One of our clients recently got a call from Microsoft Support saying that their servers had detected a virus on my client’s PC and that they needed to verify this by having my client follow a few simple steps. The Microsoft Support Engineer then walked my client through the necessary commands and was promptly presented with a throng of Red X’s, security errors and other ominous alerts that validated his server’s monitoring tools and confirmed the breach. My client then supplied Microsoft with remote access to his PC and after only a few short minutes was presented with the grim alert “System Breached…Trojan Virus Present…” The engineer explained that these types of viruses monitor his key strokes and store his passwords and Credit Card info and are the leading cause of identity theft. Luckily the Microsoft Engineer’s servers had spotted the viruses early enough and for only $175 would clean the PC and provide a years’ worth of monitoring to ensure that it did not come back.
My client, like most, realized the scam but due to the overwhelming nature of I.T. not everyone is aware of how egregious these scammers have become. We are past the days of African Princes emailing you and are now at the point where scammers will actively call and engage you in order to get what they want. After hearing my clients story and retracing the commands I was able to research this scam and find that it has become quite popular these days; so in the interest of education I wanted to share what our “Microsoft Engineer” scammer did so that you or someone you know can be better prepared should they target you.
- He located a U.S. based business phone number and pretended to be from Microsoft support
- Through his carefully crafted script he walks people through running windows commands that take them to the Event Viewer (eventvwr). He then has them sort the event viewer to list all of the errors first and presents this multitude of generic and harmless errors as proof of why he called and asks for remote access to their machines
- After remoting in he runs a TREE /F command which lists every file and folder in rapid fashion then while hidden from view he types in the message “Security Breach…Trojan Virus present…” and passes it off as Windows supplying the error code on its own
- He then offers to fix it for $175, asks for a Credit Card and then the real headache begins
Just remember, NO LEGITIMATE SOFTWARE VENDOR WILL EVER CALL YOU. If someone says “their servers detected a virus” or they “need to remote in” then chances are it’s a scam. If you think something is up or ever suspect you are being tricked just give us a call and we will be happy to sort everything out.
