We first heard about the Microsoft tech support scam phone calls all the way back in 2009, but amazingly they're still around more than a decade later.
The "I'm from Microsoft and you've got a problem with your PC" unsolicited call was one of the first scams of its kind, and its persistence suggests it still has a relatively high 'success' rate.
While many scammers have had to evolve to outsmart the very latest security software on PCs, a simple phone call may be all it takes to extract crucial personal information out of unsuspecting victims.
Here are all the signs to look out for, as well as what to do if you think your personal information has been affected.
Does Microsoft tech support call you?
No. Microsoft will never make an unsolicited phone call. On its website, the company says that any communication will always be initiated with you.
But the scammers hope you don't know this. They call you, and ask for you by name. They say they are a computer security expert from Microsoft (or another legitimate tech company or a Microsoft 'partner'). The caller is plausible and polite, but officious. They say that your PC or laptop has been infected with malware, and that they can help you solve the problem.
What happens next depends on the particular version of scam with which you have been targeted.
Some crooks will ask you to give them remote access to your PC or laptop, and then use that access to get hold of your personal data. Others get you to download a tool which they say is the "fix" for your problem, but is actually malware.
The other version is a more straightforward scam: they simply ask for money in return for a lifetime of 'protection' from the malware they pretend is on your machine.
Here's the important bit: no legitimate IT security company - certainly not Microsoft - is ever going to call you in this way. For one thing, they can't even tell that your PC is infected. They've got your name from the phone book, or any one of the thousands of marketing lists on which your details probably reside. They know nothing about your home computing set up - they're just chancers.
Basically, somebody is sitting in a room calling number after number hoping to find a victim. It's not personal, but it is ultimately dangerous to your financial and technological health.
There are plenty of other common UK scams to avoid.
What should I do if Microsoft phones me?
- Put the phone down, rest assured it is not a legitimate call.
- If you insist on staying on the line, do not give out any personal information. Also, you should never even consider giving bank details out over the phone.
- If you've got this far, we can only reiterate point number 1: get off the phone. But whatever you do don't follow instructions to visit websites, download software or change a setting on your PC.
- If possible get the caller's details. You should certainly report any instance of this scam to Action Fraud.
- Finally, change any passwords and usernames that could plausibly have been compromised, and run a scan with up-to-date security software. Then ensure that your firewall and antivirus are up to date and protecting your PC.
Oh, and there is a number 6: tell everyone about it. This scam preys on people's insecurity about lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge.
What should I do if I fell for the Microsoft phone scam?
The feeling of being scammed is horrible, but it's important to not be hard on yourself. It could happen to anyone, and scammers are very clever at disguising themselves as someone legitimate.
While call scams are among the most basic out there, contacting you so directly means you aren't able to prepare or look something up before handing over information. Many people are used to giving out their name when introducing themselves to strangers, and it can easily be a slippery slope from there.
Your first port of call should be to change all personal data that can be changed. You can't change your date of birth, and changing your name and address seems extreme. But you can change all your passwords and usernames, starting with your main email account and any bank- and credit card logins. Also, contact your bank to ask them to be on the lookout for anything dodgy.
Again, use up-to-date security software to scan and cleanse your PC, and if the scammer did get you to do something to your PC using System Restore to roll back the settings is always a good idea. And tell the police. If you have lost money, it's possible your credit card company or contents insurance will cover the loss.