“Hello, I’m calling from Microsoft…”


The “computer doctors” have been making their rounds in New Zealand. Consumer Affairs say about 17% of New Zealanders have been targeted by them. They called us, from Djibouti, from what seemed like a crowded call center. They knew our details, just like they’re listed in the phone book. I think they purposely tried to be hard to understand, using the assumption that overseas victims would think it would be rude to ask for clarification a number of times. The address they gave was actually a Border’s bookshop in Auckland. Eventually they hung up after repeated questioning.

Computer doctorThe story

Their story seems semi-plausible, but is fake: they’re calling from Microsoft or a computer repair shop and have noticed some strange activity from your computer. They tell you to go to a legitimate folder or the Windows Event Viewer and say that if there’s a lot of files or entries there (which there will be) that it’s very bad and means your computer is infected. But fear not! It can all be solved for a reasonable price, plus they’ll continue to support your computer. Just give them your credit card number to be charged a recurring fee and they’ll remotely fix your computer for you…

Don’t trust cold callers

NetSafe recommends asking for their company name and phone number and Googling them to see if they’re who they say they are. I haven’t heard of any legitimate tech support companies cold calling for customers and I don’t imagine it would be hard to create a professional looking website and redirecting a New Zealand phone number if someone overseas was truly determined. So I’d say don’t trust cold callers with remote access to your computer or your credit card information at all, even if they seem legitimate.

Legitimate help

If you need help with your computer there are people on online forums like Geeks To Go that will help you for free, or ask friends and family for a recommendation of a quality company you can visit in person.

The NetSafe post has some good links. NetBasics is an animated video series by NetSafe on staying safe online. The real Microsoft has an article on speeding up your Windows computer, another line the callers use. And the Event Viewer might seem confusing, but Microsoft provides a tool to look up what the entries mean.

Symantec’s experience

Symantec investigated a similar scam being run overseas, recorded the conversation and recorded what happened to the computer. The agent “Brian” gets Orla (who’s from Symantec and is pretending to be a novice computer user) to open the Event Viewer and tells her that she has a serious infection. But it’s alright, they can fix it!

A remote connection to the computer is set up using legitimate third-party software and it looks like their technician is doing something important by running check disk, disk cleanup and deleting some temporary files. Brian informs Orla that she has a lot of malicious files on her computer and gets her to sign up for a one year support contract to solve her issues. After receiving her credit card details insecurely via email, as well her name, address, phone number, email address, email password and getting her to fax a copy of her driver’s licence, the bad infection was “removed” by deleting the innocent items from the Event Viewer and turning off event logging. Of course, with unrestricted access to a computer, the people behind these operations have the ability to install malicious software they claim to be removing. The video is below. At the end the business is confronted about their misleading practices.

If you get called by these people, submit a report to NetSafe’s The Orb. Maybe you want to have some fun with them first. A Fair Go viewer said they apparently get very annoyed when after they’ve been trying to pitch you for half an hour you tell them you have a Mac instead of a PC.

Have you been called by these people?

Image credit: Tabitha Kaylee Hawk

Leave a Reply