A couple of days back I got a call from an unknown number with the person claiming to be a Microsoft Support technician. It was a bit confusing as I couldn’t remember having contacted them for some issues about Windows or my Xbox.
Some of the things that the caller mentioned immediately made me suspicious. The call lasted barely two minutes. It made me wonder how many people are called up every day and how many of them fall prey to the phishing scam.
Below is the account of how the call conversation went and some tips about what you can do to avoid being scammed if you are targeted.
My Conversation With the Caller: How it Went
Caller: “Hi! My name is Mike and I am calling on behalf of Microsoft Support. I would like to help you with a problem with your system.”
Mike was an obviously adopted name as the caller had an Indian accent. Being an Indian, I find the notion of the scam caller being Indian extremely irksome. Also, I was immediately curious as to why would Microsoft Support get in touch with me themselves, as I had not raised any support ticket.
Me: “What is this about and why is Microsoft support calling me?”
Upon being questioned, ‘Mike’ asked me to hold and handed the phone over to ‘Chris.’ He had an American accent.
Chris: “We received a crash report from your system and we would like to help you to solve the problem.”
Me: “Why are you calling me for a crash report? Don’t you already have everything you need?”
Chris: “We can help you solve the problem. We can share your license info to confirm our identity. I will tell you how to see the license info, I will read it and you can verify it.”
Error reports and logs are often anonymized and it is unlikely that they contain license info. Still dubious, I dug in deeper.
Me: “How did you get my phone number?”
Chris: “We have an initiative at Microsoft to consolidate user information, that also gives us access to user’s contact details. So, if you can get that license information validated, we can proceed.”
I was not at home, away from my desktop and totally unconvinced. I wanted to read more about all of this and see how this plays out.
Me: “I am not at home now and my Windows machine is a desktop. How about you give me a call tomorrow?”
Chris: “Sure. We will call you tomorrow.”
They never called again.
A quick search on Google revealed that several Windows users get calls like these. I hope not too many of them get scammed into revealing sensitive information or giving the scammers remote access to their system.
Things That You Should Know to Protect Yourself From the Phone Scams
Be curious and ask questions. Don’t just believe whatever someone of the call is telling. Ask questions about anything that you find even slightly dubious. You might just scare off the scam caller.
Know that Microsoft will almost never make unsolicited calls to help you fix your computer. Unless you have raised a support request, they will not get in touch with you. And when they do, expect it to be an email.
I say ‘almost’ above as Microsoft may indeed call you sometimes. Their page about avoiding phone scams states this –
There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.
When in doubt, contact Microsoft Support. They are very responsive, at least on Twitter.
@ShishirKinkar Here at Microsoft, we only engage with our customers if they contacted us. If you need further assistance, tweet us back.
— Microsoft Support (@MicrosoftHelps) July 27, 2016
— Microsoft Support (@MicrosoftHelps) July 27, 2016
@MicrosoftHelps Awesome! They are going to call me again. That should be fun. 🙂 Thanks for all the help!
— Shishir Kinkar (@ShishirKinkar) July 27, 2016
The callers try to establish their identity by using supposed product keys, which can be the SLP keys used in mass manufactured devices.
SLPs or System Locked Pre-Installation keys are product keys that do not need to be activated. They are used by OEMs for pre-activating the Windows on your systems and so you don’t have to enter a key or activate the OS when you buy a new system.
There are two types of SLP keys:
- OEM SLP keys: Used by OEMs to install pre-activated Windows on mass-produced systems. They are meant to work only with the Manufacturer’s hardware, so they are unique for the manufacturers.
- COA SLP key: This is the key seen on the Certificate of Authority (COA) sticker on your system. Since your Windows OS is going to be mostly pre-activated, you might not need to use the COA key. In case the OEM SLP key fails to activate the OS for some reason, you can use the COA SLP key. You might need to explicitly get it activated first, though.
FoolishIT has a nice article with more information about SLP keys if you are interested.
The information provided to you on call as product key might actually be CLSID
I did not get a chance to reach a stage where I could see what information the caller tries to pass off a license key, but it seems like a value for CLSID is often used in these calls and they try to call it a product key.
CLSID is Class Identifier value that is stored in Windows registry. Simplest way to see it is to run ‘ASSOC’ on the command line. This value is not at all unique and can be same on multiple systems – your and others.
The people over at WeLiveSecurity explain more about CLSID and how it can be used in scams.
If you want the short version, here’s how it works:
They run you through a few steps to get your CLSID, which is common on Windows systems. They then read it out and since the information matches, you are more likely to proceed with the next steps, where they’d like to get remote access to your system.
Things That you Shouldn’t do on Such Calls
- Don’t ever buy or download any software
- Don’t enter or reveal your credit card information anywhere
- Never, ever, give remote access to your system – directly or via tools like Ammyy Admin, Team Viewer or LogMeIn. If they get into your system, you may end up with serious problems.
The Microsoft page I mentioned above also talks about how to avoid these scam calls.
It’s an Ongoing Battle
It seems like variations of this phone scam have been active since years, and it is sad that they not only continue today, unsuspecting users continue to be scammed. A personal experience made me very aware as to how they work.
Hopefully, this article can make a few more people aware before the scammers take a shot at them. Do share it with your friend and family, and keep them from being a target.
If you have any more tips to detect and avoid a phone scam, share with us in the comments!
Further Reading: Prevent Phishing With These Three Easy to Remember Tips