How a Microsoft Phone Scam nearly destroyed a business
It was a normal day in Fresh Mango’s BVI office on Tortola when the telephone rang.
It was one of our clients based on the island of Virgin Gorda, and judging by the shouting they were not happy.
It took a while for our technician to calm him down. Having eventually done so he was able to ask what the problem was. It turned out that the client had received a telephone call from Microsoft. The caller had advised that our client’s computer systems were not secure. They had not been kept up to date and they were in need of urgent security updates, or else our client was at risk of a cyber hack.
‘I mean, for goodness sake, I pay you a monthly retainer to manage my IT systems! What do I pay you for if you can’t do something as basic as updates!!!’
The Fresh Mango technician immediately recognised this for what it was (a Microsoft Phone Scam) but needed more information.
‘When did they call you?’ He asked.
‘About half an hour ago’.
‘I see, and how did you leave it with them?’
‘I haven’t left it’ said the client. They are on the other line. They needed to access my computer to implement all of the necessary updates.‘
Now very worried, the Fresh Mango Technician asked ‘You mean you have given them access to your computer and they are on it now?’
‘Yes, of course’.
At this point our technician had no choice but to tell the client what was going on. ‘You need to disconnect your computer from the internet RIGHT NOW. You are being scammed and hacked.’
Silence on the other end of the line. Our technician imagined a penny dropping.
‘You, you mean it isn’t Microsoft?’
‘No, it’s a scam. Disconnect your device now and hang up the other line to the caller.
Then confirm to me when you have done so.
A few moments later the client confirmed all had been disconnected.
Our technician then advised he would catch the next ferry to Virgin Gorda and would need to conduct a complete security sweep of the client’s systems.
Epilogue
The ‘Microsoft’ caller had installed key logging software and monitoring software on the client’s systems. Fortunately the hadn’t been able to access financial data or client data since we had that locked down.
A couple of months later I bumped into the client in a local bar. He was most grateful for what we had done, he realised that his business could have been severely compromised financially.
‘No problem’ I said. ‘That’s what you pay us for.’
Postscript
Never act on a call from someone claiming to be from Microsoft (or any other company for that matter). Ask them for a reference number and tell them you will call them back. Do not call any number the caller provides (!) – use the number on the website for the company. Or call Fresh Mango.
And, for the record, we conduct monthly security patching (as well as emergency patches) for all our retainer clients, diligently.