“This is Microsoft Support” telephone scam

Recently scammers have been contacting computer owners directly by telephone in an effort to convince them that there is a problem with their PC and they’ll need to pay to have it fixed. I own/operate a computer repair business (Rhode Island PC), and even I have fielded two calls recently from these scammers.

The call generally goes something like this:

1.       A foreigner with a thick Indian accent identifies himself as a member of Microsoft Support or similar.

2.       He informs you that you have a number of critical problems with your PC and that you will need to have it fixed.

3.       To convince you, he offers to connect remotely and pulls up your computer Event Log. He then filters for Warnings, Errors, and Critical events and uses that as evidence that your PC will soon fail to work correctly if you do not pay him to correct it.

Something is seriously wrong and it’s not your PC. It’s the fact that someone is calling you to tell you that there is a problem with your computer. Microsoft Support will never call you to tell you there is problem. The Event Log is supposed to log warnings and errors, and even on the healthiest of PCs there are plenty of Error Events that can be safely ignored, as they often don’t amount to anything.

The important thing to remember is to never trust someone who calls you about a problem with your PC, and NEVER, EVER let them connect remotely to your PC.

If you do make the mistake of letting them connect, but then you happen to get cold feet and refuse to pay the $180+ they request via credit card, the next thing that happens isn’t pretty. The scammer proceeded to actually follow through on his promise of the PC “not working” if they don’t agree to have him fix it. In a few quick steps, behind the user’s back, he enacted what is known as SysKey encryption on the Windows SAM (Security Accounts Manager) registry. SysKey encryption is a little-known feature of Windows which allows administrators to lock out access, and the PC cannot be accessed without knowing the proper credentials. He also likely deleted any Windows restore points. The ONLY SOLUTION is to call a qualified PC Technician for service. Most importantly, POWER OFF your PC immediately and DO NOT attempt to re-boot/restore your computer. Your data is at extreme risk! Attempting to reboot/restore will compromise your data and it may not be recoverable without wiping your hard drive and re-installing Windows.

For more information or assistance, contact Gene Allsworth, Rhode Island PC at 401-484-7870. Rhode Island PC is located in the Oak Harbour Plaza, 567 South County Trail, Suite 307, Exeter, RI 02822.