Security Awareness Tip – August 2016: Beware of Microsoft Phone Scams
Scammers can be very creative and tricky. One ongoing social engineering attack is from scammers who claim to be from Microsoft. Victims will receive a telephone call, or a popup message can appear on your computer to contact Microsoft at a number listed in the popup. If you call that number, it will be answered as “Microsoft Technical Support” or something similar. The intent is to appear as an actual part of the real Microsoft Corporation. The “fake” Microsoft employee will then state that the computer has been infected with a virus, for example, and offer to assist in fixing your computer.
Victims may be talked through steps in order for the scammers to gain remote access to your computer to access personal files and information. In some instances programs are also installed that allow the scammers to have unlimited access to the computer without the victim’s knowledge.
Below are some tips to protect yourself or if you have been infected:
• Microsoft will NOT make unsolicited calls offering to fix your computer.
• Don’t give control of your computer to a third party who calls you out of the blue.
• Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re
not even in the same country as you.
• Use caution with online search results when searching for technical support or get a company’s contact information. Scammers sometimes place online ads to convince you to call them. If possible, get a reference from someone you know and trust. Otherwise visit a known company’s site directly to get accurate contact information.
• Never provide your credit card or financial information to someone who calls and claims to be from tech support.
• Don’t buy any computer security product or a subscription fee associated with the call.
• Never give your password on the phone. No legitimate organization will request your password.
• Be aware if you get a random popup message with a phone number, it can be a false number.
• If a University of Miami computer has been infected or suspicious programs installed, report it to Information Technology by calling 305-243-5999.
• Change any passwords that you gave out. If you use these passwords for other accounts, change those account passwords too. You should NOT use the same password for different accounts.
• If you paid for bogus services with a credit card, call your credit card provider and ask to reverse the charges. Check your statements frequently for any other charges you didn’t make, and ask to reverse those, too. Your credit card provider may need to take steps for you to receive a new credit card.
• If you believe that someone may have accessed your personal or financial information, visit the FTC’s identity theft website. You can minimize your risk of further damage and repair any problems already in place.
If you have any questions, please don’t hesitate to contact the Office of HIPAA Privacy & Security at 305-243-5000.