Skip to main content

Windows users are going to hate what Microsoft just confessed

Windows Timeline
Image used with permission by copyright holder

While Windows Defender may stop malware and cyberattacks, consumers are still susceptible to a different type of threat that is gaining popularity. Microsoft warns that tech support scams are on the rise, with consumers losing between $200 and $400 per incident as a result of these social engineering attacks — something Windows users aren’t going to like hearing at all. In 2017, Microsoft received 153,000 reports from users who were victimized by these tech support scam, a 24 percent increase from a year prior, the company detailed in a security report.

These scams could occur in a number of ways. Hackers either place an unsolicited phone call to the victim, display a strategic online ad, send a phishing email, or install malware to lead consumers to believe that their systems have been compromised.

“Once connected, a fake technician (an experienced scammer) convinces the victim of a problem with their device. They often scare victims with urgent problems requiring immediate action. They instruct victims to install remote administration tools (RATs), which provide the scammers access to and control over the device,” Microsoft said. “With control of the device, scammers can make a compelling case about errors in the device and pressure the victim to pay.”

The scam issue isn’t just isolated to Windows, with technical support scams also affecting users of MacOS, iOS, and Android operating systems. The FBI reported that there were 11,000 complaints about tech support fraud in 2017, resulting in nearly $15 million worth of losses, according to ZDNet. Some scammers even threaten to take legal action if the charges for fake tech support services aren’t paid.

In one instance, a scammer emptied 89,000 euros (about 108,600) from a bank account in the Netherlands as a result of a tech support scam, Microsoft said in its report. “In a 2016 survey sponsored by Microsoft, two in three respondents reported experiencing some form of tech support scam in the previous 12 months, with nearly one in 10 losing money.”

The problem is likely to be larger than what these statistics state. These figures only include consumers who have reported to being victimized by the tech support scams.

Because of the complexity of these types of scams, Microsoft recommends collaborative efforts between the tech industry and law enforcement to “make a significant dent on this issue.” Microsoft’s partnership with web hosting providers, for example, has lead to the takedown of fake support websites, and its work with telecom networks resulted in the shutdown of scam phone numbers.

If you have been hit with a scam, you should notify your bank to reverse the charges, change all your passwords, uninstall any software that was installed as part of the tech support scam, and run a virus scan. Microsoft said that the best way to prevent scams is education.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Windows 11 24H2 or Windows 12? Here’s what’s coming soon
A laptop running Windows 11.

Windows 11 is more than a few years old and it is getting feature drops called "moments" every so often, as well as yearly updates. But what about the whole new Windows release that will come after Windows 11?

Earlier leaks from Intel and Qualcomm made mention of Windows 12, leading some to believe that Windows 12 might be in development at Microsoft and could come in 2024.

Read more
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more