Be alert to the "callback" scam

Being that I repair and sell computers, it is natural that I get a lot of questions about computer security. With such a complicated subject, sometimes the answers change with time or a good answer isn’t easy to communicate. Many principles stay the same, though.

Before I get into that, though, I want to thank all of you who replied to my last email with positive messages and well wishes. Thank you!

Also, welcome to the new subscribers who just joined in the last week or so. You can expect me to share my experience and opinions about computers, operating systems, applications and related tech topics. If you are new, or haven’t read last week’s email, here’s a link:

Bringing back the Orange Computer Monthly Giveaway

This week, the topic is unfortunate, but should be addressed and shared as I have talked with many who have fallen victim to what I am about to describe.

I used to hear a lot from people about what I dubbed “the phone scam”. In the early years, scammers claiming to be “someone from Microsoft” would call saying that there was suspicious activity, a virus or some other ruse to get the receiver of the phone call to allow the “someone from Microsoft” to remotely control their computer.

The scammer, using Remote Desktop software, would “show” the owner of the computer that something was wrong with their computer, but that it could be fixed with a $400 service package (or some kind of similar offer).

Now, most people are wary of any incoming calls like this and will just hang up and not even get close to allowing the scammer to remote into their computer, so the scammers have changed their tactics.

The new tactic is to create a reason for you to initiate the call to the scammer.

This is known as Callback Phishing and has become a serious problem in the last year or so with a large increase in victims.

It works by lowering your wariness because you made the call to the scammer. This trick is surprisingly effective.

The ways in which scammers get you to call them are numerous, but have similarities.

It is often an email letting you know that your package couldn’t be delivered… but call this number to sort things out. However, the email isn’t really from a company that sent you a package or the carrier like UPS or FedEx. It is from a scammer trying to trick you into calling that number.

Sometimes it will be an email bill or receipt for a high dollar item, that you didn’t really purchase, with a message saying “to dispute this charge, call this number”. I recently got one of these emails, myself, which prompted me to write about this topic.

It can even be malicious advertising on search websites when you search for instructions on how to install the printer you just purchased. The “tech support” phone number in the mal-vertising is to a scammer who pretends to help you with your printer, but runs the same kind of “oh, no! Your computer is infected with a virus. We can fix that for $400” confidence scam that the “someone from Microsoft” used to do with incoming calls years ago.

This is unfortunate, because legitimate use of Remote Desktop software can be helpful, but scammers are taking advantage of it to such a degree that my advice is to not let anyone remote into your computer unless you know them… and even then to be cautious and be on guard for scammy upsells.

Reply or Forward

Feel free to reply to this email if you have thoughts or questions, would like help with a computer issue, or are interested in buying a refurbished computer.

You can also forward this email to anyone you think would find it valuable.

Until next time,

— Matthew from Orange Computer