I know several people who have fallen victim to scam computer support this year. If someone calls you and tells you that they work with Microsoft and your computer is infected, don’t download anything they tell you to. Microsoft does not call people offering help. If you get an official looking popup that says to call a number to fix an urgent issue or remove a virus, it is most likely a scam. You should know the name of your antivirus program so you won’t fall for fake virus notices popping up. If you believe you really are infected, find someone you trust to help.
Once on the phone, the scammer will tell you how to view your computer’s Windows Event Log which will show lots of errors. That may look really bad, but every computer is going to have plenty of errors in the log. Most are unimportant minor issues with programs (like whenever Firefox or Internet Explorer freezes) and are not a sign of viruses. They will offer to fix your computer for some fee (often $200 to $300). If you download their program they have full control over your computer. It is a scam. If you are lucky all they will do is take your money. With full control of your computer, they could infect it with their own spyware and take your personal info and passwords for identity fraud whether you pay them or not. In the best case scenario, they are just over charging you to do a poor job of cleaning up your computer, maybe installing some free or pirated anti-virus and anti-malware software and doing some Windows updates for you.
Some may not even pretend to be helping you, they will just set a password on your computer and lock you out until you pay them. Depending on your setup and how they locked your computer, an experienced technician may be able to clear the password and allow you access to your computer again. Or be able to copy your files to a new hard drive. But often paying the ransom is the only solution if you don’t have your files backed up, but there is no guarantee they will unlock your files.
You should also immediately change passwords for all sensitive online accounts for anyone who uses that computer, especially: email accounts, banks, credit cards, credit unions, brokerages, retirement accounts, Mint, and social media accounts like Facebook (which could be used to impersonate you to scam other relatives or friends), etc. Put a fraud alert and/or credit freeze on your credit at each of the three credit bureaus for anyone who might have had tax records or social security numbers in a file on the computer that was compromised.
Also consider two-factor authentication for any financial accounts. That can be done for email and Facebook as well. When activated, logging into that website from an unrecognized computer will require a code sent to your cell phone. While this can occasionally be annoying, you won’t have to use the code all the time since most of the time you will be using the same few computers.
Once these sleazy hackers get control of your computer, most security experts agree, it is best to backup your data and reinstall Windows. That is the only way to ensure they don’t still have some hidden trojan or malware on your computer to steal your personal data and all your new passwords.
Someone I know who fell for this now gets these calls several times a week hoping they will fall for it again. They cannot get the calls to stop over a year later without changing their phone number.
If someone from your internet provider emails or calls you telling you that your computer is infected, that might actually be true. But still be very careful. Instead of taking their word for it, get their name and extension number and call them back at the technical support number listed on your bill and tell them you were contacted by them about having a virus. I don’t know if they would offer to fix it over the internet for you, but they may ask you to download a free antivirus from their site to fix the issue. If you aren’t comfortable doing that, you can always have someone else fix for you.