You are browsing the web, minding your own business, when suddenly a screen like the following pops up:
You find yourself unable to open anything else or even close the Window. Clicking on “OK” does nothing and, sometimes, you even hear a voice from your speakers telling you that your computer is infected with something truly horrible – threatening you with the possible loss of your social security number, banking password, credit card numbers, and the love of your kids. The message tells you that shutting down or restarting your computer could damage your Operating System or render your computer unbootable. It extolls you to contact “microsoft” technicians via a toll-free number…
At this point you likely have a combination of panic and dread warring with each other over which is bigger and you find your hand is already reaching for the phone..
Hold up just a second, take a breath, and pull your hand back under your conscious control – you might have noticed that something is not quite right here. Looking closer you wonder when Microsoft started using all lowercase letters for their name…and you are pretty sure that “.net frame work” is supposed to be “.Net Framework”. Also, isn’t “internet” in this context supposed to be capitalized – “Internet”? Indeed it is, my friend.
You might also notice that the grammar isn’t what you would expect from a professional, presumably English speaking, North American based corporation (like Microsoft) – sentences like “Please do not open internet browser…” and “…SITUATION RESULTING COMPLETE DATA LOSS” ring false to native English speakers. They are missing articles (a, an, and the), capitalization, and prepositions (on, at, and in) – “Please do not open an Internet browser” and “…situation resulting in complete data loss”. Both are mistakes common to non-native English speakers…
Even if you don’t notice errors like these, you never want to just call an unknown number and allow the person answering access to your computer. Use your phone or another computer to look up what the number for Microsoft Support really is. I can assure you it will not match the one that just rudely popped up on your screen. If in doubt, call the trusted technology experts at SandStorm IT at (901) 475-0275.
Your computer is most likely completely fine. Ignore the dire warnings about turning off your computer or using Task Manager to close the browser windows (by hitting [CTRL] + [Alt] + [Delete]).
When you restart, your browser will likely notify you that “your last session closed unexpectedly” and will ask you if you want to “Restore Previous Session” – simply tell it “No” and the fake virus message should be gone. I’d recommend running a full AV scan immediately afterwards just to be absolutely sure there was nothing malicious installed, but it is very rare.
Most of these scams seem to toe the edge of actually breaking the law – since they aren’t actually harming your computer. Their goal is to scare you into calling them and then wheedling a “support fee” from you without actually doing anything. They do this by having you go to a website and allowing them to take over your computer. While you watch they will show you common Windows event logs and point to them as an indication that your PC is infected. They will then offer to remove the (non-existent) infection…for a fee, of course, which can range anywhere from a few hundred to a few thousand dollars. While this is certainly morally reprehensible, I’m not sure that it can be currently considered illegal.
Please be aware, that during the time they have control of your computer, they can access anything on it that you can access. This means they can browse, copy, or delete any files you have stored on your hard drive or even change your password (locking you out of your own computer). Both of which necessitate changing any passwords or accounts they might have gained access to and, in the case of getting locked out, you’ll need get your computer to a professional that can restore access to you. All of which is very time consuming and not inexpensive. It is better by far to not allow them access to begin with.