a hard drive and minimal software plugged into the network as a file server. We installed it and were still looking for a backup system to use with it … tape didn’t have enough capacity or took forever to run a backup … and one morning about three weeks after it was installed the hard drive in it started making funny noises. Yeah, you guessed where this is going … the hard drive was toast and our last backup was three weeks out of date … except for the accounting data file which was copied onto my computer! We promptly got rid of that box and got a new IT support person and installed a proper server and the portable drives … significantly more money at the time … but it has worked well ever since.)

Oh yes, one more point before I close. Our server also has mirrored hard drives. So if a drive crashes (been there), the data is safe on the second drive.

Our network is getting rather old now and we’re having our complete IT system re-evaluated next week.

Reply | Quote

I’m retired, have some spare time, and am fairly knowledgeable about computers.

I have received several calls supposedly from Microsoft telling me about the problems I am having with my Windows computer. First question I ask is which computer is he talking about. I have three Windows computers, each running a different version of Windows. That seems to stump him.

I have gotten far enough along in one conversation to open a suggested Windows folder with a bunch of .inf files in it. The caller claims these are “infected” files. They are not; they are normal “information” files, but the uninformed user may not realize the difference.

The calls seem to come in spurts — a few one week, then nothing for a month or so, then a few more.

Of course the foreign accent is the big giveaway that these calls are not from Microsoft.

Reply | Quote

I have received a number of these calls and if I am not busy, I will spend the time to make them work for even a yes answer from me. I do this because it takes money away from them and hopefully keeps them form calling at least one other person who might fall for this nonsense.
The ones I have been getting over the past few months tell me (in a very thick accent so I can have them repeat things over and over, killing more time) is that they are Microsoft Technicians and that the “Central Server” has reported issues with my computer.
By the way, there is no law against claiming you are a Microsoft Technician or even that you are certified. If you want, I can certify you in neurosurgery or as a financial planner. The value of the certification is in the organization that does the certifying.
But I digress…..So I make the caller jump through as many hoops as I can but asking where this Central Server is located, how it knows it is my computer and what it is saying is wrong.
I will then let them tell me about the virus reports and spam my system is sending out and all of the other horrible things that are spewing from my badly infected and bot ridden computer.
By the way, I yet to answer any of their questions with a yes, no or actual answer. I always reply with my own question, starting with them saying “How are you today?” Their scripts and training are based on getting positive acknowledgments from the person they called, it is a standard sales training technique.
Anyway, it either gets boring for me or they finally figure out I am yanking them and the call ends.
And I have been in the business for oh too many years and also have real customers and those under the “friends, family and stalker” discount program and they all get the lecture about not letting anyone else play with the computer other than me. I have fired customers who have been too much trouble when they expect me to fix what they caused for next to nothing and at the drop of a hat.

Reply | Quote

For friends such as the lady who was scammed, i’d suggest creating a limited Guest account and locking them out of any administrator privileges.

Reply | Quote

Here’s a suggestion that would be a really inexpensive way of protecting your network:

Put your company network off of the internet. In that way it will be an isolated network, not vulnerable to the risks inherent in the internet. Then have a few computers on a separate network which is connected to the network. Whenever anyone needs to get on the internet, they go to one of those workstations. If they need to copy files back and forth, they can do it with a flash drive. Make sure that the internet-connected computers are well protected with the best A/V software and internet practices. But have A/V software on all workstations, just to make sure. You can do updates periodically (say, weekly) on the company network by connecting it to the internet temporarily.

This is the poor-man’s way to secure things. A bit more of a hassle, but a lot less risk. This is the way I set up my wife’s network a few years ago.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Thanks to all for this excellent discussion!

The core of the problem, however, is not anything technical, but rather human nature. Humans vary, some being naturally savvy, hard-working, and willing to put in the effort required to pay attention and stay safe, while others are by nature lazy, careless, or, well, just plain stupid. Unfortunately, even endless provision of the best tech support will never – CAN never – be enough to overcome the deleterious effects of simple, raw stupidity. In the words of a poster I remember from decades ago: “Ignorance can be cured; stupidity is forever.”

Nor is this sort of stupidity confined merely to computer-related issues. As Sir Winston Churchill said, “The best argument against democracy is a five-minute conversation with the average voter.”

Always remember: Every time you make something idiot-proof, Nature builds a bigger idiot.

Cheers,
Al

Reply | Quote

Put your company network off of the internet.

It is a good idea where it can be implemented. But my wife and I manage the store and the equipment remotely most of the time. For example, if a popup appears our employees are required to call us about it. I login remotely (I am currently 1200 miles away) and look it and deal with the issue. So keeping the POS systems off of the Internet would not work for us. Even if we could afford a whole computer just sitting around waiting for someone to want to go surfing.

I just rely on a good router and I try to keep up with the risks and close any holes I can find before they are exploited. This certainly isn’t the future I had envisioned when I first started using the Internet in 1982!

Reply | Quote

It is a good idea where it can be implemented. But my wife and I manage the store and the equipment remotely most of the time. For example, if a popup appears our employees are required to call us about it. I login remotely (I am currently 1200 miles away) and look it and deal with the issue. So keeping the POS systems off of the Internet would not work for us. Even if we could afford a whole computer just sitting around waiting for someone to want to go surfing.

I just rely on a good router and I try to keep up with the risks and close any holes I can find before they are exploited. This certainly isn’t the future I had envisioned when I first started using the Internet in 1982!

Perhaps you could lock down where they can go on the internet. If they can only go to places which are on the approved list, and all other traffic is blocked (except for incoming from you), you’ll probably be well-protected from internet-related problems.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

It is a good idea where it can be implemented. But my wife and I manage the store and the equipment remotely most of the time. For example, if a popup appears our employees are required to call us about it. I login remotely (I am currently 1200 miles away) and look it and deal with the issue. So keeping the POS systems off of the Internet would not work for us. Even if we could afford a whole computer just sitting around waiting for someone to want to go surfing.

I just rely on a good router and I try to keep up with the risks and close any holes I can find before they are exploited. This certainly isn’t the future I had envisioned when I first started using the Internet in 1982!

There are some good pop-up blockers that might help. I use adblock plus, and have my browser pop-up blocker also activated. (it’s under “privacy” in the options section)

Reply | Quote

Slightly off topic… but I am a retired basketball referee. You guess it — I found a great use for my many whistles. One sits by the phone for crank calls and telemarketers, most of whom use headphone/microphone hardware. You can’t image the pain my full blown whistle blow (2″ from the phone mouthpiece) can cause to someone listening with an earpiece. Needless to say, I don’t get many return calls….

Sadistic Jim

Reply | Quote

Slightly off topic… but I am a retired basketball referee. You guess it — I found a great use for my many whistles. One sits by the phone for crank calls and telemarketers, most of whom use headphone/microphone hardware. You can’t image the pain my full blown whistle blow (2″ from the phone mouthpiece) can cause to someone listening with an earpiece. Needless to say, I don’t get many return calls….

Sadistic Jim

Don’t want to get off topic, but here is yet another alternative for getting rid of unwanted callers, both computer fraudsters and others.

About 40 years ago, I lived near the ocean and raced a sailboat. When we sailed up to our mooring, we used a launch caller – a horn mounted on a can of compressed Freon gas – to signal the launch at the dock that we needed to be picked up. A woman I knew was being harassed by an obscene caller, so I let her borrow our launch caller. The next time the guy called, she put the opening of the horn against the mouthpiece and pulled the trigger, blowing a mighty blast – think of having your ear up against the horn of an 18-wheeler driven by an angry trucker. Absolutely no return calls after that. Who knows, if lots of people did that, it might help to make the computer scammers think twice before calling.

Reply | Quote

… A woman I knew was being harassed by an obscene caller, so I let her borrow our launch caller. The next time the guy called, she put the opening of the horn against the mouthpiece and pulled the trigger, blowing a mighty blast – think of having your ear up against the horn of an 18-wheeler driven by an angry trucker. Absolutely no return calls after that. Who knows, if lots of people did that, it might help to make the computer scammers think twice before calling.

Hate to burst the bubble of those who would like to burst the eardrums of crank callers, but the telephone network is simply not capable of delivering the goods. The dynamic range is simply too limited. A marine air horn or a coach’s whistle will be much more painful and disruptive to the sender. Sure, it will be annoying to the receiver, but no where near as loud as you might think. Equally annoying, although not quite as loud, is to use the touch-tones built in to your phone. I often respond to crank callers with “hello , ,” by pushing buttons while speaking. When the caller again attempts to start a conversation, I say “hello?… hello? ” Kind of fun sometimes to see how long the caller will persist.

As to deterring crank calls, there is bad news. Such tactics might work to stop the ex-boyfriend or a stalker, but it will not deter today’s robo-dialed scam calls. So save your own ears. If you must make noise, use the tones or just whistle … I sometimes try to immitate my fax machine. I’m sure that annoys the caller, too. -RonR

Reply | Quote

I want one of those whistles…

Reply | Quote

Having looked after desktops and laptops for family, friends and friends of friends (some of whom I now consider friends) I think that at least some of the problem with people not doing backups etc must be put at the door of the manufacturer and Microsoft. If you are moving from an old PC with XP to either Windows 7 or Windows 8, the PC manufacturer wants the initial experience with your new PC to be as easy as possible. Six months down the road you start having problems but don’t really know what to do or where to turn. This is usually where I get involved.

I don’t think that I have seen a Windows 7 or 8 PC, that I did not set up, that has separate admin and standard user accounts. They usually have a single account that all the family use and it is an admin account. They don’t understand that they should be using a standard account for day to day use. The info is there somewhere on their new PC but it started up when they took it out of the box with an admin account and that’s the way it has stayed. When I explain that they should be a standard user they usually look down their noses for a while until I explain the reasons why. At that point I usually ask if they have backed up the recovery partition? I mostly get a blank look or a no as they do not know that they are supposed to. Windows 8 does not help as some manufacturers will allow you to back up the recovery partition to DVDs using their backup program, others rely on the built in back up that only allows you to back up to a USB drive. Even that is not straight forward as you have to decide on the size of flash drive required 8, 16 or 32GB.

I then ask about backing up the documents and photos etc, again usually blank looks. I then explain that most hard drives are mechanical and they will fail at some point, usually just at the most inconvenient time. Explaining to a mum that their sons hard drive has failed 3 years into their university degree with all their work on it and you are not sure if you will be able to get any of the data off and they didn’t have a backup is a bit of an eye opener. In that case I did manage to rescue his work, but it also meant that when her daughter went to university I was asked about a suitable laptop. That laptop was set up by me with admin and standard user accounts, recovery partition was backed up, backups were set up to an external drive and the reasons why all of this was done was explained. Hopefully the close call that her brother had over his data had the suitable result.

The explanation part is I feel one of the most important parts and is where manufacturers and Microsoft fall-down. The trick is being able to put the information over in a way that the user will understand. I tailor what and how I put over that information depending on whether the user is 12 or 82 years old. Part of the “talk” that I give them is to never ever give anybody remote access to their PC unless you know who they are and to also explain that Microsoft will never ring them up.

This resulted in me fielding a “Microsoft” call for an elderly neighbour. It was 30 minutes of shear pleasure on my part. They tried to tell me that the laptop had “Serious problems” and they would have to “stop it working” when I challenged them to do that they of course couldn’t do it. They said to me that they could prove there were serious problems. When I asked them how they could do that they said to “go to Google and type W W W . T E A M V I E W E R . C O M” I told them that if they thought that I would give them access to this laptop they could think again. They then went on to say that my neighbour “would have to buy a new laptop as this one would soon stop working” Of course it never did stop working but this is the threats that they use when dealing with the older generation. My neighbour was at my side listening to the fun I was having and I don’t think she will ever fall for a con like that, hopefully she will also pass on to her friends that these calls are a con.

Unfortunately there are still some people out there who fall for this con, they believe the random person that rings and tells them they have a problem. They seem to believe even more when they are told that there will be a hefty charge. They seem to think that just because they are paying means that they are dealing with a “professional” so what can go wrong?

Reply | Quote

I do employ “tough love” and my friend just found that out

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

If it helps at least one person (preferably more) who gets an unsolicited call from someone to clean their computer, I would like to recommend that after the caller states they can check out your computer (or whatever they say) for issues; immediately say something like “I don’t know who you are and if /when I want to have my computer checked out I’ll bring it to my local computer repair shop where I can talk to someone face to face” and then hang up.

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

I’ve had the Microsoft calls even though I have an iMac!

Phone fraud is rife. Have a look at http://www.bbc.co.uk/news/uk-26380319.

One ruse fraudsters use is to give a phone number for you to check their bona fides. The fraudster does not hang up and when you hang up and redial you end up speaking to a confederate of the fraudster as in UK exchanges keep calls connected for 2 mins if caller doesn’t hang up. UK telecoms companies are gradually fixing this.

Reply | Quote

Dear Loungers, Yesterday (2/27/14) I received a phone call from a foreign sounding male, Abdar, purporting to be from the Microsoft Technical Support team. He made claims that my computer was sending error messages to the “Microsoft server” and he was calling to help resolve these issues. He directed me to the Windows|Computer Management|Event Viewer|Administrative Events and asked how many events were logged? I told him I had 2,536 errors and he went wild “how many errors?” Actually I had ~256 errors but I exaggerated some for effect. “Your are only supposed to have about 250 errors” “Oh Really?” I told him I thought I shouldn’t have any errors. We went back and forth over the error count and he said he would help me get rid of these errors. Oh, how are we going to do that and how much would it cost?

He directed me http://www.teamviewer.com to install the “Team Viewer” software for a “Remote Control Session”. Since I am familiar with the site, “remote session” (mine is turned off), and identity theft I was not about to allow some stranger access to my computer. So, I told him I couldn’t access the site, that I was getting a “HTTP: 404 error – page not found error”. When he couldn’t get me to install the Team Viewer software he directed me to http://www.ammyy.com/en/ to try another “remote session” access. When one thing didn’t work he would try another approach. Because I was doing something wrong he tried to transfer me to his supervisor and then manager numerous times as they could walk me through the steps better than he. This went on for the better part of the day. Each time he would transfer the call I would hang up. They would call back and try to resume their helpful nature. I finally stayed on line long enough to talk to their “manager”. I told him there may be a way to access my computer directly by typing in my IP address: 127.0.0.1. There was a long dead silence, (much like typing the 127.0.0.1 loopback address) before I launched into him over his bogus scam, trying to gain access to unsuspecting peoples computers as a tactic for identity theft.

As a computer shop owner and a Certified Microsoft Software Engineer I’ve seen this scam numerous times and removed and repaired numerous computers with viruses and remote access software installed. I don’t advocate my approach for the casual Windows user but I thought the longer I keep this guy on the line the less time he has to scam unsuspecting users. One thing I will say about these scammers is they are persistent. For the record, to my knowledge, Microsoft does NOT ever make technical support calls or monitor a “Microsoft Technical Support Error server”.
My advise: Be aware and DO NOT ever give remote access to anyone.

Bob Peters
President
Certified Microsoft Software Engineer
Binary Technet
Systems Builder & Computer Repairs

Reply | Quote

There are obviously enough people falling for this scam for the crooks to profit from it. I’m impressed with the people here who help, and rescue, friends and family! You swing the balance to the “good” side.

I’ve received numerous calls. If I have the time, I have some fun. Play dumb, etc. I asked one woman where she was phoning from, then asked her why her area code was in a different place. (Caller id) Or ask: “what is a computer?” and other questions of non-sensical value that tend to confuse the person calling. Most of all, I don’t answer if I don’t know the number. That’s the simplist way to avoid being “taken for a ride”.

Reply | Quote

I do use popup blockers in my browsers. By popups, I was referring to the various error and other messages that Windows or other applications popup onto the screen when there is a problem. They are never allowed to hit OK or Cancel or anything else unless it is one of the “usual” errors that have been pre-approved by me.

Reply | Quote