Microsoft Telephone Support Scam.
A trend of the past couple of years has been for the scammers to contact computer owners directly via telephone in the UK, in an effort to convince them that there is a problem with their PC and you need to pay to have it fixed.
In general, these people cannot fix anything, and instead they merely charge exorbitant fees for absolutely nothing. In other words, they scam you.
We have been notified of 3 clients this week alone who have been contacted by the scammers. One client unfortunately had this syskey installed. It very nearly cost them all of their data.
The call generally goes something like this:
- A caller with a thick accent identifies himself as a member of Microsoft Support or similar.
- He informs you that you have a number of critical problems with your PC and that you will need to have it fixed.
- To convince you, he offers to connect remotely and pulls up your Event Log He then filters for Warnings, Errors, and Critical events and uses that as evidence that your PC will soon fail to work correctly if you do not pay him to correct it.
The astute among you have probably already sensed that something here is seriously wrong, and it’s not your PC. It’s the fact that someone is calling you to tell you there is a problem with your computer.
No one will ever do that. The only way they could possibly know there is a problem is by hacking or guessing.
In this case, it’s mere guesswork, and it’s not even correct most of the time. The Event Log is supposed to log warnings and errors, and even on the healthiest of PCs there are plenty of Error Events that can be safely ignored, as they often don’t amount to anything. The important thing to remember is to never trust someone who calls you about a problem with your PC, and never, EVER let them connect remotely to your PC.
Our advice here. Simply put the phone down!. Do not let anyone who is not your IT professional to have remote access to your computer!
If you do make the mistake of letting them connect, but then you happen to get cold feet and refuse to pay the £199+ they request via credit card, the next thing that happens isn’t pretty. This scammer proceeded to actually follow through on his promise of the PC “not working” if they don’t agree to have him fix it, and so in a few quick steps, behind the user’s back, he enacted what is known as SysKey encryption on the SAM registry hive.
SysKey encryption is a little-known feature of Windows which allows administrators to lock out access to the Security Accounts Manager (SAM) registry hive so that login specifics cannot be stolen and the PC cannot be accessed without knowing the proper credentials. The problem is, unlike other scams, there is no way around the problem; you can’t simply remove the password, as the actual SAM hive has been encrypted entirely by the process. If your Windows installation has had SysKey activated, you’ll see the following message:
This computer is configured to require a password in order to start up. Please enter the Startup Password below.
The window which appears looks like this:
If you ever see a message such as this on your computer screen, STOP what you are doing. DO NOT turn your computer off (where possible), and contact a IT professional for urgent assistance.
If you think you have been caught by the Microsoft Telephone Call scam, then contact us, below, to see what damage may have been caused to your machine by the scammers. We can repair any damage caused.