More than £600 lost to ‘Microsoft hacker’ con

Hi Duncan, There is no evidence that these scams are linked to the browsing habits of the people the criminals are scamming. Your comment will be upsetting to anyone who has been a victim of these scams and particularly Frank who has been through an horrendous experience. We want Convo to be a welcoming space to everyone – please bear this in mind when commenting on sensitive subjects.

In Frank’s case, it seems he paid over the phone. So he may have had to give all his card details including the 3 digits of the security code to the scammers.

When I use my card on the Internet, those used to be all the data needed for a payment.

Nowadays, a separate text message pin is often also required.

Duncan – I think it’s a case of too much information. You always seem to look for the worst examples and give them much more attention than they deserve. There are plenty of other Which? Conversations where you can post details of the latest scams. I also believe you overdo the defence of masculinity.

I think it must be made clear that there was nothing to suggest that ‘Frank’ had done anything to put him at risk of blackmail.

Again, I have neutralised the ‘thumbs down’ under you comment but that does not mean I agree with it.

Duncan, at least on Windows 10 Home, Windows Remote Desktop (msra) is disabled by default. As far as I can see, it can only be activated locally, not remotely.

So any cold calling scammers will have to trick or coach their victims into activating it.

Older Home versions of Windows don’t seem to include this app (msra), so that may explain why these scammers prefer apps like TeamViewer, which should work on all PC’s.

I’ve never used msra myself, but it seems that the usual way of instigating its connections is via an invitation file that is sent to the remote party. For that, the scammers would need to disclose something like an email address and get the file emailed to them. That sounds like a lot more effort than just sharing passcodes, as when using TeamViewer.

Thats why I said–“its not too hard to get a user to click on something to get access ” ,have a read of –
https://www.darkreading.com/endpoint/the-risks-of-remote-desktop-access-are-far-from-remote/a/d-id/1331820
don’t worry its not the “dark web ” .
The FBI have a warning on Windows remote desktop protocol-
https://smallbiztrends.com/2018/10/rdp-hacking.html
notice this-
According to the FBI, use of Remote Desktop Protocol as an attack vector has increased since mid to late 2016. The rise in RDP attacks has in part been driven by dark markets selling Remote Desktop Protocol access. These bad actors have found ways in which to identify and exploit vulnerable RDP sessions over the Internet.
For small businesses who use RDP to control their home or office computers remotely, more vigilance is required including implementing strong passwords and changing them regularly.

In its announcement, the FBI warns, “Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.”
Notice Derek—Attacks using the RDP protocol do NOT require user input.
Also what about Windows Remote Assistance ?

If you think that’s all its not what if the user has –
1-Logmein activated
2- Team Viewer
3-Anydesk
4-Chrome Remote Desktop
5- VNC —which by the way I have blocked its port but how is an ordinary member of the public going to know about VNC ?

Sorry Duncan, those links are about generic RDP risks and don’t seem applicable to the Windows built in app.

I can also see why scammer would not want to use the Windows app relative to some of those other apps because the Windows app doesn’t allow the remote helper to blank the local owners screen. So hackers cannot hide anything they do from the local owner.

It also seems that Home editions of Windows cannot be remote controlled via the RDP app but only by the specific Windows Remote Assistance app. The latter only works by the local usr requesting assistance, sending both an invite and a password and then accepting the remote helpers control requests – either with or without admin privileges.

I have just discovered this by using my W10 laptop to “remote control” my W10 desktop.

I hope the note above demonstrates the value of using W10 hands-on as opposed to just reading about it on the web 😉

I am having a really hard time finding this special remote access app you are talking about if its so different from what I am reading Derek.
So its NOT -Remote Desktop Protocol (RDP ) by Windows ?
The port being -3389 , the one which Windows is currently using ?
If not then give me the precise name of it according to MS and what is it called on Windows app store or any other download store ?

Hang on I accessed Windows Central and their new version (app ) is just a cosmetic UI version called -Remote Desktop App internally (software programming) its just an up to date makeover so I will post this website –Windows Central and you tell me if this is the app we are talking about , if it is, sorry Derek its just a change of name and UI , inside it works the same but if not then direct me to this special, new app ?-
https://www.windowscentral.com/how-use-remove-desktop-app-connect-pc-windows-10-0#remote_desktop_old_new

Duncan, I’m just talking about the options that come preinstalled with W10, as referred to by your original post.
Plus what I’ve leaned by trying them hands on.

I have already blocked port 3389 as well as 3388 both used by MS Windows
Here is a website on port protocol as applied to port 3389 ,as you can see its vulnerable to attack that’s why I block ports .
I have the full list of ports used by users and MS/Linux/ Apple /Mac etc it runs into 1000,s –
https://www.speedguide.net/port.php?port=3389-
quote -registered for MS WBT Server –used for (both ) windows remote desktop and remote assistance connections .
What I will say –yes its hard to activate it if its not running but yes Derek if a powerful enough computer attacks the app and interrogates it it can supply the password/code to activate it remotely that’s why I have blocked all remote access even printer SMB so I cant use a printer, the programming is still there but it gets nowhere to “talk ” to the server.

What the public don’t understand is just visiting a website allows that website to gather your IP -system type – browser used -user agent etc etc .
I just clicked on their security scan checker webpage and even without it interrogating my old PC it prints the above data but cant tell my screen resolution nor colour depth and its failed when it comes to java script as an app I have has blocked it otherwise it could provide a mile of info.
No I didn’t initiate the scan as it warns its very nosy .
Derek, a hacker can get his computer to sit on a port till its open and once any remote calling app is working he doesn’t even need to brute force his way in to take control ,here is a simple comment on it –
https://whatismyipaddress.com/hacking-targets

Duncan, I think there’s a world of difference between the actual nature of the threat from cold calling scammers and the full potential of hacking techniques. I think the latter are of much greater relevance to companies with “always on” servers holding customers’ data.

Maybe so Derek but I have observed plenty of small business owners complain about getting scammed/hacked for 10,s of £1000,s posting on Which.
I take it Which isn’t just for the general public but for SB owners as well whom I support building up British companies in the UK.
The EU definition of a SB owner is up to 50 employees and just look at the drive for “working from home ” pushed by HMG and some businesses themselves as well as females with small children ,how do they use their computers in relation to “head office ” ?— exactly as we are talking about –remote desktop so its a growing social phenomenon .

Duncan, I think all those ancillary topics are “off topic” for this particular conversation.