“Windows Support” Social Engineering Goes Beyond Trickery


This scam has been going on for several years, but I heard a new angle today that is cause for concern.  A family member received the call, and what she was told is disturbing to say the least.  If you haven’t heard about the scam, it works like this:

Theft over the internet concept with a hand poping out of the screen to steal a credit card, isolated on a white background

  • You get a call from somebody (usually in a thick foreign accent) claiming to be from “Windows Support”.
  • They state that your computer has problems and has been sending alerts to them.
  • They point out errors in the logs on your PC, and claim that it is broken or infected, and that they can repair it for a fee.

 

    What you may not realize is that the errors they’ve pointed out aren’t unique to you, and nobody was being notified about them. Most PC’s have errors in the logs, and the scammers are relying on this to scare you into paying them to “fix” your machine. If you are wise to them, they quickly grow impatient and aggressive, often swearing at you before hanging up.

First of all, “Windows” is not the name of a company. Nobody “from Windows Support” will never call you.  It would make more sense for them to claim to be calling from Microsoft, only Microsoft would never call you either!  (Unless you applied for a job opening with them.  In that case… maybe!  But they’ll never call you about errors on your computer!)

Secondly and more disturbing is that this time, they didn’t just use the “errors in the log” trick to try to trick her into gaining access to her PC.  They knew personal information about her:

  • They knew her name
  • They knew what town she lives in
  • They knew her postal code
  • And obviously, they had this information associated with her phone number

This is Social Engineering at work.  Although we don’t know where they got this information, it was clearly intended to establish a level of trust beyond simply using the name “Windows” and pointing out errors.  My family member was wise enough to say, “well I have an IT guy, so I’ll get him to call you back – what’s your number?”  True to form, this irritated the caller and he quickly became aggressive and started calling her names before she hung up on him.

Please spread the word, and don’t let anyone you know fall for this more advanced scam.  I fear the social engineering angle will result in more victims.

 

Leave a Comment

Your email address will not be published. Required fields are marked *