What to do if you’ve had a fake Microsoft support call

What is a fake support call?

This is when you receive a call from someone who says they are from Microsoft Helpdesk, telling you that they have discovered a problem with your PC. They ask you if you are near your machine, and ask you to log in. They then use a ‘let me in’ type of link which allows them to take control of your machine.

They can then either put some malicious software on your machine – which could provide them with information about bank passwords etc. Alternatively, they can tell you that you have a major problem, and will try to fix it for you, often by selling you some form of ‘anti-virus’ software, usually at an extortionate price. Or worse, a combination of both.

First steps

First things first, think: ‘How would they ever be able to know your telephone number from your internet address?’ – Hint: they can’t!

Your response should be to: Hang up! It’s a scam!

However, if you have already allowed access or responded, you may have already downloaded malicious software onto your system. In this case:

  • Change your computer’s password
  • Change the password on your main e-mail account
  • Change the password for any financial accounts, especially your bank and credit card
  • Use a malware scanner such as Microsoft Safety Scanner, F-secure, AVG, Kaspersky, Eset, Trend Micro or Bitdefender to find out if you have malware installed on your computer

Advice from Microsoft

If you are using an old version of Windows (8, 7, Vista, XP or older), install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)

Note: In Windows 8, Windows Defender replaces Microsoft Security Essentials. Windows Defender runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn’t working properly or you clicked a suspicious link online or in an e-mail message.

Who to contact

Report to Action Fraud.

Follow up action

Make sure you make anyone you know who may be susceptible to this kind of attack aware of this scam and train your staff not to respond.