maravis.com Exploring Information Security

Friday, October 24, 2014

  • Aug 2011
    22

    Email This Post  Print This Post

    Have you fallen for the Microsoft support phone scam?

    I received a call this morning from someone claiming to be from Microsoft who told me that my computer was sending them a message that it was infected with a computer virus. He wanted me to give him remote access to troubleshoot and remove the offending virus.

    It was plain to me that this was a scam since I scan all my computers and our staff are very particular about keeping our systems clean and scanned regularly. When I did a search, I found that Microsoft had already put out a warning about this kind of scam. Also, Microsoft is in the business of making money. They do not give away customer support away for free (in most cases).

    Quite a few people seem to have already fallen for this scam and taken for hundreds of dollars.

    So, what do you do if you did get fooled into providing information and remote access to these scam artists? Well, here you go:

    1. Let this be a lesson to you. Never provide information to a stranger who initiates the call. If you called Microsoft or any other organization, that is different. You know who you have reached. If you received a call, you have no idea who the person on the other end is.
    2. Report it to the cops. Most police departments have an electronic crimes group. Remember that they do have to investigate more serious crimes and your few hundreds of dollars is not very high priority to them. While they may not act on one or two complaints, they may have to if enough people complain.
    3. Use a different computer (or a trusted friend’s or family member’s) and change all your bank/financial institution/credit card account passwords. Make sure that you set a strong unique password.
    4. Change your router password and make sure that remote web administration on the router is disabled.
    5. Regularly monitor your credit card accounts and bank accounts and raise any suspicious transactions with the institution right away. If you provided your credit card information to the caller, get your card replaced
    6. Disable remote access on your computer.
    7. Your MBR (Master boot Record) can also be replaced by the attracker or malware that the attacker has loaded onto your computer. The MBR loads before the operating system when your computer starts and can disable your anti-virus software. You should also check if your MBR (Master Boot Record) has been replaced by scanning using the Kaspersky Rescue Disk (do a Google search for this). If it finds that your mbr has been infected, follow these steps:
        XP

      • Boot using an XP Installation disk to the Recovery Console
      • After logging into the Administrator account (usually with a blank password), at the Command Prompt, type in the command
        fixmbr
      • Press Enter to replace the MBR and then restart your computer.
        Vista & Windows 7

      • Boot using a Recovery CD or Vista/7 Installation DVD to the Recovery Environment
      • At the System Recovery Options menu choose ‘Command Prompt’
      • At the command prompt type in the command:
        bootrec /fixmbr
      • Press Enter to replace the MBR and then restart your computer.

      Please note that any customized MBR that your PC vendor put in the computer will be overwritten with the default Windows one. In most cases you will be better off with this option. If you are unsure, be sure to check with someone that knows what they are doing before you go replacing your MBR.

    8. In quite a few cases, the scammers will even change your Windows user account password. This is a big problem since they can now extort money out of you. They will tell you that they will unlock your computer once you pay them. In such cases, you may need to use a tool such as Active Password Changer. This will allow you to remove the password on any Windows account. Once you reset it, you can get back in and set your password again. Remember to set a different (strong) password this time.
    9. Download and run Microsoft Safety Scanner. And run this regularly for at least a few weeks. You should be running a full scan of your computer(s) at least every week and keeping your anti-virus program up to date.
    10. This step is for protection in the future, so you do not have to do it right away. Download and install Microsoft Security Essentials. This is free from Microsoft and is pretty good.

    Hopefully, with all these done, you will be in the clear. Be suspicious and safe the next time.

    Here is some additional information from Microsoft.


    by Siva Ram, CISA, PCI-QSA, PA-QSA
    ©www.maravis.com. The use of this content on other websites without permission breaches copyright.