Last Tuesday night my oldest son came into the room and told me he thought one of our computers was being hacked. So I kicked into incident response mode and walked into the other room to be greeted with a computer loudly telling me that Microsoft Security Essentials was unable to clean a virus and to immediately call Microsoft.
Instead I immediately shut down the computer. Here’s why.
Unfortunately it’s far too easy to build a web page that closely mimics the look and feel of Microsoft Security Essentials, so the message looks scary and convincing. But it’s just another tech support scam. There’s nothing wrong with your computer, you just clicked on some fraudulent link that triggered the scam.
I keep things locked down more tightly than many people do, but this still got through. I didn’t conduct a forensic investigation or do a screen capture, which would have been interesting, but I was in emergency mode. What I did do was run a virus scan, which came back clean of course. Then I installed all of my Windows updates. New ones had come out that day, and I usually wait a few days to apply them. But if these criminals used something new to get in, I wanted to slam that door fast.
If you have called the 800 number, don’t buy anything and don’t let whoever answers onto your computer. Hang up the phone, and don’t answer if they call back.
If you’re unconvinced that the message was fraud, you can call Microsoft. Use the number 1-800-426-9400 — the number on the Fraud Alert Page — and talk to them directly. They’ll help you determine if you actually, legitimately need Microsoft’s help–which you probably don’t. More likely, they need your help to figure out where the fake alert came from. Microsoft doesn’t like these criminals infringing on their trademarks and dragging their name through the mud, and they do have the resources to shut some of these operations down.
Something similar happened a few weeks later. I called the number that time, then got my friend to. The results were slightly humorous.