Phone fraud: Scammer uses Microsoft’s name to install malware

Phone fraud has been around for a long time. Nowadays, however, this tactic is also being used to infect your PC with malware. Unknown callers pretend to be employees of an established company and ask for remote access to solve a PC problem. The fraudsters preferably pose as technical support agents for Microsoft, but also for other well-known companies such as Google. This scam works particularly well with inexperienced users. The worst part is that security software is simply disabled via remote access, which is why information and common sense are all that is needed to offer real protection from such scams.

A weird call from Microsoft turns out as phone fraud

Nicolai H. was quite surprised when he received a call from a withheld number at 3.30 pm. The male caller introduced himself as Mr. Mueller, a support agent with Microsoft. He said that he had noticed that Nicolai H.’s PC was spreading viruses. He then offered free help that the supposed victim was happy to accept. He asked Mr. H. to simply install software to provide remote access so he could remove any malware.

Once Mr. H. gave up his ID and password, his screen went black. And it remained black for a long time, until he received another call telling him that his PC was now clean and could be restarted. Once restarted, there was a nasty surprise for Nicolai H., though: A number of unwanted programs had been installed, and his PC was not working the way it should.

Any browser extensions installed by third parties make normal surfing impossible.

This case isn’t a work of mere fiction, but actually happened just like this, a number of days ago. As he is an Emsisoft customer, Nicolai H. appealed to the experts in Emsisoft’s support forum. The real malware hunters were quite surprised to find a number of programs installed on the PC. Apart from a highly modified Firefox and different help tools, there was ransomware
as well as a rootkit on the computer.

What’s in it for the phone fraudsters?

The fraudsters earn money from the installed software, in more ways than one. Installed programs are often remunerated with a commission. The same thing applies to the highly affected browser that generates revenue from opening different websites. Every computer that is taken over is thus money in itself. The rootkit and other malware enable the fraudster to keep your PC under their control. Nicolai H. was lucky: Using several steps, the malicious software was able to be detected and removed thanks to the detailed instructions given by Emsisoft’s employees.

Affiliate commissions tempt fraudsters to install the weirdest programs.

Unfortunately, this kind of phone fraud is currently on the rise. What is surprising is that the alleged company employees sound very professional and friendly. Security software is unfortunately of no use, as anti-malware software can simply be disabled or uninstalled via remote access. The results of these scams are not always as clearly visible as in our example. Sometimes the installed malware isn’t obvious and the infection may remain undiscovered for a long time. In Mr. H.’s case, the attack was fortunately very obvious as he was barely able to use his PC and new windows kept popping up all over the place.

How to protect yourself against Microsoft phone scam

The risk is very high with rootkits, Trojans and especially financial malware in particular, as these types of malware infections can allow ongoing unrestricted access to your PC and thus your personal data and online banking. A few simple rules, however, offer efficient protection:

  • When asked for remote access to your PC from an unexpected caller, you can be quite sure that this is a fraud attempt. Never grant an unknown person access to your PC!
  • Ask how the caller got your number. Your PC’s IP address or ID is usually not linked to a phone number. You are likely to have been called totally randomly.
  • If you are not sure, look online for the alleged company’s hotline number and call in yourself.

If your PC is behaving strangely – don’t panic! We also offer help with removing viruses to people who are not our customers. Simply contact us via Emsisoft’s support forum.


Have a nice (malware-free) day!

Your Emsisoft Team