[SOLVED] MSN Certified Engineer Unsolicited Telephone Call

robbo462003 · Jun 27, 2014

:huh: Hi I had a telephone call this morning from (india I think) claiming to be a Microsoft Certified Engineer. He said I had a problem on my computer as it was incorrectly connected to the server and many MSN programmes were not running. He asked me to open msconfig which I did and then was able to point to stopped programmes. He called up Event viewer and showed me there were over a thousand event warnings. He claimed I had caused these by not running the Malwarebytes compatability with Windows XP (service pack 2) He asked if I wanted to have him fix the issues there and then for a one time fee. I declined thinking this was a scam. Your views would be helpful

Neil

Patrick · Jun 27, 2014

Hi Neil,

This is a very long time and well-known scam. Microsoft will not under any circumstances call you first to notify you of infections, errors, etc.

Avoid Phone Scams | Cybercriminal Tech Support Scam | Security Threats

Regards,

Patrick

robbo462003 · Jun 27, 2014

Thanks for your quick reply Patrick. I am puzzled how he was able to get my land line number and take control of my PC. What would you advise to prevent unauthorised access??

Patrick · Jun 27, 2014

The only way he could have taken control of your PC is if you let him with a remote access software. Did you?

Regards,

Patrick

robbo462003 · Jun 27, 2014

Patrick said:
The only way he could have taken control of your PC is if you let him with a remote access software. Did you?

Regards,

Patrick

Hi Patrick I did not let him have access or install remote access software all I did was open msconfig When I did that he directed the curser. Opening tabs and event viewer.

Neil

Patrick · Jun 27, 2014

If he genuinely took control of the system and you didn't install any remote access software, tools, etc, advised by him, your system is likely infected and I would start by going here - Security Arena - Sysnative Forums

Regards,

Patrick

Go The Power · Jun 27, 2014

That's good you didn't let them into your computer.

They have been running this scam for a while now, they often get users to open up the event log to show all the "errors" and "warnings" it produces, these reports most the time fine but if you don't know how the event viewer works or understand the entries it will look like your computer has a lot of issues.

An interesting article I read on ABC was that in 2012 scams cost Australia 93 billion.
Scams cost Australians $93 million in 2012: ACCC - ABC News (Australian Broadcasting Corporation)

Digerati · Jun 28, 2014

I declined thinking this was a scam.

Smart move but as Patrick noted, if he was able to control your mouse cursor, remote control malware was already on your system. Since the user is ALWAYS the weakest link in security, this infestation likely happened because (1) Windows was not kept current, (2) anti-malware software was not used and/or kept current, (3) a firewall was not used and/or (4) the user clicked (or failed to unclick

) on some unsolicited option - typically through a "socially engineered" offer designed to trick users to "fall for" the offer and click on a button, link, download, or unsolicited attachment.

I agree you need to have one of Sysnative's Malware Removal experts have a look to make sure you are clean.

BTW - this scam goes on the assumption every household in the world has a Windows based computer in the house. So these fake MS Engineers can simply pick a name and number out of the phone book and with 1.4 billion plus Windows machines out there today, there is a good chance they will pick a number that does indeed have a Windows computer in the house - thus fooling the user to thinking they really can see your computer.

What information did you provide? Did he ask for your IP address?

He asked me to open msconfig which I did

How?

robbo462003 · Jun 28, 2014

Hi Digerati
I am unable to understand how this scammer was able to control the curser and open event viewer and control panel. My system is updated every patch Tuesday Firewall is always on and I scan with Malwarebytes everyday. My land line number is ex-directory but he managed to find me and asked for me by my full name. I am very suspicious about offers and don't take the bait from social media sites or any web sites. Preferring to stick with well known trusted companies. I have again today ran Malwarebytes Kaspersky R Kill and MSE security essentials with no issues. Only Kaspersky highlighted issues with Autoruns file see attachment. I am worried this maybe the vulnerability ?

Go The Power · Jun 28, 2014

Hi Robbo,

First of all I am sorry I misunderstood what you first wrote. If they actually had control of your system then that is a concern. I have seen your R-kill thread over in the security forum with Corrine, i would recommend that you explain to Corrine that the scammer had control of your computer, Corrine is an expert in malware removal and will know what to do from here.

Also in the meantime be very careful using your computer while it is connected tome internet, if it was me personally I would not have it connected to the internet until it is declared clean by Corrine. But if you do have to use this computer make sure you are not going to any bank sites or accessing personal/confidential information.

Digerati · Jun 29, 2014

I agree to not make changes until Corrine clears your system.

You said he found you, then asked you for your full name. So he did not know it when he called? That again simply suggests to me he simply dialed a number from the phone book or some other list, assuming you had a Windows computer.

Hi Digerati
I am unable to understand how this scammer was able to control the curser and open event viewer and control panel.

Are you the only user of this computer? And in reading your opening post again, are you saying you are still using XP SP2? If so, then you may very well have been compromised.

How do you connect to your network? If wirelessly, is your network secure with a strong passphrase and the highest security protocols?

robbo462003 · Jun 29, 2014

Hi Digerati
No the scammer asked to speak to me he Knew my full name !I am the only user of this machine running Win 7 professional SP 1 via a LAN to a UK national ISP.The comment about Win xp sp2 was the scammers. He said I had failed to ensure Malwarebytes was in compatible mode for Win xp SP2. This he claimed was causing excessive event viewer error logs.

Digerati · Jun 29, 2014

I am the only user of this machine running Win 7 professional SP 1

Good. You say you connect via a LAN - do you mean by Ethernet? If so, then no worries about the wireless side being hacked.

Do note your personal information could have been obtained by a badguy hacking one of your less "security aware" contact's computers.

jcgriff2 · Jun 30, 2014

It is a scam.

Microsoft would never call you about system problems.

Search

Search

[SOLVED] MSN Certified Engineer Unsolicited Telephone Call

robbo462003

Well-known member

Patrick

Sysnative Staff

robbo462003

Well-known member

Patrick

Sysnative Staff

robbo462003

Well-known member

Patrick

Sysnative Staff

Go The Power

Senior Administrator, Windows Update Expert, Contributor

Digerati

Moderator
Hardware Expert
Microsoft MVP (Ret.)

robbo462003

Well-known member

Attachments

Go The Power

Senior Administrator, Windows Update Expert, Contributor

Digerati

Moderator
Hardware Expert
Microsoft MVP (Ret.)

robbo462003

Well-known member

Digerati

Moderator
Hardware Expert
Microsoft MVP (Ret.)

jcgriff2

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED

[SOLVED] MSN Certified Engineer Unsolicited Telephone Call

Well-known member

Sysnative Staff

Well-known member

Sysnative Staff

Well-known member

Sysnative Staff

Senior Administrator, Windows Update Expert, Contributor

ModeratorHardware ExpertMicrosoft MVP (Ret.)

Well-known member

Attachments

Senior Administrator, Windows Update Expert, Contributor

ModeratorHardware ExpertMicrosoft MVP (Ret.)

Well-known member

ModeratorHardware ExpertMicrosoft MVP (Ret.)

Co-Founder/AdminBSOD Expert (Ret.)Microsoft MVP (Ret.)PRIMARILY RETIRED

Moderator
Hardware Expert
Microsoft MVP (Ret.)

Moderator
Hardware Expert
Microsoft MVP (Ret.)

Moderator
Hardware Expert
Microsoft MVP (Ret.)

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED