Treat Unknown Callers As You Would Strangers in the Street
Filed under: Buyer Beware, Fraud, Identity Theft, Technology
If someone tells you in an e-mail they're from the Microsoft Corporation and you need to click here or there to install a new and important security update, report it to Microsoft. Don't do anything else.If someone calls you to tell you they're from Microsoft Corporation (or, as happened in several recent cases, from Windows Operating System Corporation), and says your computer has been sending out signals of distress lately and they need to access it remotely to fix it, stop them right there. Try to find out whence they are calling you, inform the National Do-Not-Call List, and, if you so desire, the Microsoft Corporation itself, but don't tell the callers anything (or tell them that you don't understand because you've never had a computer and don't plan to acquire one, either).
How to find out who the callers are? Instead of a phone number, your caller identification window shows nothing but zeroes or dashes. Now what? Engage them in an interested conversation, after a minute or two say you need to think it over, and could you call them back? In a real-life situation, the caller was happy enough that a would-be victim had fallen for it, he mentioned the number, claiming he was calling from London, England.
Ruse? Absolutely. Justified? Absolutely.
Anyhow, remember that you should be, first of all, using only genuine Microsoft software (if you are using a PC that runs on Windows, that is), and to update it, you should be updating your operating system through the Windows Update, an application that is part and parcel of your legitimate operating system. Definitely do not click a link in an unsolicited e-mail.
The message you get from someone who pretends to be from Microsoft goes so far as to say you haven't got the proper "Anti-spoofing update KB971033" installed. It instructs you to click a link in the e-mail to install this "security update" along with a fix for another exploit. The gall: there's also background information about using Windows Update and protecting oneself from crimeware and identity theft included in the message.
As Microsoft says, the e-mail link will take you to a fake site that will trick you into downloading "crimeware," exposing your personal information for the use of online criminals in the process.
The e-mail you would be getting is well informed and smart. Its warnings are nested within legitimate banking security information and a legitimate Windows Update site. Not only that: the KB971033 description is a legitimate Microsoft update designation.
Smart or what?
As a Microsoft spokesperson said, in an e-mail conversation about this issue, "Treat callers as you would treat strangers in the street - do not disclose personal or sensitive information to anyone you do not know."
Besides, the spokesperson added, "Microsoft will never ask users to install a security update by clicking a link or opening an attachment in an unsolicited e-mail. Microsoft does not check your computer for errors or security issues and will never e-mail or call you unsolicited about computer problems."
More information:
Liked this article? Don't miss another one. Follow us on Twitter or Facebook.
RSS Feed
Contact Us
