THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

John Paul Cook

Scammers on the loose pretending to be Microsoft

UPDATE: The scammers called back today informing me that my computer had been sending “error messages for quite a long time”! They identified themselves as the “Technical Maintenance Department”. I was told that the count at the top of my Event Viewer is the number of infections on my computer. For $199 they would help me fix my computer. They directed me to browse to ms7.us, presumably to purchase something. I didn’t browse to that address, but I did a whois which indicated that the domain is registered to someone in India. Today, like yesterday, the people on the phone were very difficult to understand. Also like yesterday, the supervisor is very easy to understand when he curses. Perhaps he has practiced English curse words more than regular conversational words.

YESTERDAY: Minutes ago I received a phone call that the caller ID listed as “Out of area”, which I knew was a bad sign. It was difficult to understand the caller because of his very thick accent. He told me that he was from Microsoft and that my computer was throwing a large number of errors and he was calling to help me. He directed me to use Windows R to open a run dialog box, type eventvwr and then look at the Event Viewer. Within Event Viewer, he instructed me to open Custom Views and then open Administrative Events. He wanted to know the number of events. I told him that the count was 16,908, which he said was very bad. He routed me to his supervisor.

The supervisor asked me if I knew what this meant. I said yes, it meant that he wasn’t with Microsoft, and that he was a scammer. He asked me if the other guy indicated they were Microsoft. I said yes. He said that they were not Microsoft but instead a contractor to Microsoft, a certified and authorized company trying to help me. He said that if he was a scammer, he could hack my computer (after all, he said he knows my IP address), but he wouldn’t because he is a legitimate business. He did some cursing and hung up on me. His cursing was amazingly good, actually accent free as far as I could tell.

In case you don’t know what the Event Viewer is, it is a log of things that happen on your computer. It is not a listing of malware infections on your machine. It is completely normal for it to have tens of thousands of events. Don’t fall for someone calling you trying to scare you about how many events are in your event logs. Microsoft doesn’t call Windows users at home and have them open a run dialog box.

Published Wednesday, December 19, 2012 7:58 PM by John Paul Cook

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

StephenL said:

Too funny! I just got off the same call. I recorded part of it, for the fun of it. I did go to ms7.us - from a test machine. They have you install TeamViewer from TeamViewer.com. This looks like a legitimate application - but, once you give the person the connection info, it DEFAULTS to remote full control. You'd think the application would require a request for control. Anyhow, I quickly removed remote control and opened a chat window. They didn't respond to my "hello?". :) And, shortly thereafter, the phone line went dead.

I checked a few logs, and, I don't see that they were able to do anything. Because the test machine was part of my domain, I decided to drop them before they could do anything... next time, I might have a truly disconnected test machine and see what they decide to do.

January 10, 2013 2:58 PM
 

NathanD said:

I just got the same call. Fortunately, I know enough about computers to be skeptical.

The Indian-sounding man on the line claimed he was from Microsoft Technical services and was calling me because they were getting error reports from my Windows 8 computer. I asked how I could verify this and he asked me to open Run... and type in www.ms7.us. That tipped me off, and I stopped following his directions and instead searched for the site in my browser. I eventually went to the site, trusting that I'd know before anything crazy happened. He then asked me to click a link (#4 on that page), which began downloading some random EXE file, at which point, I pulled the plug on the download and started pressing the guy. He claimed that the EXE file would help their technicians show me the problems.

I told him that I'm well aware of Event Viewer and asked him to walk me through it. He basically just had me open up the Event Viewer Application log and made vague comments about these being errors. I pressed him more to prove to me that something was wrong. He then asked me to open my Windows Prefetch folder and double click on any file...acting like the fact that Windows didn't find an appropriate application to open those files meant they were malicious. I quickly searched for the prefetch folder in Google and informed him what it was for from the Microsoft website.

At this point, I asked him to point me to anywhere on the Microsoft website that discussed this issue. His response--we're not from Microsoft, we're their technical services and "if we just posted it on the web site, why would I be calling?" LOL!

Next, I asked him for ANY link to a trustworthy antivirus or news site mentioning this issue. Obviously, no response. At that point, I started accusing him of being a scammer and trying to get me to install malicious software. I pointed out that Microsoft wouldn't be calling all their end users, which he emphatically insisted was what was happening even at that point.

He began trying to get off the phone, saying that it's my problem if my computer starts crashing in a few days. I basically told him that he's trying to scam people who don't know enough about computers to resist it and kept repeating "Stop doing this. Stop scamming people." until he hung up.

The bad part about this, is that I could totally see someone falling for this if they didn't have past experience with Event Viewer, know a bit about file extensions and have a basic understanding about how this kind of thing works.

Sadly, there's not much on Google yet about this scam, so I'm hoping that my description here will help get this page higher in the ranks. MS7.US are scammers. Don't be scammed by MS7.US. Repeat: WWW.MS7.US is a scam.

January 16, 2013 2:05 PM
 

SteveL said:

Thank you guys for your comments. Last night I I got this call. Since, I was half asleep and not familier with event viewer, I ended up with this guy remote controlling my computer. I did not buy anything, especialy when the pay-pal thing was called "loot" something in India. Is there any way that he may have put anything in my computer and get past Nortons? I ran Nortons and did not find anything, but have not allowed any internet connection since!

thank you.

February 12, 2013 11:13 PM
 

Pat said:

Thanks, guys!  I am a complete novice compared to all of you but I'm old enough to have scams tried on me almost every day in some form.  I've had two of these calls, also such heavy accents that I also couldn't understand half of what they said.  However, when I refused information and told them I was too busy, I told him I would call him and he gave me an 800 number and told me to be sure and ask for Rick.  The one today had a different name but I told him I was too busy.  He said he would call back next week.  Since he mentioned that he could hack one of you, could he possibly do this?  I gave him no information and refused to go to my computer.  So, how are they getting these phone numbers?  

April 18, 2014 1:36 AM
 

John Paul Cook said:

The scammers are most probably dialing sequentially trying every possible phone number. Just because they say they can hack a computer doesn't mean they can. Pay no attention to these scammers. As long as you don't install their software or go to their website, the most they can do is waste your time.

April 18, 2014 1:44 AM

Leave a Comment

(required) 
(required) 
Submit

About John Paul Cook

John Paul Cook is a Technology Solution Professional for Microsoft's data platform and works out of Microsoft's Houston office. Prior to joining Microsoft, he was a Microsoft SQL Server MVP. He is experienced in Microsoft SQL Server and Oracle database application design, development, and implementation. He has spoken at many conferences including Microsoft TechEd and the SQL PASS Summit. He has worked in oil and gas, financial, manufacturing, and healthcare industries. John is also a Registered Nurse who graduated from Vanderbilt University with a Master of Science in Nursing Informatics and is an active member of the Sigma Theta Tau nursing honor society. He volunteers as a nurse at safety net clinics. Contributing author to SQL Server MVP Deep Dives and SQL Server MVP Deep Dives Volume 2.

This Blog

Syndication

Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement