I know I’m not the first, but a warning about scammers.
I just took a phone call from a (fake) “Microsoft representative”. The call came in from an anonymous international number and went something like this:
Me: hello?
Rep: Is that Mr Peeper?
Me: Mr Pepper, perhaps?
Rep: Ah, yes! I’m a Microsoft representative calling to let you know that we have detected that your computer is infected with spyware and malware.
Me: Hm, ok…
Rep: Your personal and private details are vulnerable to being stolen by hackers. <clipped explanation about security, hackers, on-line bank accounts, etc>
Me: Yes, please go on…
Rep: We would like to help you repair your computer, so could I please ask you to start your computer and I will then transfer you to one of our technicians to help you fix it.
Me: I’m afraid I’m confused. I don’t use Microsoft products, I use Linux.
Rep: Oh… <click>
The “Microsoft rep” bottled it at this point and hung up. A few things increasingly alerted me to the real nature of his call:
- Anonymous, unsolicited international call.
- The caller offered no way of identifying himself – he didn’t even offer a name.
- He rambled on at length about security risks to me – an attempt to make me fearful, I guess.
- He didn’t question whether I had other computers that may be running Microsoft Windows, which would be the source of the problem they had “detected”.
- He hung up when I challenged one of the premises of his call (that I use Microsoft Windows).
I suspect these scammers were doing a phone directory trawl, with the expectation that most people use Microsoft Windows, are not very technically savvy and have (very rightly) a fear of having their computer compromised in some way.
I’m not a security expert or authority on social engineering, so I’m not offering any advice on those things. What ultimately seems to have been effective in my case though was to challenge the caller, but I understand that might prove tricky for those people who are not software engineers or geeks! Just be wary about this kind of call.