York University Information Technology (UIT) Information Security Office has received reports that false Microsoft support phone calls (currently a large, global scam) have recently targeted some members of the York community.
Scammers, pretending to be from “Microsoft Support,” try to fool people into believing that something is wrong with their computers and ask for remote access. They might offer to help solve your computer problems, sell you a software license or ask for your York login credentials. Once they have access to your computer, they can do the following:
- trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software;
- convince you to visit websites to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable;
- request credit card information so they can bill you for phony services;
- direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
If you receive such a call, hang up and inform UIT immediately.
Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.
Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable.
Do not trust unsolicited calls. Do not provide any personal information.
Here are some of the organizations that cyber criminals claim to be from:
- Windows Helpdesk,
- Windows Service Center,
- Microsoft Tech Support,
- Microsoft Support,
- Windows Technical Department Support Group,
- Microsoft Research and Development Team (Microsoft R & D Team).
How to protect yourself from telephone tech support scams
If someone claiming to be from Microsoft tech support calls you:
- Do not purchase any software or services.
- Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- Take the caller’s information down and immediately report it to your local authorities.
- Never provide your credit card or financial information to someone claiming to be from “Microsoft Tech Support.”
What to do if you already gave information to a tech support person
If you think that you might have downloaded malware from a phone tech support scam website or allowed a cyber criminal to access your computer, take these steps:
- Change your computer’s password, change the password on your main email account and change the password for any financial accounts, especially your bank and credit card.
- Scan your computer to find out if you have malware installed on your computer
- Contact your local IT support or the UIT Helpdesk at ext. 55800 or by email email@example.com.
For more information, visit: