/ Money

More than £600 lost to ‘Microsoft hacker’ con

Frank got in touch with us when he received a phone call, allegedly from Microsoft, stating that his computer had been ‘hacked’. Here’s what happened next.

Back in May, Frank was phoned by scammers purporting to be from Microsoft.

They told him that criminals ‘engaged in child pornography’ had hacked his PC, and that it was his responsibility to work with ‘Microsoft’ to solve the problem.

Fake threats and intimidation

He was warned that if he ignored these requests he could be charged by the police.

Horrified, he agreed to pay £94 over the phone by card to restore his PC’s safety. But he later suspected it was a scam and hung up.

Frank immediately contacted his card provider, Nationwide, and discovered that a further £523 had been taken without his authorisation.

Nationwide refunded both sums, but then changed its mind and took the larger sum back. He wasn’t clear on why.

Unauthorised transactions

In almost all cases, banks should refund unauthorised transactions without argument or delay, so we contacted Nationwide.

It admitted it had made a mistake – the two refunds were processed as ‘Visa disputes’, rather than fraud cases, which gave the recipient of the money a chance to challenge the larger refund.

Nationwide said:

‘Having reviewed the matter, it’s clear the £523 was a fraudulent payment and this should have been passed to our fraud team and should never have been re-debited”

It refunded the money plus lost interest, apologised to the victim and paid £100 in compensation.

The case is a salutary lesson in ensuring you’re put through to the fraud department, rather than a general customer service line, if you are unlucky enough to experience banking fraud.

What is a ‘vishing’ scam?

This particular scam is known as ‘vishing’, in which fraudsters attempt to deceive people into believing they are speaking to a representative of another trusted company or agency.

We’ve seen similar variants recently with scammers posing as Amazon Prime renewals and even Visa’s ‘fraud department’.

Our guide to phone scams can help you spot a scam like this before it goes too far. Here are the top tactics to watch out for.

Have you ever been intimidated into making payments over the phone? Could you spot a vishing scam?

Comments

Faye, thanks for sharing. Good to hear that Which? persuaded Nationwide to correct their errors.

Nationwide behaved unprofessionally by refunding the money and then changing its mind.

The number of scam cases is worrying and my view is that each case should be investigated before making refunds, taking into account what blame can be attributed to the customer and what is due to deficiencies in the company’s procedures.

This is mainly aimed at males as they are usually the ones visiting “porno” websites its usually blackmail .
As someone who went through the late 60,s/70,s Hippy period I have a very open mind when it comes to sex but I have little or no sympathy for those getting their computers hacked / malware downloaded etc because they do .
Do those males not realise every website you visit is data collected first by your ISP then a multitude of others ?
It leaves you completely open to blackmail .
Every tech website I have visited / posted on etc comments on this and provides a long list of those spying on you , this results in you being “categorised ” and secretly diminishes your chances of a government type job .
You are tracked round the web , sleazy adverts shown to you , search engines show many “sex ” type websites as they “put you in a box ” .

Things have moved on , in the USA you have-
1-Facebook sextortion scams
2-sextortion by email
3-sextortion by bot
and very sleazy-

4-underage girl sext scam
5-sexting a minor (or so you think )
both could involve criminal action against you in the UK.

I have all the full details and how its done if anybody is interested (but maybe not ) ?

Hi Duncan, There is no evidence that these scams are linked to the browsing habits of the people the criminals are scamming. Your comment will be upsetting to anyone who has been a victim of these scams and particularly Frank who has been through an horrendous experience. We want Convo to be a welcoming space to everyone – please bear this in mind when commenting on sensitive subjects.

Sorry duncan, but I do not see the relevance of your comment. This was not, as far as I can see, about someone visiting inappropriate sites. I regularly get blackmail emails about alleged activity recorded on web cam demanding I pay bitcoins to prevent widespread distribution. I don’t visit naughty sites.

This is about being tricked into making a payment and the way banks should respond, In this case, Frank authorised a £94 payment and that was his own responsibility. An unauthorised payment of £523 was then taken and it is that one only that should have been refunded.

In general I’m concerned about the ease with which banks pay out 3 figure sums as “compensation” – depositors’ money of course – and while they made a mistake in this case, so did Frank in not recognising a possible scam.

My experience, incidentally, of Nationwide has been a very helpful and quick response to dealing with suspect payments made from an account.

I do not know any easy answer to such money scams, whether by card or online bank transfers. Ideally we should not allow bank accounts, or card payment accounts, to be set up by dubious people. But, as we have seen, such accounts may be “legitimate” – set up by students and lent to others for example – and may well be in other countries where we have limited powers. Our best approaches are to educate customers, regularly update then with warning and details of new scams, limit the way more vulnerable people can use their accounts – by choice or imposed – and investigate cases more thoroughly.

Where the receiving bank has contributed to the execution of the fraud, by some negligence or inadequate system for example, they should bear part or all the cost of a refund, not the customer’s own bank. Where a card fraud has been perpetrated then the organisation giving card trading facilities to the fraudster should provide redress. Maybe they will then be more diligent in who they allow to use their services?

While there are enough “Franks” in this world who are public spirited enough to want to help and naïve enough to be taken in, there will be criminals willing to cash in. As I’ve said previously, the success rate in detecting and catching these immoral beings is poor and thus they succeed and prosper. What is more puzzling is the ability of these people to help themselves to any amount of money from an account because they hold the bank details. There should have been some mechanism in place to verify Frank’s £94 agreement as being the only payment that was made. Not only did these criminals take that, but they were able to make a second withdrawal and possibly could have made more. In addition, there is no safeguard in place to ensure that Frank’s £94 was going where he thought it was. Frank wasn’t asked, and no detail of the reason for payment was secured by the bank, they simply shifted the money. In the old days, at the bank counter, you filled in a form and no one was able to steal money. Perhaps there should be an electronic equivalent.

Vynor, exactly. There should, perhaps, be some mechanism to ensure that any “voluntary” payment can only be a one-off. This might require a little inconvenience for both sides, such as requiring confirmation from the customer each time a payment is attempted.

In Frank’s case, it seems he paid over the phone. So he may have had to give all his card details including the 3 digits of the security code to the scammers.

When I use my card on the Internet, those used to be all the data needed for a payment.

Nowadays, a separate text message pin is often also required.

To protect people you have to tell them the dangers in what goes on in the digital world all I did was be honest , I cant see how that could possibly be an “attack ” on Frank its certainly a changed world when you cant warn people of the dangers in life without being accused of being “insensitive ” ,my post wasn’t directed at Frank it was a general warning of the latest scams usually perpetrated against males .
Look where the Army adverts are getting them , a non realist impression of real army life.

Duncan – I think it’s a case of too much information. You always seem to look for the worst examples and give them much more attention than they deserve. There are plenty of other Which? Conversations where you can post details of the latest scams. I also believe you overdo the defence of masculinity.

I think it must be made clear that there was nothing to suggest that ‘Frank’ had done anything to put him at risk of blackmail.

Again, I have neutralised the ‘thumbs down’ under you comment but that does not mean I agree with it.

If you understand basic computer technology and the law, ensure you have antivirus protection in place, it is far less likely that you will fall for this scam.

How would anyone know that your computer is “hacked”, unless they already have direct access to it? In which case, you have a severe problem. They must know your IP address to connect to your computer. And for most Internet Service Providers (ISPs) that IP address is not permanent.

And even if they could access your computer remotely, a reputable company like Microsoft, would never do so without your prior and explicit authority. That would be a criminal offence under the Computer Misuse Act 1990, punishable by fine or imprisonment.

In general, the very best hacks go undetected 😉

That said, if an ISP were monitoring traffic on their network, they might be able to detect some activities caused by hacking, such as the traffic associated with a botnet.

And, of course, if hackers claim to be from BT, they ought not to fool anyone who has chosen a different ISP.

While your first paragraph is basically correct just by visiting a website a whole raft of detail are taken including your IP and while most of the general public do not have a fixed IP they still know your location even when your ISP changes it .
As remote access is built into Windows 10 when you install it all a remote interrogator has to do is activate it , with no malware its not too hard to get a user to click on something to get access ,with malware installed –no problem making use of your computer.
Millions don’t realise that their computers are being used to generate bitcoins , their processor percentage will rise for a start slowing down your computer.

I wish it was as simple as you say Em but its not far from it .

Duncan, at least on Windows 10 Home, Windows Remote Desktop (msra) is disabled by default. As far as I can see, it can only be activated locally, not remotely.

So any cold calling scammers will have to trick or coach their victims into activating it.

Older Home versions of Windows don’t seem to include this app (msra), so that may explain why these scammers prefer apps like TeamViewer, which should work on all PC’s.

I’ve never used msra myself, but it seems that the usual way of instigating its connections is via an invitation file that is sent to the remote party. For that, the scammers would need to disclose something like an email address and get the file emailed to them. That sounds like a lot more effort than just sharing passcodes, as when using TeamViewer.

Thats why I said–“its not too hard to get a user to click on something to get access ” ,have a read of –
https://www.darkreading.com/endpoint/the-risks-of-remote-desktop-access-are-far-from-remote/a/d-id/1331820
don’t worry its not the “dark web ” .
The FBI have a warning on Windows remote desktop protocol-
https://smallbiztrends.com/2018/10/rdp-hacking.html
notice this-
According to the FBI, use of Remote Desktop Protocol as an attack vector has increased since mid to late 2016. The rise in RDP attacks has in part been driven by dark markets selling Remote Desktop Protocol access. These bad actors have found ways in which to identify and exploit vulnerable RDP sessions over the Internet.
For small businesses who use RDP to control their home or office computers remotely, more vigilance is required including implementing strong passwords and changing them regularly.

In its announcement, the FBI warns, “Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.”
Notice Derek—Attacks using the RDP protocol do NOT require user input.
Also what about Windows Remote Assistance ?

If you think that’s all its not what if the user has –
1-Logmein activated
2- Team Viewer
3-Anydesk
4-Chrome Remote Desktop
5- VNC —which by the way I have blocked its port but how is an ordinary member of the public going to know about VNC ?

Sorry Duncan, those links are about generic RDP risks and don’t seem applicable to the Windows built in app.

I can also see why scammer would not want to use the Windows app relative to some of those other apps because the Windows app doesn’t allow the remote helper to blank the local owners screen. So hackers cannot hide anything they do from the local owner.

It also seems that Home editions of Windows cannot be remote controlled via the RDP app but only by the specific Windows Remote Assistance app. The latter only works by the local usr requesting assistance, sending both an invite and a password and then accepting the remote helpers control requests – either with or without admin privileges.

I have just discovered this by using my W10 laptop to “remote control” my W10 desktop.

I hope the note above demonstrates the value of using W10 hands-on as opposed to just reading about it on the web 😉

I am having a really hard time finding this special remote access app you are talking about if its so different from what I am reading Derek.
So its NOT -Remote Desktop Protocol (RDP ) by Windows ?
The port being -3389 , the one which Windows is currently using ?
If not then give me the precise name of it according to MS and what is it called on Windows app store or any other download store ?

Hang on I accessed Windows Central and their new version (app ) is just a cosmetic UI version called -Remote Desktop App internally (software programming) its just an up to date makeover so I will post this website –Windows Central and you tell me if this is the app we are talking about , if it is, sorry Derek its just a change of name and UI , inside it works the same but if not then direct me to this special, new app ?-
https://www.windowscentral.com/how-use-remove-desktop-app-connect-pc-windows-10-0#remote_desktop_old_new

Duncan, I’m just talking about the options that come preinstalled with W10, as referred to by your original post.
Plus what I’ve leaned by trying them hands on.

I have already blocked port 3389 as well as 3388 both used by MS Windows
Here is a website on port protocol as applied to port 3389 ,as you can see its vulnerable to attack that’s why I block ports .
I have the full list of ports used by users and MS/Linux/ Apple /Mac etc it runs into 1000,s –
https://www.speedguide.net/port.php?port=3389-
quote -registered for MS WBT Server –used for (both ) windows remote desktop and remote assistance connections .
What I will say –yes its hard to activate it if its not running but yes Derek if a powerful enough computer attacks the app and interrogates it it can supply the password/code to activate it remotely that’s why I have blocked all remote access even printer SMB so I cant use a printer, the programming is still there but it gets nowhere to “talk ” to the server.

What the public don’t understand is just visiting a website allows that website to gather your IP -system type – browser used -user agent etc etc .
I just clicked on their security scan checker webpage and even without it interrogating my old PC it prints the above data but cant tell my screen resolution nor colour depth and its failed when it comes to java script as an app I have has blocked it otherwise it could provide a mile of info.
No I didn’t initiate the scan as it warns its very nosy .
Derek, a hacker can get his computer to sit on a port till its open and once any remote calling app is working he doesn’t even need to brute force his way in to take control ,here is a simple comment on it –
https://whatismyipaddress.com/hacking-targets

Duncan, I think there’s a world of difference between the actual nature of the threat from cold calling scammers and the full potential of hacking techniques. I think the latter are of much greater relevance to companies with “always on” servers holding customers’ data.

Maybe so Derek but I have observed plenty of small business owners complain about getting scammed/hacked for 10,s of £1000,s posting on Which.
I take it Which isn’t just for the general public but for SB owners as well whom I support building up British companies in the UK.
The EU definition of a SB owner is up to 50 employees and just look at the drive for “working from home ” pushed by HMG and some businesses themselves as well as females with small children ,how do they use their computers in relation to “head office ” ?— exactly as we are talking about –remote desktop so its a growing social phenomenon .

Duncan, I think all those ancillary topics are “off topic” for this particular conversation.

Just to bring this topic back on track, and to prove that I at least read the original article, let’s remind ourselves that this is a TELEPHONE scam. Nothing to do with remote access or hacking. Nothing to do with any activity that you actually perform on your computer or because you are male. People’s fear of the unknown of hacking is just the hook that the scammers use.