At Microsoft, we frequently get contacted by users with questions similar to this one.
I received a call from someone who claimed that my computer had been identified by Microsoft as vulnerable. I thought it sounded fake, and I told them that I had no way to know if they were who they said they were. Then they said they could prove that they were from Microsoft if I would go to a website called microsofttechsupport.net. Is this call a scam?
Yes, this is a scam. This is not a legitimate call from Microsoft. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) about your computer security or software fixes.
If you receive a call like this one, it’s a scam, and all you need to do is hang up.
Cybercriminals often use publicly available information, including information they might have gathered from social networks, so they might know your name and other personal information when they call you. They might even know what operating system you’re using. It’s still a scam.
Don’t let scammers encourage you to install dangerous software
Once cybercriminals gain your trust, they may ask you to take steps to allow their technician remote access to your PC – do not do it. They might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are compromised.
Do not trust unsolicited calls. Do not provide or verify any personal information.
Although law enforcement can trace phone numbers, just like those pesky marketing calls, perpetrators often use advanced software to provide false caller ID information to disguise and hide their location and identity. Perpetrators also may use pay phones, disposable cellular phones, or stolen cellular phone numbers. It’s better to avoid being conned rather than try to repair the damage afterwards.
I think I might have already fallen for this scam
If you think you might be a victim of fraud, take these steps to minimize any damage and protect your identity.
- Change the passwords or PINs on all your online accounts that you think might be compromised. Do this from a different computer that you are sure is safe.
- Place a freeze on your credit reports. Check with your bank or financial advisor if you’re not sure how to do this.
- Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
- If you know of any accounts that were accessed or opened fraudulently, contact the fraud departments for those institutions.
- Routinely review your financial and credit statements monthly for unexplained charges or inquiries that you didn’t initiate.
- If you let someone have remote access to your computer or ran a program, you should take it offline and get it examined by a local computer shop to ensure any malware or backdoors are detected and removed. This could involve wiping and re-installing.