IT support scam hits millions of users

Posted by Emma Woollacott

An astonishing one in seven computer users may have received phone calls from scammers posing as support engineers, Microsoft is warning.

The criminals call people at home to tell them they are at risk of a computer security threat and offering free security checks. They claim to represent legitimate companies, and use telephone directories to refer to their victims by name.

Once they've tricked their victims into believing they have a problem and that the caller can help, they ask for credit card details to pay for an anti-virus service.

"I got a call from someone saying they were a Microsoft engineer, they'd detected a virus on my machine, and asking if anyone other than me had been using my PC," says one user.

"As it happened, my granddaughter had been playing on it earlier, so the story was quite believable. Luckily, I was busy, so when they asked for my credit card details, I asked them to phone back later, and by the time they did, I'd got suspicious."

But many users aren't so fortunate.

Microsoft surveyed 7,000 computer users in the UK, Ireland, US and Canada, and found that across all four countries, 15 percent of people had received a similar call. In Ireland, this rose to 26 percent.

And of those who received a call, 22 percent - three percent of the total survey sample - were fooled into following the scammers' instructions. In some cases, this meant giving the scammer remote access to their computer and downloading software code provided by the criminals; in others, users provided credit card information for a purchase.

"It's a clever piece of social engineering by the scammers - you believe that they're doing you a favour, so your natural inclination is to trust them as they appear to be helping you," says Graham Cluley of security firm Sophos.

Over three quarters of the people caught out by the scam suffered some sort of financial loss. Seventeen percent said they had money taken from their accounts, 19 percent reported compromised passwords and 17 percent were victims of identity fraud. More than half  said they suffered subsequent computer problems.

Across all four countries, the average amount of money stolen was $875, ranging from $82 in Ireland up to $1,560 in Canada. The average cost of repairing the damage caused to computers by the scammers was $1,730 — rising to $4,800 in the US.

"The security of software is improving all the time, but at the same time we are seeing cybercriminals increasingly turn to tactics of deception to trick people in order to steal from them," says Richard Saunders, director of international public and analyst relations at Microsoft.

"Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money."

Right now, it looks as if the scammers are only targeting countries where the main language is English. However, says Saunders, it's only a question of time before the scammers expand their operation.