How does the Microsoft scam work?
A scammer calls you, and asks for you by name. They’ll say they are a computer-security expert from Microsoft, or another legitimate tech company.
They’ll say that your PC, laptop or tablet has been infected with malware (or a computer virus), and that they can help you solve the problem.
The scammer will attempt to confuse you with jargon or ask you to open common Microsoft utilities and services that list what may appear to be problems with your computer.
The scammer may then try any of the following tactics to get you to part with your personal and financial details:
- Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
- Convince you to visit legitimate websites (such as www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
Alternatively, they may claim you are running an unlicensed version of Windows, and you need to pay a licence fee.
Scammers may also offer you software to remove the ‘viruses’ on your machine, for a small charge. In many case this will be security software you can get free from the Microsoft website in the first place.
The worst offenders will seek to convince you that they need access to your machine so they can fix any issues. In reality they will install viruses or malware that will damage your machine and steal your personal details, passwords and data.
How to avoid the Microsoft scam?
Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.
As no legitimate IT security professional is ever going to call you in this way, you should always treat all unsolicited phone calls with skepticism. If you receive an unsolicited call from someone claiming to be from Microsoft Tech Support, it’s best to hang up.
Don’t fall foul of the scammers, the Trading Standards National eCrime team and Microsoft recommend that you:
- never give anyone access to your PC, laptop or tablet, unless you can confirm it’s a legitimate member of the computer support team with whom you are already a customer and have spoken to
- never give anyone access to your personal details or disclose financial information
- never pay a fee for any unsolicited technical help
- don’t purchase any software or services. If there is a fee or subscription associated with the service, you should hang up
- take the person’s information down and report it to your local authority
What if I get scammed?
If you think you’ve been the target of a Microsoft phone scam, immediately change all your passwords and usernames, including any bank and credit card logins.
Use an up-to-date security product to scan your PC. If you downloaded anything, or the scammer did anything to your PC, use ‘system restore’ to roll back the settings to before the scam happened.
Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
Report the incident to the Microsoft tech support scam team, report the unsolicited call to TPS and if you have lost any money report it to Action Fraud and read our guide which may be able to help you to get your money back after a scam.
This page has been produced in conjunction with the Trading Standards National eCrime team, with additional information from Microsoft in summer 2017 following a two-year investigation led by City of London Police and Microsoft.