// you're reading...

Digital Crime

Microsoft support does not call you – fraud alert!

I still hear frequently about calls people receive from – supposedly – Microsoft support and they have even called our house. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:

  • The caller calls from either the UK or the US and informs the Microsoft customer that there is supposedly a problem with some software on the computer or that they have indications that the customer has had recently some security problems.
  • The caller claims to be from either a Microsoft Partner or a “Windows Service Center”.
  • The caller speaks English but often with an accent.
  • The caller will try to gain remote access to the computer e.g. by asking the customer to go to a – fraudulent – support website and download software or then send something by e-mail.
  • Usually, if the customer is suspicious and starts asking questions, the caller hangs up.
You might guess already – the person calling is neither from a Microsoft Partner nor from a Microsoft Service Center. The trick is old but still widely in use and currently there seems to be an increase in these calls. They go to private numbers as well as business numbers.
I recommend that if you receive such a call that you just hang up and if a notice arrives by e-mail to immediately delete it. The following points may help you determining if you are talking to a real Microsoft representative or not and cover some additional aspects in addition to fraudulent support calls:
  • Microsoft does not send unsolicited e-mail or make unsolicited phone calls to request personal or financial information.
  • Microsoft does not make unsolicited phone calls to help you fix your computer.
  • Communications claiming that you have won the “Microsoft Lottery” are fraudulent because there is no Microsoft Lottery.
  • Microsoft does not request credit card information to validate your copy of Windows, Office etc.
  • Microsoft does not send unsolicited communication about security updates.
I hope that this information helps you in avoiding being a target in one of these scams. If you are no concerned that your computer was actually victim of a security incident you can read my blog post on securing your computer.
Update: I also added some recommendations on what actions I advice if somebody has had access to your computer (in german).

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex