Microsoft's advice: Hang up on tech support scammers

'We've got to put somebody in jail for these folks to take us seriously,' counters U.S. Sen. McCaskill (D-Missouri)

Microsoft's best advice to combat tech support scams? Hang up the phone.

"You get a call from someone that's unsolicited, talking about technical support, hang up," said David Finn, the executive director of Microsoft's Digital Crime Unit, during a hearing held by the U.S. Senate last week. "That's the first thing. That is not a legitimate effort to sell something to you."

Finn was one of several people who testified last Wednesday before the Senate's Special Committee on Aging, which held a hearing on technical support schemes. The scams disproportionally target the elderly.

Such scams, Finn said during his prepared testimony, are the "single largest consumer fraud perpetrated in America today." They victimize an estimated 3.3 million people and rake in $1.5 billion annually. "This translates to a victim nearly every 10 seconds, with an average loss of $454 per consumer," Finn said.

Those scams come in several forms, and from several directions. Some rely on massive spam campaigns that promise a faster, more secure Windows PC, and draw readers to a URL; others seed websites with pop-ups that falsely claim the user's machine is infected with malware; still others take out search ads that appear when consumers frantically look for help online after their computer goes south.

But the classic tactic is a cold call -- an unsolicited telephone call -- where the caller poses as a computer support technician, frequently from Microsoft itself, and tries to convince the victim that their computer is infected, often by having them look at a Windows log that shows scores of harmless errors. At that point, the sale pitch starts, with the caller urging the consumer to download software or let the "technician" remotely access the PC.

The con artists charge for their bogus "help" and often get people to pay hundreds for worthless support plans or software. Frequently, the scammers use their temporary access to plant malware on the PC, which later surreptitiously steals online account information and passwords.

Finn's recommendation to hang up -- his answer when asked what consumers could do to battle back -- was not new advice. Nor has it always been successful, according to Computerworld readers, who have provided a regular stream of emailed experiences over the last two years.

"How can I stop them?" asked one reader in an email last month. "They call three to four times a day all weekend. I even told them that I was tracing the call. They keep calling back."

"These fools have become so aggressive they are trying every trick in the book to get you to pick up the phone," wrote Steve Hinds in August. "I picked it up because the calls needed to stop."

"Discovered I also have been scammed by the Windows tech support," echoed Sharon Minehart, also last month. "Of course I let them in after several weeks of non-stop calls."

When even those who know of the scams' intent weary of the constant calls to the point where they surrender by picking up the phone -- violating Finn's don't-engage rule -- the frustration level has clearly hit the high side of the meter.

Safari alert Malwarebytes

A typical tech-support scam, this one targeted at Mac Safari users.

While the Federal Trade Commission (FTC) has sued several alleged scammers -- some in India, a hotbed for the racket, some in the U.S. -- and Microsoft has done likewise, there's no sign that those spotty actions have had any impact.

Sen. Claire McCaskill (D-Missouri), the ranking member on the committee, was frustrated, too, by the lack of progress against scammers, who have been targeted with civil, not criminal, lawsuits. "We've got to put somebody in jail for these folks to take us seriously," McCaskill said during the hearing.

She compared the efforts put into finding and prosecuting robberies with the lackluster labors against tech support scammers. "Compare and contrast [that with] the amount of time and energy we spend going after robbers that are depriving seniors of their money, their dignity, and more importantly, isolating them," McCaskill said. "What they're doing is beyond cruel. If you are a senior and you feel that you can't answer your phone, then your life can become incredibly lonely. Your life can be so limited ... to the walls of your home.

"It is so frustrating to me that we can't collectively get the political will to decide that some of these people need to go to prison," McCaskill added.

Join the CSO newsletter!

Error: Please check your email address.

More about ClaireFederal Trade CommissionFTCMalwarebytesMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts