You know the call: “we’re calling from Microsoft”, and the scam begins. Who is falling for this and why?
We’ve all heard the stories and you’ve probably had one or two pop up in your life: the bogus tech support calls from someone claiming to be from Microsoft. They’re a nuisance, and one you can simply just hang up on.
But research into these calls from criminals and con-artists shows not everyone will just hang up and move on. Some will engage, potentially adding themselves to a loss amount that can total in the thousands and hundreds of thousands.
What’s going on, and what are we doing?
What is the Microsoft tech support scam call?
You get a phone call out of the blue, and the person introduces themselves as calling from Microsoft or Windows.
“I’m calling from Windows,” the voice says in one version. “Hi, I’m calling from the Microsoft Support Team,” says another. What follows is a script to lead you into a black hole to give the person on the other end of the call access to your computer, installing a small piece of software for them to “diagnose” your problems, before doing something criminal. That piece of software actually adds to any problems you have, acting as a remote gateway for someone you’ve never met to gain access into your computer.
Microsoft didn’t call you. A scammer did, and by installing that piece of software, you’ve just given them access to complete the scam. While Telstra is doing its part to reduce the frequency, the calls are still out there, still happening, and still risking your security overall.
How are victims targeted by the Microsoft tech support scam?
Windows is on so many computers around the world, so you probably won’t be surprised to learn you’re not being targeted per se. Your number is on a list, and scammers are calling numbers on that list. If you happen to fall for the trick, you’ll be marked as a success, and become one of the numbers that fall for these type of scams.
Unfortunately, you’re not alone.
According to recent research from Microsoft, 68 percent of Australians have been graced with a tech support scam in the past year, higher than the global average of 59 percent. It goes deeper than that, with one in three aged 24 to 53 — a stunningly large age bracket — interacting with the scammer, with men more likely to do so.
The information is found in Microsoft’s 2021 Global Tech Support Scam Research report, and found Australians were the second most likely to engage with a scam, second to India in Asia Pacific, with Microsoft finding 24 percent of those who had talked to the scammers reported unauthorised money transfers from their bank accounts.
“Tech support scams are perpetrated globally and target people of all ages,” said Mary Jo Schrade, Assistant General Counsel for Microsoft’s Digital Crimes Unit in Asia.
“The survey findings reveal that Australians are experiencing higher-than-average tech support scam encounters when compared globally, showing that consumers need to understand how these scammers work to better enable them to protect themselves from scams,” she said.
“Tactics used by fraudsters to victimise users online have evolved over time, from pure cold calling to more sophisticated ploys, such as fake ‘pop-ups’ displayed on people’s computers.”
Why do people believe the scammers?
Schrade told Pickr that people tend to believe these calls because of a sense of urgency, something heightened by the phone call, lowering any chance of a logical response people may have.
“For example, they may use a pop up that appears on the screen of someone’s computer after they have searched for something or interacted with a website,” she said.
“The pop up will have alarming language, informing the person that they are going to lose all of the photos or documents saved on their computer. The popup might have a loud alarm sound associated with it, which also may lead people to panic. Then the scammers offer a ‘solution’, pretending to be a reputable technology company and claiming to fix a non-existent problem.
“We believe that the combination of an offer of ‘help’ in a time of need, along with a sense of urgency and the use of reputable technology companies’ names in connection with the scammers results in an increased likelihood of believability,” Schrade said.
It’s a comment agreed to by Alex Merton-McCann, Cyber Safety Ambassador for McAfee in Australia and New Zealand.
“Particularly at times like these when we are working and schooling from home, it is natural that we panic when we encounter technical issues, and that we want to resolve them quickly and by any means possible,” she said.
“This reliance on technology makes it that much easier for cybercriminals to trick Australians into falling for their tech support scams.”
What damage do Microsoft tech support scams do?
Frustratingly, the scams could cost you thousands of dollars if you fall for them, with the solution often being a ransom of sorts.
“Remote tech support scams can be designed to simply seek payment from victims to ‘fix’ an issue that doesn’t exist on their device,” Merton-McCann told Pickr.
“Those more sinister will encourage victims to grant scammers remote access to their devices to, again, ‘fix’ a non-existent problem. From there, scammers can steal valuable personal or financial information which can be used to steal money or even identities, or install malware or ransomware to damage the device or its data.”
And it’s a lucrative industry for scammers. While the average amount lost by scammers is around $126 AUD on average, one couple in NSW lost $165,000 to scammers in this approach.
How can you beat the Microsoft tech support scams?
“Tech support scams will remain an industry-wide challenge until sufficient people are educated about these scams and can avoid them,” said Microsoft’s Mary Jo Schrade, noting that the best way for people to protect themselves is to learn how scammers target people, and to be suspicious of unsolicited calls from technology companies.
“It’s important to stay vigilant and remember Microsoft and other reputable tech companies will never proactively reach out to consumers to provide unsolicited PC or technical support. Any communication these companies have with consumers must be initiated by the consumer,” she said.
The sentiment is shared industry wide, with McAfee’s spokesperson noting the same.
“Companies won’t send email messages or make phone calls unsolicited and request users’ important personal or financial information to fix a technical problem,” said Merton-McCann.
“If a company’s ‘tech support team’ reaches out to you in the first instance to flag an issue with your device, you can be confident that it isn’t the real deal,” she said.