Microsoft wakes up to cold-caller scam – what took it so long?
A Microsoft press release that landed in my inbox this morning has left me fuming. “Microsoft Survey Warns of Emerging Internet Phone Scam” reads the headline.
The “emerging” phone scam it’s referring to? The swindle that sees conmen cold-calling computer owners, telling them they’ve got a virus on their PC, fleecing them for hundreds of pounds to remotely “repair” non-existent problems and installing God knows what on their PC in the process. The very same phone scam that PC Pro was the first publication to uncover in March 2010.
Why it has taken Microsoft 16 months to wake up to this problem is bewildering. Especially as we alerted Microsoft’s press office to the fact that these con artists were often pretending to be Microsoft and splashing Windows-style logos all over their websites when we broke the story last March.
In the meantime, it’s clear that thousands of people have been cheated. Microsoft’s own survey finds that “79% of people deceived in this way suffered some sort of financial loss”. The details are even more galling:
* 17% of victims had money taken from their accounts
* 19% reported compromised passwords
* 17% were victims of identity fraud
* 53% suffered subsequent computer problems
* The average amount of money stolen was £543
* The average cost of repairing damage caused to computers was £1,073 — rising to $4,800 (£2,977) in the US
* Only two thirds of the people defrauded were able to recover the stolen money (presumably from their credit-card company), and even then, only an average of 42% of the stolen funds
Only now is Microsoft publicising the scam – and conveniently reminding users that Microsoft’s own security software would prevent the installation of malicious software. If it had pulled its finger out and warned people of this 16 months ago, many thousands more people might not have been left with a large credit-card bill, a ruined credit history and a broken PC.
When we asked Microsoft why it had taken so long to warn people of this rip-off, a spokesman replied:
“Microsoft had been aware of these phone scams but wanted to look into the breadth that they have spread, especially among English speaking countries.”
A statement that, to my mind, borders on dereliction of duty. You don’t spend 16 months sitting on your hands waiting for nice pretty patterns to emerge on Excel spreadsheets before you warn people of an expensive con trick; you do it as soon as humanly possible.
Furthermore, we asked Microsoft – which spends countless millions pursuing small scale pirates selling knocked-off copies of Windows on market stalls – what it’s done about shutting down these rogue “repairmen”, who are often trading under the Microsoft name.
“Microsoft is investigating the cases reported to us by customers and we will consider legal action where appropriate, as we have in other online scareware cases to date. We continue to encourage consumers to exercise caution from scams and follow the guidance found at The Microsoft Safety & Security Center.”
Which is PR speak for “not a lot”.
Microsoft has made great strides in improving the security of Windows in recent years, which is partly why these new “social engineering” scams have emerged. But as with Apple’s sluggish (although relatively lightning fast) response to the similar Mac Defender scam, these companies have to do more than defend their operating systems: they have to defend the people using them too.