Ask Leo: Next Steps for Victims of Microsoft Support Scam


By Leo Notenboom

A family member got scammed by a telephone call from someone saying that they were from Microsoft, calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help! Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded on to a new HD/computer?

As you point out, it’s a scam. Microsoft doesn’t call people because of
errors on their computer. Neither do ISPs, security companies, or pretty much
anyone else who might claim some role of internet authority or otherwise.

To quote Admiral
: “It’s a trap!”

I’ve been getting lots of reports of this scam and its variants of late.
Fortunately, many people are rightfully suspicious and cut it off before it
goes too far.

Unfortunately, having fallen for the scam puts you in a difficult and
dangerous position.

To start with, let’s not hook up that external hard drive just yet.

The Scam

The scam is very simple: someone calls you claiming to be from Microsoft or
your ISP or your anti-malware provider or some other authoritative company. Of
course, they are not.

They claim that they’ve detected that your computer is causing many errors
on the internet or that there are “problems with your account”. To prove
that there’s something wrong, they ask if your computer has been crashing
recently. Or they have you open up the event
and point out the many, many errors listed there. Crashes are,
unfortunately, too common and the event viewer is a mess – full of
messages, warnings, and errors, even on a machine that’s working just fine. They
simply use this confusion and misinformation to claim that your computer has a

And, of course, they can fix it.

The scammer asks you to connect to a remote access site, such as or, so you can give them access to your computer and they
can correct the problem for you. Important: Sites like,, and perhaps other remote-access services used for this are not involved in the scam. They’re just web services that the scammer happens to
use and nothing more.

That then leads to the scam’s hook. While accessing your machine, the scammer does typically one of two things:

  • They install malware.

  • They determine that you’ll need to purchase something – perhaps software, extended services, or whatever. At this point, they ask for your payment information.

  • You’re either left with a malware-laden machine (that won’t be “fixed”, by
    the way), bogus charges on your credit card, or both.

    It’s a classic scam.

    Avoiding the scam

    It’s classic scam-avoidance 101: never completely trust someone who you don’t
    know who calls you.

    Listen to them, if you like. Ask questions, if you feel so motivated, but
    never ever give them access to your PC and never ever give
    them your payment information.

    Let them know that you’ll have your local tech look into it (even if you
    don’t have one).

    Once it’s clear that you’re not going to fall for the trap, it’s very likely
    that you’ll get hung up on or that the caller may even become abusive; at
    that point, you can hang up on them.

    If you’re concerned that there is a real problem, do the research yourself,
    or contact the technical resources that you trust and ask them about it.

    Chances are there’s nothing to see here.

    How to Recover from the Scam

    This post is excerpted with Leo’s permission from his blog.

    FaceBook URL: Leo’s Facebook

    Twitter URL:

     1,793 total views,  4 views today

    (Visited 1 times, 1 visits today)

    16 thoughts on “Ask Leo: Next Steps for Victims of Microsoft Support Scam”

    1. You can tell when you are receiving calls from these scammers as immediately you pick up your ‘phone you will here silence. At the other end a computer does the dialling and waits for a response from you. If you don’t speak the computer hanngs up. If you give little whistles that sound like a fax machine, the call will disconnect because the computer thinks it is not connected to a person.
      Another thing to do is receive the call and then tell the caller there is someone at the front door and you will just be a moment. Place the ‘phone on a bench top and leave it there for 30 minutes, or less.

    2. I had a slightly different scam call. They stated they were from Microsoft and were verifying the information they had on record. All the info was correct; name, address, phone number. When they asked for my social security number I refused to furnish it. The caller spent ten minutes trying to convince me she couldn’t read my ss number to me, but I must give it to her. I finally hung up.

    3. I’m sorry but I have no sympathy for anyone who is caught by this scam. I’m afraid the only cure is to get rid of stupidy and sadly, with all the dumbing down that has been going on in our society during the past few years, I don’t hold out much hope.

      Society has become so regulated by the state, that people have forgotten how to think for themselves, and as far as I’m concerned, that is the crux of the issue.

      It’s a bit sad that a computer magazine has to cover an issue that should be common sense to everyone. Its not as though you can’t read up on internet security on the net.

    4. We had one of these calls, my wife answered the phone, pretended to be dumb and after a bit gave the call to me telling the person on the other end that I was the person who looked after the computer. After he had delivered his you have aproblem speech again I asked which computer! We have several in the house all using the same high speed access. All he would say was your computer – we know from the error reports snet in. We very rarely send in those repors as we know what caused the error – one of us. I kept asking which computer and gettig the same response which went on for close to 10 minutes. Then I finally said goodbye, hung up the phone and notified Microsoft.

    5. I got one of these calls. Recognized it as a scam but played it out. Asked how they knew it was my machine, legitimate question I have 2 at work and 4 at home. They said there server identified it . I asked if they had the IP address and they said yes, I asked for it and she fumbled and passed the call to a “technician”. I asked him for the IP address. He gave me one that bore no similarity to the adresses i operate from. I finally told him I repair computers and I know mine is not infected. He called me a motherf****e and hung up.

      Really bad language for a “Microsoft” representative. I really had a lot of fun. I love doing this especially when i know it is that much less time they have to really talk to someone gullible.

    6. I recently got a call from “MicroSoft” with this exact scam. While playing with the caller sounds like fun, I just told the idiot FU moron.

      We all get our kicks in different ways1

    7. This has been rife in Australia and a good way of dealing with it is to ask for their phone number and you will call them back. They disconnect so fast that you think the call never came in!

    8. This is not the main Microsoft Scam.
      The main scan comes from Microsoft itself.
      I had a legitimate XP installation on a Computer that did not supply a disk when purchased.
      I had over time partitioned, changed harware, added harware and removed unneccessary XP crap in the System.
      It worked fine for a while, but one day I was asked to Authenticate the OS.
      It required phoning Microsoft and telling them all about myself, (up theirs).
      Basically adter thinking they can ‘go to hell’ for causing me so much inconvenience I re-installed 98se over the XP partition.
      Installed Ubuntu 11.04 on another partition, (needed for more modern applications), then bought a Mac.
      Life is now so simple.
      ps. I have the hard drive with the XP in a USB drive to play with whatever I want to play with anyway.
      Basically the moral of this story is:
      Bin Microsoft OS, you really do not need it.
      One other thing is this:
      What is wrong with you Bloggers using FaceSpaceTwatting to Comment.
      Do you find it so difficult to survive as an individual?
      I will put money on it that your constructive comments will decrease because normally people cannot be bothered or are too shrewd to join all this Crap!

        1. No I am not telling you off for not using facespook lol.
          When I tried to post all I got was this this facespacetwatter rubbish as I use Opera I think it might have been a browser issue.
          The problem with websites today is there is so much JavaScript and Ajax, it is getting more difficult making a post.

      1. Funny Story – MicroShaft may have been in the right for asking you to authenticate your OS. Just because you bought a PC and it came pre-loaded with MyCrowShaft, does not mean it is a legitimate copy. Many unscrupulous retailers will use authentication hacks to mass load Winblows onto the PCs they sell or will use a legitimate volume license to install on the PC and then sell the actual Recovery Disk that you were supposed to receive with your PC for less than retail prices so that there are more than one PC using that license key. Most legitimate pre-loaded copies of windows will come with some type or recovery disk and have an official Microshocked sticker with product key on the bottom of the laptop or side of the PC tower. If you do not have either a product serial key sticker or a recovery disk, you have likely been given an illegal copy of Wind-ow!s. There is nothing wrong with a company trying to protect their assets and licensing structure, even if they do charge a ridiculous amount for their product. They’re probably see much more in the way of profits if they lowered the cost of a full version of Whine-Dohs to something more easily affordable like $50. More people would be willing to pay for a legitimate copy if they priced it legitimately for the amount of the market they control.

    9. I have had these phone calls several times and I try to lead them on for as long as possible. reading the error messages slowly asking for help in understanding them and generally taking the piss. My longest time to hang up so far is 15 mins. I also had a friend in the village scammed and they took £100 to sign her up for 10 years, installed some other virus protection that I hadn’t heard of. I have also just heard that she has just been upgraded to W7 from Vista and I guess that it is also a scam but she won’t be told!

    10. Caller ID lets me know who’s calling. If I don’t know them, I let it go to voice mail. Most hang up when they get to an answering machine.

      EMail – Don’t put email addresses in your online email web access. That is easy to crack when you connect to another website. Then they use your online addressbook to spam in your name! Use Outlook or Outlook Express. They are more secure and your antivirus software can control access.

    11. I kind of “fell” for the scam. I didn’t give out any financial information to the caller. I did however follow some instructions at first. I went to the Event Viewer and saw a bunch of errors etc. I did follow the instruction typing in Prefetch. Do you know if that has given them access to my files? I changed my banking password almost immediately. I also stopped using autofill and saved passwords. I ran a Norton Scan and and Adaware full scan as well. everything seems fine so far. Can you help me with anymore information? Thanks 🙂

    Leave a Comment

    Your email address will not be published.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.