/ Money

More than £600 lost to ‘Microsoft hacker’ con

Frank got in touch with us when he received a phone call, allegedly from Microsoft, stating that his computer had been ‘hacked’. Here’s what happened next.

Back in May, Frank was phoned by scammers purporting to be from Microsoft.

They told him that criminals ‘engaged in child pornography’ had hacked his PC, and that it was his responsibility to work with ‘Microsoft’ to solve the problem.

Fake threats and intimidation

He was warned that if he ignored these requests he could be charged by the police.

Horrified, he agreed to pay £94 over the phone by card to restore his PC’s safety. But he later suspected it was a scam and hung up.

Frank immediately contacted his card provider, Nationwide, and discovered that a further £523 had been taken without his authorisation.

Nationwide refunded both sums, but then changed its mind and took the larger sum back. He wasn’t clear on why.

Unauthorised transactions

In almost all cases, banks should refund unauthorised transactions without argument or delay, so we contacted Nationwide.

It admitted it had made a mistake – the two refunds were processed as ‘Visa disputes’, rather than fraud cases, which gave the recipient of the money a chance to challenge the larger refund.

Nationwide said:

‘Having reviewed the matter, it’s clear the £523 was a fraudulent payment and this should have been passed to our fraud team and should never have been re-debited”

It refunded the money plus lost interest, apologised to the victim and paid £100 in compensation.

The case is a salutary lesson in ensuring you’re put through to the fraud department, rather than a general customer service line, if you are unlucky enough to experience banking fraud.

What is a ‘vishing’ scam?

This particular scam is known as ‘vishing’, in which fraudsters attempt to deceive people into believing they are speaking to a representative of another trusted company or agency.

We’ve seen similar variants recently with scammers posing as Amazon Prime renewals and even Visa’s ‘fraud department’.

Our guide to phone scams can help you spot a scam like this before it goes too far. Here are the top tactics to watch out for.

Have you ever been intimidated into making payments over the phone? Could you spot a vishing scam?


Faye, thanks for sharing. Good to hear that Which? persuaded Nationwide to correct their errors.

Nationwide behaved unprofessionally by refunding the money and then changing its mind.

The number of scam cases is worrying and my view is that each case should be investigated before making refunds, taking into account what blame can be attributed to the customer and what is due to deficiencies in the company’s procedures.

This comment was removed at the request of the user

Hi Duncan, There is no evidence that these scams are linked to the browsing habits of the people the criminals are scamming. Your comment will be upsetting to anyone who has been a victim of these scams and particularly Frank who has been through an horrendous experience. We want Convo to be a welcoming space to everyone – please bear this in mind when commenting on sensitive subjects.

Sorry duncan, but I do not see the relevance of your comment. This was not, as far as I can see, about someone visiting inappropriate sites. I regularly get blackmail emails about alleged activity recorded on web cam demanding I pay bitcoins to prevent widespread distribution. I don’t visit naughty sites.

This is about being tricked into making a payment and the way banks should respond, In this case, Frank authorised a £94 payment and that was his own responsibility. An unauthorised payment of £523 was then taken and it is that one only that should have been refunded.

In general I’m concerned about the ease with which banks pay out 3 figure sums as “compensation” – depositors’ money of course – and while they made a mistake in this case, so did Frank in not recognising a possible scam.

My experience, incidentally, of Nationwide has been a very helpful and quick response to dealing with suspect payments made from an account.

I do not know any easy answer to such money scams, whether by card or online bank transfers. Ideally we should not allow bank accounts, or card payment accounts, to be set up by dubious people. But, as we have seen, such accounts may be “legitimate” – set up by students and lent to others for example – and may well be in other countries where we have limited powers. Our best approaches are to educate customers, regularly update then with warning and details of new scams, limit the way more vulnerable people can use their accounts – by choice or imposed – and investigate cases more thoroughly.

Where the receiving bank has contributed to the execution of the fraud, by some negligence or inadequate system for example, they should bear part or all the cost of a refund, not the customer’s own bank. Where a card fraud has been perpetrated then the organisation giving card trading facilities to the fraudster should provide redress. Maybe they will then be more diligent in who they allow to use their services?

While there are enough “Franks” in this world who are public spirited enough to want to help and naïve enough to be taken in, there will be criminals willing to cash in. As I’ve said previously, the success rate in detecting and catching these immoral beings is poor and thus they succeed and prosper. What is more puzzling is the ability of these people to help themselves to any amount of money from an account because they hold the bank details. There should have been some mechanism in place to verify Frank’s £94 agreement as being the only payment that was made. Not only did these criminals take that, but they were able to make a second withdrawal and possibly could have made more. In addition, there is no safeguard in place to ensure that Frank’s £94 was going where he thought it was. Frank wasn’t asked, and no detail of the reason for payment was secured by the bank, they simply shifted the money. In the old days, at the bank counter, you filled in a form and no one was able to steal money. Perhaps there should be an electronic equivalent.

Vynor, exactly. There should, perhaps, be some mechanism to ensure that any “voluntary” payment can only be a one-off. This might require a little inconvenience for both sides, such as requiring confirmation from the customer each time a payment is attempted.

In Frank’s case, it seems he paid over the phone. So he may have had to give all his card details including the 3 digits of the security code to the scammers.

When I use my card on the Internet, those used to be all the data needed for a payment.

Nowadays, a separate text message pin is often also required.

This comment was removed at the request of the user

Duncan – I think it’s a case of too much information. You always seem to look for the worst examples and give them much more attention than they deserve. There are plenty of other Which? Conversations where you can post details of the latest scams. I also believe you overdo the defence of masculinity.

I think it must be made clear that there was nothing to suggest that ‘Frank’ had done anything to put him at risk of blackmail.

Again, I have neutralised the ‘thumbs down’ under you comment but that does not mean I agree with it.

If you understand basic computer technology and the law, ensure you have antivirus protection in place, it is far less likely that you will fall for this scam.

How would anyone know that your computer is “hacked”, unless they already have direct access to it? In which case, you have a severe problem. They must know your IP address to connect to your computer. And for most Internet Service Providers (ISPs) that IP address is not permanent.

And even if they could access your computer remotely, a reputable company like Microsoft, would never do so without your prior and explicit authority. That would be a criminal offence under the Computer Misuse Act 1990, punishable by fine or imprisonment.

In general, the very best hacks go undetected 😉

That said, if an ISP were monitoring traffic on their network, they might be able to detect some activities caused by hacking, such as the traffic associated with a botnet.

And, of course, if hackers claim to be from BT, they ought not to fool anyone who has chosen a different ISP.

This comment was removed at the request of the user

Duncan, at least on Windows 10 Home, Windows Remote Desktop (msra) is disabled by default. As far as I can see, it can only be activated locally, not remotely.

So any cold calling scammers will have to trick or coach their victims into activating it.

Older Home versions of Windows don’t seem to include this app (msra), so that may explain why these scammers prefer apps like TeamViewer, which should work on all PC’s.

I’ve never used msra myself, but it seems that the usual way of instigating its connections is via an invitation file that is sent to the remote party. For that, the scammers would need to disclose something like an email address and get the file emailed to them. That sounds like a lot more effort than just sharing passcodes, as when using TeamViewer.

This comment was removed at the request of the user

Sorry Duncan, those links are about generic RDP risks and don’t seem applicable to the Windows built in app.

I can also see why scammer would not want to use the Windows app relative to some of those other apps because the Windows app doesn’t allow the remote helper to blank the local owners screen. So hackers cannot hide anything they do from the local owner.

It also seems that Home editions of Windows cannot be remote controlled via the RDP app but only by the specific Windows Remote Assistance app. The latter only works by the local usr requesting assistance, sending both an invite and a password and then accepting the remote helpers control requests – either with or without admin privileges.

I have just discovered this by using my W10 laptop to “remote control” my W10 desktop.

I hope the note above demonstrates the value of using W10 hands-on as opposed to just reading about it on the web 😉

This comment was removed at the request of the user

Duncan, I’m just talking about the options that come preinstalled with W10, as referred to by your original post.
Plus what I’ve leaned by trying them hands on.

This comment was removed at the request of the user

This comment was removed at the request of the user

Duncan, I think there’s a world of difference between the actual nature of the threat from cold calling scammers and the full potential of hacking techniques. I think the latter are of much greater relevance to companies with “always on” servers holding customers’ data.

This comment was removed at the request of the user

Duncan, I think all those ancillary topics are “off topic” for this particular conversation.

Just to bring this topic back on track, and to prove that I at least read the original article, let’s remind ourselves that this is a TELEPHONE scam. Nothing to do with remote access or hacking. Nothing to do with any activity that you actually perform on your computer or because you are male. People’s fear of the unknown of hacking is just the hook that the scammers use.

There also have been a spate of e-mails saying that one has acessed porn sites and the hacker has recordings of one “enjoying the site” from one’s own webcam.Pay a ransom in Bitcoin or the film will be sent to one’s contact list. As my computer doesn’t even have a webcam, it is clearly just a random blackmail try-on.

It has been going on for ages. I wonder if any one has been taken in? I doubt they would tell us. 🙁