Write the following on the blackboard of your life, right underneath “There’s no such thing as a free lunch”:
Neither Microsoft nor Apple will ever phone you to fix your computer–at least not unless you have phoned them first.
Today, one of my senior clients got a call “from Microsoft.” Since she had been having problems with her DSL recently, she made the mistake of believing the caller. She complied with all his instructions and let him log into her Windows machine remotely, whereupon he showed her several screensful of “critical problems” that he said he would fix right away… as soon as she paid him $400 for the work.
“I don’t have that kind of money to throw around. You never said anything about a charge when you called me, and I’m not paying you anything.”
“You’d better pay me now, because if you hang up on me, you can’t call me back, I won’t call you back, and if I don’t get paid, you’ll never use Windows on your computer again.”
Refusing to be extorted, she hung up on him anyway, and then phoned me to see if there was anything I could do about her situation. When I showed up, I tried booting her system in Safe Mode, whereupon I was met with the demand, “This computer is configured to require a password in order to start up.” She had been victimized by a “ransomware” scammer.
A little time spent with a search engine revealed that my client had been saddled with a “SysKey password.” Establishing such a password encrypts a Windows data area called the”SAM registry hive,” so simply removing the password by force won’t fix this situation, and could result in the destruction of any number of other files. The same search showed many instances of other scammed users being victimized by this same exact trick.
I had to take the machine down to the shop, safestore the user files for insurance, then reset to a restore point from about a week ago. The backup process took longer than I would have liked, but my client was back to happily using her machine quicker than our scam caller could give his mother her next STD.
Unfortunately, these scams are on the rise. This is the second senior in my (admittedly small-town) client base who has been hit with a similar scam in the past quarter. The other was called by the fraudsters at Kavish, and had paid them $149, which (at my urging) she recovered by disputing the charge with her credit card company.
The lesson here is not to trust unknown callers who phone you with official-sounding requests, whether they say they are calling from Microsoft, your bank, a store, a law enforcement agency, or anywhere else. If you didn’t initiate the call and you don’t personally know the caller, treat him just as you would treat Peggy from Siberia: tell him nothing, and allow him no access to your stuff.
If you’ve called Microsoft, or Apple, or any other company for technical service, they will give you a ticket number. Write it down. When you receive a genuine return call, the caller will have that ticket number. If they don’t, hang up, and call the main number back.