[SOLVED] MSN Certified Engineer Unsolicited Telephone Call

[robbo462003]

:huh: Hi I had a telephone call this morning from (india I think) claiming to be a Microsoft Certified Engineer. He said I had a problem on my computer as it was incorrectly connected to the server and many MSN programmes were not running. He asked me to open msconfig which I did and then was able to point to stopped programmes. He called up Event viewer and showed me there were over a thousand event warnings. He claimed I had caused these by not running the Malwarebytes compatability with Windows XP (service pack 2) He asked if I wanted to have him fix the issues there and then for a one time fee. I declined thinking this was a scam. Your views would be helpful


Neil

 

[Patrick]

Hi Neil,

This is a very long time and well-known scam. Microsoft will not under any circumstances call you first to notify you of infections, errors, etc.

Avoid Phone Scams | Cybercriminal Tech Support Scam | Security Threats

Regards,

Patrick

 

[robbo462003]

Thanks for your quick reply Patrick. I am puzzled how he was able to get my land line number and take control of my PC. What would you advise to prevent unauthorised access??

 

[Patrick]

The only way he could have taken control of your PC is if you let him with a remote access software. Did you?

Regards,

Patrick

 

[robbo462003]

The only way he could have taken control of your PC is if you let him with a remote access software. Did you?

Regards,

Patrick

Hi Patrick I did not let him have access or install remote access software all I did was open msconfig When I did that he directed the curser. Opening tabs and event viewer.

Neil

 

[Patrick]

If he genuinely took control of the system and you didn't install any remote access software, tools, etc, advised by him, your system is likely infected and I would start by going here - Security Arena - Sysnative Forums

Regards,

Patrick

 

[Go The Power]

That's good you didn't let them into your computer.

They have been running this scam for a while now, they often get users to open up the event log to show all the "errors" and "warnings" it produces, these reports most the time fine but if you don't know how the event viewer works or understand the entries it will look like your computer has a lot of issues.

An interesting article I read on ABC was that in 2012 scams cost Australia 93 billion.
Scams cost Australians $93 million in 2012: ACCC - ABC News (Australian Broadcasting Corporation)

 

[Digerati]

I declined thinking this was a scam.

Smart move but as Patrick noted, if he was able to control your mouse cursor, remote control malware was already on your system. Since the user is ALWAYS the weakest link in security, this infestation likely happened because (1) Windows was not kept current, (2) anti-malware software was not used and/or kept current, (3) a firewall was not used and/or (4) the user clicked (or failed to unclick ) on some unsolicited option - typically through a "socially engineered" offer designed to trick users to "fall for" the offer and click on a button, link, download, or unsolicited attachment.

I agree you need to have one of Sysnative's Malware Removal experts have a look to make sure you are clean.

BTW - this scam goes on the assumption every household in the world has a Windows based computer in the house. So these fake MS Engineers can simply pick a name and number out of the phone book and with 1.4 billion plus Windows machines out there today, there is a good chance they will pick a number that does indeed have a Windows computer in the house - thus fooling the user to thinking they really can see your computer.

What information did you provide? Did he ask for your IP address?

He asked me to open msconfig which I did

How?

 

[robbo462003]

Hi Digerati
I am unable to understand how this scammer was able to control the curser and open event viewer and control panel. My system is updated every patch Tuesday Firewall is always on and I scan with Malwarebytes everyday. My land line number is ex-directory but he managed to find me and asked for me by my full name. I am very suspicious about offers and don't take the bait from social media sites or any web sites. Preferring to stick with well known trusted companies. I have again today ran Malwarebytes Kaspersky R Kill and MSE security essentials with no issues. Only Kaspersky highlighted issues with Autoruns file see attachment. I am worried this maybe the vulnerability ?

 

[Go The Power]

Hi Robbo,

First of all I am sorry I misunderstood what you first wrote. If they actually had control of your system then that is a concern. I have seen your R-kill thread over in the security forum with Corrine, i would recommend that you explain to Corrine that the scammer had control of your computer, Corrine is an expert in malware removal and will know what to do from here.

Also in the meantime be very careful using your computer while it is connected tome internet, if it was me personally I would not have it connected to the internet until it is declared clean by Corrine. But if you do have to use this computer make sure you are not going to any bank sites or accessing personal/confidential information.

 

[Digerati]

I agree to not make changes until Corrine clears your system.

You said he found you, then asked you for your full name. So he did not know it when he called? That again simply suggests to me he simply dialed a number from the phone book or some other list, assuming you had a Windows computer.

Hi Digerati
I am unable to understand how this scammer was able to control the curser and open event viewer and control panel.

Are you the only user of this computer? And in reading your opening post again, are you saying you are still using XP SP2? If so, then you may very well have been compromised.

How do you connect to your network? If wirelessly, is your network secure with a strong passphrase and the highest security protocols?

 

[robbo462003]

Hi Digerati
No the scammer asked to speak to me he Knew my full name !I am the only user of this machine running Win 7 professional SP 1 via a LAN to a UK national ISP.The comment about Win xp sp2 was the scammers. He said I had failed to ensure Malwarebytes was in compatible mode for Win xp SP2. This he claimed was causing excessive event viewer error logs.

 

[Digerati]

I am the only user of this machine running Win 7 professional SP 1

Good. You say you connect via a LAN - do you mean by Ethernet? If so, then no worries about the wireless side being hacked.

Do note your personal information could have been obtained by a badguy hacking one of your less "security aware" contact's computers.

 

[jcgriff2]

It is a scam.

Microsoft would never call you about system problems.