04 Sep 2013

Avoid Bogus “Security” Calls


Tech Tip:

Avoid Bogus “Microsoft Security” Calls

Phone scams have been around for years. One of the most common scams these days is receiving a service call from someone claiming to be a ‘Microsoft Security Representative.’ When called, the scammer will inform you that your computer does not have properly working security updates. The caller will then explain to you that in order to fix the error, an additional piece of security software will need to be installed. Of course, this will all be at a cost to you.

First off, understand that there is NO department at Microsoft that would ever call customers offering this service. The only time a Microsoft Representative would ever call your office would be in direct response to a service call you had placed. If you have not placed a service call and receive a call from someone stating that they are from Microsoft please hang up!

These phony calls look and seem extremely legitimate. Below you will see the steps taken by a phony “Security Representative” to seem trustworthy and legitimate in order gain access to your computer.

  1. First, the “technician” will explain that your computer is working, but with very low usage. They will verify this by having you pull up the ‘Windows Task Manager’ to view the low CPU usage. The representative will explain that your computer cannot run at full usage because it has become infected. What the CPU Usage actually shows is that your computer is only using very little resources at that current moment. This has nothing to do with whether your system is infected with a virus or not.task.mgr
  2. Then, you will be asked to open up the ‘Event Manager’ screen; you will see several error messages. What the scammers won’t tell you is that most computers show an error log. This happens if you have not re-installed your system software recently or are running several programs at the same time.
  3. Next, the phoney technician will associate your computer with a unique number called the Consumer License ID (CSLID). To do this, you will be asked to execute the “Assoc” command in a DOS prompt. When the scammer reads you the CSLID number, you will see that it matches the CSLID number from your screen (shown below). This is supposed to prove to you that they are indeed a ‘Microsoft Employee’.security calls
  4. Finally, the scammer will ask permission for their technician to access your computer in order to fix the problem but, instead, your computer will be hijacked for a malicious purpose. This can easily be done by having you load an online remote desktop program. AMMYY, a legitimate online program, could be used to access your desktop remotely.


Now, they have access to your computer. With this access, they can trick you into installing malicious hardware, bill you for phony services, direct you to fraudulent websites or take control of your computer, leaving it vulnerable to attacks. Please note that neither Microsoft nor BMS will ever call to charge you for software, hardware or security fixes.

If you feel you may have been compromised by an unsolicited caller, please contact the BMS Hardware Support team immediately. They can scan and detect any malicious activity that may have occurred. Contact them via email or call directly at 800-634-7734, ext. 6.

Have you had a phone scammer contact your office? Help others become aware of the nature of the scam.

2 Responses to Avoid Bogus “Security” Calls
  1. We just told them we didn’t have any computers and that we did everything on paper. And they were so confused they hung up. LOL

  2. Received 2 calls; it never went beyond the introduction in the first. I checked with my computer tech after first call. He told me it was a scam. Hung up when we received 2nd call.

Comments are closed.