Yesterday, in the midst of a rather harrowing day and while I was cutting up veggies for dinner, the phone rang.
“Hello, I am calling from Windows support. We have determined your computer has been infected and we are here to help you. Are you at your computer? If not, go to your computer now,” said a male voice with a heavy Indian (as in India in Asia) accent.
At once alarmed and wondering at the same time how on earth Windows:
- somehow knew I have Windows7 on my laptop; and
- also knew that I’ve been having some “issues” with the laptop (who doesn’t have “issues” with their computers?)
I quickly wiped my hands on a kitchen towel and dashed to open my laptop.
I asked for the name of male heavily-accented Indian voice. He said his name is “Max Watson,” which is so obviously NOT his name, it was laughable.
Anyway, “Max Watson” said he’ll show me what’s infecting my computer. I followed his instructions and pressed the “Windows” and “R” keys together to get to the Windows Run dialog box. I then typed “eventvwr” in the bar, which then opened the Window’s Event Viewer:
Next, “Max Watson” told me to click “OK,” then “Custom Views,” then “Administrative Events,” which brought me to an alarming sight. Below is a screenshot I took of my laptop’s “Event Viewer,” on which I’ve painted three red circles:
- The biggest red circle surrounds “Administrative Events”
- The medium-sized red circle surrounds “Number of events”: Yikes! My ‘puter has had 10,608 “events”!!!!
- The smallest red circle surrounds the first two of those 10,608 “events” and both carried the ! Error message. Yikes!!!!
“Max Watson” (MW) said in order for him to remove the malware that some hacker had snuck into my computer, he would have to gain remote access of my laptop. That means he would be able to see everything I have on my computer, including what’s on my desktop and stored in my hard-drive. Everything.
At that, all the alarm bells in my head rang off.
I said to MW: “How can there be 10,608 viruses in my computer when I recently ran virus scans, using THREE software: McAfee, Malwarebytes, and Advanced System Protector?” Then I asked MW: “But how do I know you really are from Windows Technical Support?”
MW first prattled on about how he really is from Windows and I must trust him and that he just wanted to help me. Blah, blah, blah.
I was undeterred and repeated my question.
So MW gave me a phone number to call to verify he’s really “Max Watson” from Windows Support: (866) 539-8674. MW even gave me his employee ID number 5065!
I said: “But how do I know the 866 number you give me actually is a Windows number?”
MW gave me the same spiel about needing to trust him, etc. etc.
So I called the 866 number. Another male heavily-accented Indian voice answered, who immediately knew who I was — that I was the person who had been speaking to “Max Watson”. Curiously, throughout my conversation with “Max Watson,” he never once referred to me by my name.
I asked second male Indian voice for his name. He replied: “David Watson.”
I said: “You have the same last name as Max Watson! Are you related?”
“David Watson” (DW) said, sounding irritated: “No, we are not.”
I said: “I find it hard to believe that it just so happens that I’m dealing with two Windows Support technicians whose last names are the same!”
DW, sounding more irritated: “It’s a coincidence.”
I said: “You don’t seem to understand the problem I’m having: I didn’t call Windows; you guys called me. And you’re asking to gain remote access to my computer. How do I know that this 866 phone number is legit? If I go online to look up the phone number for Windows Support, will I get this 866 number?”
DW, sounding even more irritated: “No, you won’t, because we are a special high-level Windows tech support team.”
Then DW became angry and started threatening me — that if I don’t let him help me, those nasty “hackers” who’d already “hacked” into my computer will gain access to everything, including my identity, and will do nasty criminal things by stealing my identity . . . .
I told DW I don’t appreciate him threatening me and asked to speak to DW’s supervisor.
While I was waiting, I scrolled down the 10,608 “events” on my Windows “Event Viewer” and discovered – SURPRISE! — that the 10,608 “events” go all the way back to the first “event” on 9/3/2009 when I first purchased my laptop.
So if those alarming “! Error” events indicate some hacker had recently hacked into my laptop, how come those events date back FOUR YEARS?
I also conducted a quick Internet search for “Windows7 cold call” and guess what I found! — an NBC News Technology article by Frank Catalano, ”‘We’re with Windows’: The anatomy of a cold-calling scam,” which described everything that I had just experienced with “Max Watson” and “David Watson.”
When a third male less-heavily-accented Indian voice came on the line, identifying himself as “Peter,” this is what I told “Peter”:
“I want you to stop calling me. I know all about your scam and will be reporting you to the authorities.”
Then I hung up.
After Catalano’s encounter with the fake Windows Tech Support scammers, he contacted Windows and this is what Windows told him:
“In 2010, Microsoft began receiving reports of scammers making phone calls or sending emails to people,” replied a spokesperson for Microsoft’s Digital Crimes Unit. The goal was often to trick people into buying support services, downloading fake security software or allowing remote access to their PC for likely un-nice purposes. Microsoft has referred the cases to the Federal Trade Commission, which had its own investigation underway and presumably still does.
And yes, it’s no coincidence I’m getting a lot of these calls. A lot of people are. [...] we have seen an increase in cybercrimes that use deception and social engineering to exploit people.”
See also what happened to a guy with too much hubris and allowed the fake Windows Support people gain remote access of his computer: “Phone scammers call the wrong guy, get mad and trash PC“.
To find out what those seemingly-alarming “events” on Windows “Event Viewer” are, go here.
Please send this post to everyone on your email list, post a link on Facebook, Twitter, etc.
~Eowyn
