Forget e-mail. Criminals are making old-fashioned phone calls and offering free security scans in order to gain access to people's computers, according to Microsoft.
To run the con, criminals pretend to be PC security experts from legitimate companies. They call their intended victims, warning of a risky security threat and offering to run a free security checkup. If the victims take the bait, the scammers gain access to their PCs and often capture passwords or financial information.
Among the 7,000 PC users that Microsoft polled in the U.S., U.K., Canada, and Ireland, 15 percent on average had received such a phone call.
Of those, 22 percent fell for the con.
In many cases, the criminals were granted remote access to the victim's PC, where they were able to steal certain private information. In other cases, the victims provided credit card details, believing they were paying for legitimate software.
Most of the victims (79 percent) said they were hit by some type of financial loss. Among those, 17 percent reported that they had money taken from their financial accounts, 19 percent said their passwords were stolen, and 17 percent found themselves the victims of identity fraud. More than half said they also ran into computer problems as a result of the scam.
The amount of money stolen per person ranged from $82 up to $1,560, while the cost of fixing the subsequent damage to the PC was $1,730 on average and as high as $4,800.
"The security of software is improving all the time, but at the same time we are seeing cybercriminals increasingly turn to tactics of deception to trick people in order to steal from them," Richard Saunders, director of International Public and Analyst Relations at Microsoft, said today in a statement. "Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money."
Though the scam so far seems limited to the four English-speaking countries covered in the survey, Microsoft believes it's only a matter of time before the criminals expand their horizons to non-English-speaking regions.
To protect yourself from such scams, Microsoft recommends the usual pieces of advice that we've all heard before but are worth repeating.
- Be suspicious of unsolicited calls related to a security problem.
- Never provide credit card details or other information to an unsolicited caller.
- Don't go to a Web site, install software, or follow other instructions from someone who calls unsolicited.
- Take down the caller's information and pass it along to the authorities.
- Keep Windows and your other software up to date, especially antivirus software.
- Use strong passwords and change them regularly.