I know several people who have fallen victim to scam computer support this year. If someone calls you and tells you that they work with Microsoft and your computer is infected, don’t download anything they tell you to. Microsoft does not call people offering help. If you get an official looking popup that says to call a number to fix an urgent issue or remove a virus, it is most likely a scam. You should know the name of your antivirus program so you won’t fall for fake virus notices popping up. If you believe you really are infected, find someone you trust to help.
Once on the phone, the scammer will tell you how to view your computer’s Windows Event Log which will show lots of errors. That may look really bad, but every computer is going to have plenty of errors in the log. Most are unimportant minor issues with programs (like whenever Firefox or Internet Explorer freezes) and are not a sign of viruses. They will offer to fix your computer for some fee (often $200). If you download their program they have full control over your computer. It is a scam. If you are lucky all they will do is take your money. With full control of your computer, they could infect it with their own spyware and take your personal info and passwords for identity fraud whether you pay them or not.
Some may not even pretend to be helping you, they will just set a password on your computer and lock you out until you pay them. Depending on your setup, an experienced technician may be able to clear the password and allow you access to your computer again. Or be able to copy your files to a new hard drive.
You should also immediately change passwords for all sensitive online accounts for anyone who uses that computer, especially: email accounts, banks, credit cards, credit unions, brokerages, retirement accounts, Mint, and social media accounts like Facebook (which could be used to impersonate you to scam other relatives or friends), etc. Put a fraud alert and/or credit freeze on your credit at each of the three credit bureaus for anyone who might have had tax records or social security numbers in a file on the computer that was compromised.
Also consider two-factor authentication for any financial accounts. That can be done for email and Facebook as well. When activated, logging into that website from an unrecognized computer will require a code sent to your cell phone. While this can occasionally be annoying, you won’t have to use the code all the time since most of the time you will be using the same few computers.
Once these sleazy hackers get control of your computer, most security experts agree, it is best to backup your data and reinstall Windows. That is the only way to ensure they don’t still have some hidden trojan or malware on your computer to steal your personal data and all your new passwords.
If someone from your internet provider emails or calls you telling you that your computer is infected, that might actually be true. But still be very careful. I don’t know if they would offer to fix it over the internet for you, but they may ask you to download a free antivirus from their site to fix the issue. If you aren’t sure they are legitimate, you can always tell them you will have someone else fix it. Or call your internet company’s main support number directly so you know it is them you are talking to.