// archives

Phishing

This tag is associated with 2 posts

Microsoft support does not call you – fraud alert!

I still hear frequently about calls people receive from – supposedly – Microsoft support and they have even called our house. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:

  • The caller calls from either the UK or the US and informs the Microsoft customer that there is supposedly a problem with some software on the computer or that they have indications that the customer has had recently some security problems.
  • The caller claims to be from either a Microsoft Partner or a “Windows Service Center”.
  • The caller speaks English but often with an accent.
  • The caller will try to gain remote access to the computer e.g. by asking the customer to go to a – fraudulent – support website and download software or then send something by e-mail.
  • Usually, if the customer is suspicious and starts asking questions, the caller hangs up.
You might guess already – the person calling is neither from a Microsoft Partner nor from a Microsoft Service Center. The trick is old but still widely in use and currently there seems to be an increase in these calls. They go to private numbers as well as business numbers.
I recommend that if you receive such a call that you just hang up and if a notice arrives by e-mail to immediately delete it. The following points may help you determining if you are talking to a real Microsoft representative or not and cover some additional aspects in addition to fraudulent support calls:
  • Microsoft does not send unsolicited e-mail or make unsolicited phone calls to request personal or financial information.
  • Microsoft does not make unsolicited phone calls to help you fix your computer.
  • Communications claiming that you have won the “Microsoft Lottery” are fraudulent because there is no Microsoft Lottery.
  • Microsoft does not request credit card information to validate your copy of Windows, Office etc.
  • Microsoft does not send unsolicited communication about security updates.
I hope that this information helps you in avoiding being a target in one of these scams. If you are no concerned that your computer was actually victim of a security incident you can read my blog post on securing your computer.
Update: I also added some recommendations on what actions I advice if somebody has had access to your computer (in german).

Fighting malicious software – congratulations SWITCH


SWITCH
, the internet registrar for the .ch and the .li domain and also a service provider for Swiss universities and a CERT, has been blocking Swiss websites if they are spreading malicious software and infecting computers of the internet users accessing them. They released today a statistic, that they have been cleaning more than 700 websites since the end of November 2010. This comes to an average of about 150 websites per month although, as they started the process slowly, the average might not be representing the actual work completely.

I am happy to hear about this success of SWITCH making internet users safer by disabling malware disseminating sites. If one takes the relative small numbers of .ch and .li domains and looks at how many domains exist worldwide the amount of infected sites is hard to grasp. The process itself is pretty straightforward. Once an infected site is known the holder of the manipulated website is contacted. SWITCH describes the process as follow “After receiving notification, holders and operators have one working day to clean up the website. If this deadline elapses without a cleanup, SWITCH temporarily blocks the domain in question to protect visitors to the website and informs the Reporting and Analysis Centre for Information Assurance – MELANI. As soon as the problem has been solved, SWITCH reactivates the domain. Combating malware in this way is proving to be effective: in 680 cases, the holders and operators reacted and cleaned up the website within one working day. On 55 occasions, a website was blocked before being cleaned. In 68 cases, it proved impossible to find a definitive solution, because the blocking period permitted by law had expired.”

While the process is clearly not perfect it is definitely a first step and it could be a model for other registrars to adapt. It needs a legal basis and a close cooperation with the government. Maybe this goes in the direction of the need of an internet governance I described earlier? Whatever could be improved – for today it is “congratulations SWITCH”!

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex