Post by Deleted on Nov 13, 2013 15:47:08 GMT -5
Just a reminder.....
During this time of year (4th Quarter or "Q4") it's common for phishing attempts to be on the rise. A phishing attack is an email or phone call made to the general public in the hopes that one or more of the users will engage in conversation or reply to the email. In the same respect, a spear-phishing attack is used as a means of contacting a specific user; FOR EXAMPLE: the email or phone call will address the user by name. This has a tendency to legitimize the email or phone call; especially if you've recently had work done to your computer. Although most users are familiar with email, it's the phone calls that are getting more prevalent and what I'm addressing in this thread.
One of the most popular means of making these calls is to impersonate a Microsoft Tech Support engineer. The caller, usually with a middle-eastern/Indian dialect, will represent themselves as someone from "Microsoft Tech Support" or from "Windows Co." and introduce themselves with a good old-fashioned American name, like "Rick Johnson". The call usually consists of the impersonator indicating there was a problem found with the recipient's Browser or Operating System. Then walks the user through a process to setup remote access to the recipient's system. The result is usually a trojan or virus pushed to the device to gain command and control of the recipient's system; resulting in loss of data, stolen personal information or destruction of the data (CryptoLocker Trojan).
During the holiday season, there are a few things to consider should you get such a call:
1. Microsoft never contacts a user unless the user contacts Microsoft FIRST. When a call is made, Microsoft will provide a support ID ticket number for you to reference when they call you back. If you didn't open a support ticket with Microsoft, then the call is a phishing/spear-phishing attempt or scam. Even if you have an IT staff at your place of work; in every case opened with Microsoft, Microsoft Premier Support works with that IT staff, not directly with the end user.
2. Even if the call seems to be legit, for example you recently had your computer worked on or there was a recent virus infection, your local IT would be the contact; NOT Microsoft or some outside agency. Should your system ever be infected or if you have technical issues, you should contact your IT personnel and never seek a third party company to handle the issue unless absolutely necessary.
3. Should you receive such a call, simply hang up. NEVER offer personal information in regards to your full/maiden name, your computer name, credit card information or allow them to remote into your system for ANY reason. Even if the caller leaves a number for you to call them back, DO NOT entertain this option.
For most of you, this seems like common sense, but these tactics are on the rise and can catch you off-guard. Remember, companies like Microsoft may call to offer sales and services, but they don't address you by name and they certainly won't begin premiere support with remote access, etc. unless you're called them yourself and opened up a tech support ticket. And as always, no IT company will EVER call you to "reset your password" or ask for private or personal information.
Good luck and be safe.
During this time of year (4th Quarter or "Q4") it's common for phishing attempts to be on the rise. A phishing attack is an email or phone call made to the general public in the hopes that one or more of the users will engage in conversation or reply to the email. In the same respect, a spear-phishing attack is used as a means of contacting a specific user; FOR EXAMPLE: the email or phone call will address the user by name. This has a tendency to legitimize the email or phone call; especially if you've recently had work done to your computer. Although most users are familiar with email, it's the phone calls that are getting more prevalent and what I'm addressing in this thread.
One of the most popular means of making these calls is to impersonate a Microsoft Tech Support engineer. The caller, usually with a middle-eastern/Indian dialect, will represent themselves as someone from "Microsoft Tech Support" or from "Windows Co." and introduce themselves with a good old-fashioned American name, like "Rick Johnson". The call usually consists of the impersonator indicating there was a problem found with the recipient's Browser or Operating System. Then walks the user through a process to setup remote access to the recipient's system. The result is usually a trojan or virus pushed to the device to gain command and control of the recipient's system; resulting in loss of data, stolen personal information or destruction of the data (CryptoLocker Trojan).
During the holiday season, there are a few things to consider should you get such a call:
1. Microsoft never contacts a user unless the user contacts Microsoft FIRST. When a call is made, Microsoft will provide a support ID ticket number for you to reference when they call you back. If you didn't open a support ticket with Microsoft, then the call is a phishing/spear-phishing attempt or scam. Even if you have an IT staff at your place of work; in every case opened with Microsoft, Microsoft Premier Support works with that IT staff, not directly with the end user.
2. Even if the call seems to be legit, for example you recently had your computer worked on or there was a recent virus infection, your local IT would be the contact; NOT Microsoft or some outside agency. Should your system ever be infected or if you have technical issues, you should contact your IT personnel and never seek a third party company to handle the issue unless absolutely necessary.
3. Should you receive such a call, simply hang up. NEVER offer personal information in regards to your full/maiden name, your computer name, credit card information or allow them to remote into your system for ANY reason. Even if the caller leaves a number for you to call them back, DO NOT entertain this option.
For most of you, this seems like common sense, but these tactics are on the rise and can catch you off-guard. Remember, companies like Microsoft may call to offer sales and services, but they don't address you by name and they certainly won't begin premiere support with remote access, etc. unless you're called them yourself and opened up a tech support ticket. And as always, no IT company will EVER call you to "reset your password" or ask for private or personal information.
Good luck and be safe.
