New "Microsoft" Phising Scam

Today I received a phone call (Out of Area, Unlisted) from a guy with an Indian accent. He claimed to be from Microsoft and told me that they had received a message from my computer saying it was infected.

So I immediately replied:

"How did you get this phone number?"

His response:

"Because your ISP told us it was you and that it was your computer and when you register for Internet service they provide that information to us."

My retort (BSing of course):

"So Microsoft (someone who I haven't purchased anything from for 4 years) said my computer is infected, and you got my home phone number for my business account Internet provider?"

The guy hung up. I'm sure the rest of the phishing scam is that they are going to ask you to download something and install it to make sure your system is "clean." I myself am running an enterprise level anti-virus firewall (with subscriptions) and have AV installed on all of my Windows workstations and Virtual Machines.

According to Wikipedia:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

The term "Phishing" first came about because a telephone or phone was used to fish for information. So the "PH" from "Phone" replaced the "F" in fish. Despite the Wikipedia entry, it is actually a part of "Phreaking" and not just possibly due to phreaking because a lot of phone privilege escalation involves a question and answer session with the phone network provider. There are all sorts of articles about Phishing and Phreaking in the older issues of the 2600 Hacker Quarterly now available at Amazon as an Kindle magazine subscription.

If you have a Mac / Linux based machine only, I probably don't have to say this but you can tell them you know they're full of it. If you have a "PC," Microsoft will NEVER contact you to tell you that you have a virus. They as a company, unless you're paying for some security service directly from them, would never take the huge effort to police the Internet and tell everyone that they're sending out a virus. That's not one of their core business motives.

There are all sorts of things that can be downloaded knowingly or unknowingly off of the Internet that contain back doors (where people can get into your machine), viruses (that give out information), slave systems (where people can make your computer work for them), and root kits (so your anti-virus applications that you are hopefully using can not detect of remove them).


Remember to NEVER provide any personally identifiable information about yourself over the phone to ANYONE who calls you unprompted (unless you are expecting the call).