Home→Blog→Events→January 09 2012→Windows Security Phone Scam Now Targeting Sweden
Earlier today, I was sitting at home working on a Linux server that was compromised while suddenly, I hear my home phone ringing. Actually, someone has been calling me and just hanging up around the same time everyday for three or four days now. I thought that it was just some telemarketing company profiling me to figure out if I’m home or not, but this time it was different.
When I picked up the phone I heard this guy introducing him as a technician from the Windows Security Support Department. The connection was VERY bad and I could not hear everything he said, I don't know if this was intended or not.
When I started to talk to him he asked me in English with a indian accent if I had a computer at home, and of course I said “yes”. Then he started to explain that my computer had been compromised and that my firewall was just protecting me against external threats and not internal threats. At this time I knew that something strange was going on, and I started to ask more questions about the malware and trying to get more information about them, then at this point he immediately hung up the phone.
Just after he hung up I realized that this was one of those scams where they trick people to install Remote Access software to be able to control the machines. Once they got access to the machines, they install rootkits and obtain full access to your computer.
In the outside world, I this is quite an effective scam because they called me during the day, and I guess the people who are at home by this hour are not your average security researcher from Kaspersky Lab but maybe people who are sick, or the elderly.
I want to warn everyone about these scams, and at this time I can confirm that they are currently attacking Sweden. Previously, such scams appeared to target UK/US users mostly (http://money-watch.co.uk/8183/windows-support-scam-worsens), but it seems their business is expanding.
Please let us know if somebody calls you and claims they are from “Windows Security” (or such) and asks you to install remote access software. Most important of all, do not install the software which they recommend!
|
2012 Jan 09, 16:39
Richard Balwin I am based in the UK and only last week I received just such a call. A guy with an Indian accent telling me he was from 'Windows' and that he had detected threats on my computer. When I tried to sound worried and get some more information he hung up. |
|
0 |
Re: Richard Balwin
Hi Richard,
Thank you for commenting!
Sounds exactly like the one im talking about, so i guess they are not just targeting Sweden.
|
0 |
Re: Re: Richard Balwin
Hi
I live in Norway and got a call this morning. So they are clearly here in Norway too. My gut feeling told me Scam so I hang up Number began with 002, which I gathered that is located somewhere in Africa.
|
2012 Jan 09, 17:33
Hi David, |
|
0 |
Re:
Hi Martijn,
You are correct, there were no attempt of speaking Swedish, the entire phone conversation was in English. Ive done some research now and it seems that these guys have been calling Swedish people since the beginning of summer.
I dont know how the choose the victims, but its very clear that Sweden is on that list.
|
0 |
Re: UK Phone calls
Hi David
Having sent an email regarding this scam to friends and family, it looks like from their replies that this has been going on in the UK since mid september.
Richard
|
2012 Jan 10, 16:22
@Richard I'm pretty certain they've been going on in the UK for much longer. |
|
2012 Jan 12, 20:23
Windows phone scam Hi David, |
|
2012 Jan 13, 15:49
Thank you for your comment. It seems that they are hitting many countries then. I wonder how this is setup, and how many people thats behind this. |
|
1 |
Re: Windows support scam
On the west coast of Canada I have been getting these calls for a few months. I have now settled into a pattern of jollying them along for a few minutes and then discussing personal matters with them. I ask the caller what he (and once she) tells their mother they do for a living. Is their mother proud of them. Do they not feel badly for hurting innocent people. The response varies from denial (with hang-up) to quite foul language ... that I'm sure Microsoft would never approve of.
|
2012 Jan 28, 03:54
did get it too yes as a matter of fact I did get a call like that, me too at first I started asking some simple question and that prompted them to hang up. According to this new report by Australian TV: http://www.whycall.me/info/techsupportscam.php |
|
2012 Feb 02, 18:55
Just received a phonecall Hi, |
|
2012 Apr 22, 04:59
Identifying WHOIS behind: "Windows Critical Scanner"? As an American ex-Pat residing in Sweden, your post caught my eye while surfing the web trying to locate information about those behind "Windows Critical Scanner"! As yet to be picked-up by KASPERSKY. Been working w/techs at: BleepingComputer.com, and finally after 4-days rid my computer of this dangerous Malware, which I inadvertently clicked on, and what followed was a nightmare. |
|
0 |
Re: Identifying WHOIS behind: "Windows Critical Scanner"?
Hey I live in the USA and just had the same issue. I knew they were telling me they were calling from microsoft support and they had found that there were internal internal security problems and they needed to log onto my computer to fix it. When I asked them how they got my number they stated every time someone buys a new computer that is registered the phone number they called me on. I knew this was a lie because when I registered my computer I lived in a different city with a differ number....They were simply full of you know what. This is a scam with out a doubt.
|
2012 Oct 02, 03:52
To Cyber-Viglante I got them to give me a number to see if they were ligt...probably the real microsoft support i did not call it but just in case here is the number they gave we 209-813-2525 perhaps they were too stupid to and gave me a real number that might help you find them. Happy hunting. I hope you catch them and through them in jail. |
|
2012 Dec 14, 21:57
Support scam. Hello David! Edited by Emil Allander, 2012 Dec 14, 22:09 |