Security Tip

Who is really on the other end of the line?

Beware of fake support scams!

Your phone rings. The caller ID says ‘Windows Support,’ so you answer.

“Hi,” the caller says, giving a name. “I’m calling from Windows support. We’ve been receiving some error messages from your computer.” The caller says he can fix those errors if you give him remote access to your computer. You’re worried, so you agree.

Next, the caller says he needs to download software to your PC to fix the problem. He also requests your credit card number to pay for the software and tech support services.

Sound suspicious? It is. The tactic is commonly known as a ‘Windows support scam’ or ‘tech support scam,’ and anecdotal evidence suggests it’s on the rise.

In October 2012, the Federal Trade Commission (FTC) announced an international crackdown on Windows support scammers. But since then, publications such as Computerworld, Forbes, the San Francisco Chronicle and others have reported that the scam appears to be occurring more frequently.

The Scare Tactics
Windows support scammers succeed too often because they scare their victims into thinking something’s terribly wrong with their computer. The scenario described above is just one of their tactics. Here’s what can happen during a ‘Windows support call.’

  • In some cases, the caller ID may say ‘Windows Support’ or it displays a number from area code 425, which serves the Washington state area including Redmond—Microsoft’s headquarters. This doesn’t mean the call is legitimate, however, as scammers often use caller ID spoofing to mask the true phone number from which they’re calling.
  • The caller usually identifies himself as being from Microsoft, Dell, Cisco, an Internet Service Provider (ISP), or other known computer/service companies.
  • When you ask for proof that the caller has seen error messages from your computer, he may direct you to look at a Windows Event log on your PC. The log typically displays harmless error messages, however, which could look like legitimate problems to less savvy computer users.
  • Once they gain your confidence, scammers will try to convince you to pay for their ‘tech support services,’ which may be a one-time fee or a subscription. Not only do you pay for useless tech support, you’re giving your credit card information to a criminal, who may use it for unauthorized charges or sell it to other criminals.
  • The software that the caller downloads onto your PC to ‘fix’ it may contain Trojan horse malware designed to steal your online account information and passwords.

Windows Support Scam Variations
If all that weren’t enough, there are other types of tech support scams you should be aware of.

In January, the FTC’s website reported scams in which callers say that if you previously paid for their tech support services, you may be due a refund. They’ll ask if you were happy with their services (chances are, your answer is “no”). Or they’ll explain the company is going out of business. Because you paid for a tech support subscription from them, you’ll get a ‘refund.’ Their motive, of course, is to convince you to give them your credit card or banking information so they can steal your money instead of refunding it.

Separately, tech support scammers have been targeting mobile users, too, though cold calls or online ads, according to PC World. The mobile scam goal is usually to get you to pay for bogus tech support subscriptions of $300 a year, more or less.

There’s also the old ‘scareware’ ploy, in which some websites display bogus pop-up windows or banners telling you that your computer may be infected with spyware or viruses. The goal is to get you to purchase and download fake security software, which could be malware.

What You Can Do About It
Never give strangers remote access to your PC. Microsoft, ISPs and other companies aren’t going to call you out of the blue claiming to have seen errors coming from your computer.

Did you fall for the scam? Ask your credit card company to block or reverse the charges ASAP. You may need to be issued a new credit card.

Scan your PC for viruses, spyware and other malware using your computer’s security software. In worst-case scenarios, you may have to backup your data, reformat your hard drive, and reinstall Windows to be sure you’re rid of any downloaded malware.

Of course, the best step is to be aware of the Windows support scam so you don’t fall for it. Tell friends and family about it, too—especially those who are less savvy about computers and Internet-related scams.

Posted on December 10, 2014 by ZoneAlarm

Scam of the Week: Holiday Coupon Alert

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode, and starting with Black Friday and Cyber Monday (the busiest online shopping days), they are out to get rich with your money until the holidays are over. Bryant Bradburd, City of Seattle Chief Technology Officer, passes on this advice:

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t open any attachments and don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware. Again, don’t open any attachments and don’t enter anything.

So, especially now, be constantly alert and willing to fight back by using common sense. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off.”

If you think you might have been scammed, stay calm and call your credit card company, have that card disabled and get a new one. Happy Holidays!

Erasing your computer

As we head into the holiday season, there are a lot of ads for new computers at reasonable prices.  However, before selling or discarding an old computer, or throwing away a CD or DVD, you will want to make sure that you’ve copied all of the files you need. You’ve probably also attempted to delete your personal files so that other people aren’t able to access them.  Unless you have taken the proper steps to make sure the hard drive, CD, or DVD is properly erased, people may still be able to resurrect those files.

Published by, is a security tip for Effectively Erasing Files, by Mindi McDowell and Matt Lytle, provides this tip in a way that is easy to understand.  Visit this site to read the full article, which includes information about where deleted files go, what the risks are for not erasing them completely, information about reformatting and advice for ensuring that all your information is completely erased.

Kids and online safety from Microsoft

With the start of the school year comes the increased use of computers and the Internet at home, school and on the go.  At Microsoft’s Safety and Security Center, you can find resources in their Family Safety Center on setting rules of online safety, online bullying, social media use, playing games online and using tech on the go.  Each topic area provides tips, resources and tools you can use to help your kids stay safe online.  This information is also available in eleven languages, including Chinese, Korean, Russian and Spanish.

Online safety for college-bound kids

Previous generations didn’t need to have “the digital talk” but in a world where what goes online stays online, it’s essential.  Here are eight tips for the college-bound from our City of Seattle Office of Information Security:

1. The Internet is forever – Think about future employers, including those coveted summer internships. Don’t post anything online, including inappropriate photos, which would make a future employer think twice about hiring you. Good judgment is something employers look for, show that you have it.

2. Don’t add your address to your Facebook profile – Keep your address private. Anyone who needs your address can get it from you directly.

3. Don’t broadcast your location – Go ahead and check-in at your favorite coffee place and post photos of you and friends at a concert. Just do it sparingly. People don’t need to know where you are all the time or when your dorm room or apartment might be empty.

4. Don’t “friend” people you don’t know – Be choosy when it comes to friending people on social media. Just because someone sends you a friend request doesn’t mean you have to accept it—especially if you have no idea who they are.

5. Guard your social security number – Your social security number is a winning lottery ticket to a fraudster. It is the key to stealing your identity and taking over your accounts. Keep your social security card locked away in a safe place. Memorize the number so you can minimize using the card itself. Question anyone who asks for your social security card. Employers, banks, credit card companies and the department of motor vehicles are some of the few legitimate entities who may need your social security number. Never give it out online or in email.

6. Don’t use the same password everywhere – All your accounts need a password, but not the same one. Consider using an all-in-one password manager. If you choose this option make sure that you log out of the service when not in use. Get in the habit of locking your computer and shutting it off at night.

7. Beware of emails phishing for personal information – Be very wary of any email with a link that asks you to disclose your credit card details, username, password or social security number. These emails can look official but no bank, or other legitimate business, should email asking for this information.

8. Be Wi-Fi savvy and safe – Free Wi-Fi at coffee shops, libraries and restaurants make these great places to hang out and study. However, free comes at the cost of security. Unsecured networks create the risk of identity theft and other personal information being stolen. Make sure sites you visit use encryption software (website addresses start with https:// and usually display a lock in the browser address bar) to block identity thieves when using public Wi-Fi. Additionally, be careful to avoid using mobile apps that require credit card data or personal information on public Wi-Fi as there is no visible indicator of whether the app uses encryption. In general it’s best to conduct sensitive transactions on a secured private network or through your phone’s data network rather than public Wi-Fi.


Should your organization consider The Cloud?

Once upon a time, all software had to be directly installed onto computers—but more and more, vendors are hosting software that users access via the Cloud. Maybe you use Google Drive or Dropbox, Office 365, or a Cloud-based database. Maybe you’re interested in what such hosted services offer, but are worried about the security risks. Moving to the Cloud is not for everyone–how do you know if it’s right for your organization? The answer is simple: by evaluating it against your own particular needs., a nonprofit organization helping nonprofits make smart software decisions, has created a free new workbook, Should Your Organization Consider The Cloud, to help you to make decisions about using cloud software.

Read the full article here and receive your free copy of  help to get you started.

Have a scam free vacation

Heading out of town? Make sure you come back with a nice post-vacation glow and not a case of identity theft. Here are some things you can do to lessen the chances you’ll be a victim.

Limit what you carry. Take only the ID, credit cards, and debit cards you need. Leave your Social Security card at home. If you’ve got a Medicare card, make a copy to carry and blot out all but the last four digits on it.

Know the deal with public Wi-Fi. Many cafés, hotels, airports, and other public places offer wireless networks — or Wi-Fi — you can use to get online. Two things to remember:

  • Wi-Fi hotspots often aren’t secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, the info might be accessed by someone it’s not meant for. If you use a public Wi-Fi network, send information only to sites that are fully encrypted (here’s how to tell), and avoid using apps that require personal or financial information. Researchers have found many mobile apps don’t encrypt information properly.
  • That Wi-Fi network might not belong to the hotel or airport. Scammers sometimes set up their own “free networks” with names similar to or the same as the real ones. Check to make sure you’re using the authorized network before you connect.

Protect your smartphone. Use a password or pin, and report a stolen smartphone — first to local law enforcement authorities, and then to your wireless provider. In coordination with the Federal Communications Commission (FCC), the major wireless service providers have a stolen phone database that lets them know a phone was stolen and allows remote “bricking” so the phone can’t be activated on a wireless network without your permission. Find tips specific to your operating system with the FCC Smartphone Security Checker at

ATMs and gas stations — especially in tourist areas — may have skimming devices. Scammers use cameras, keypad overlays, and skimming devices — like a realistic-looking card reader placed over the factory-installed card reader on an ATM or gas pump — to capture the information from your card’s magnetic strip without your knowledge and get your PIN. The FBI offers tips to avoid being scammed by a skimmer.

Watch that laptop. If you travel with a laptop, keep a close eye on it — especially through the shuffle of airport security — and consider carrying it in something less obvious than a laptop case. A minor distraction in an airport or hotel is all it takes for a laptop to vanish. At the hotel, store your laptop in the safe in your room. If that’s not an option, keep your laptop attached to a security cable in your room and consider hanging the “do not disturb” sign on your door.

Still, despite your best efforts to protect it, your identity may be stolen while you’re traveling. Here’s what you can do.

eBay Users Should Change Password due to Breach

All eBay users should change their passwords immediately.  Due to a security breach, customer account information for eBay’s millions of users has been compromised.  To reset your password, here is the eBay password-reset page link .

In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ”  You can read the rest of the blog here.

According to reports and the company, the breach did not affect PayPal systems.  However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password.  It is always best to use a unique password for every online account.

Users should be especially wary of “phishing” attacks.  Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails.  Don’t get tricked – never click links in emails.  Instead, type the website name into your browser for safety.

Read more City of Seattle Department of Information Security tips at

You’ve been hacked! Now what?

From the City of Seattle, Office of Information Security – Bryant Bradbury

Maybe you opened an e-mail attachment you shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Or perhaps you’re running an out-of-date, or unpatched, operating system software (such as Windows XP) and have started to see “antivirus warnings.”  Perhaps your bank called, informing you that there has been some unusual activity on your account. Your friends and family may start complaining about spam messages they are purportedly receiving from you. These are all signs that your computer may have been hacked.

If your computer system has indeed been compromised and infected with a virus or other malware, you need to take action to protect your data and prevent your computer from being used to attack others.

Secure Your Computer

Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions. Links are provided here for Windows users and Mac users.  (In addition, note that support for Windows XP ends effective April 8, 2014. The end of support for Windows XP means that Microsoft will no longer provide new security updates and will therefore become a significant security risk. It is recommended that anyone using Windows XP migrates to products that are supported, such as Windows Vista, Windows 7 or 8.)

Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.

Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.

Secure Your Accounts

You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts.  It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.

Use separate and unique ID/password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis.  If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.

Secure Your Mobile Device

Our increased reliance on smart devices–including mobile phones and tablets–for everyday activities has resulted in an increased number of hacking attempts against these devices. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.

For More Information

You’ve been hacked, now what?

Your Email’s Been Hacked! Now What?

You Got Hacked! What Now?,2817,2403134,00.asp

Hacked: Now What?

I’ve Been Hacked! Now What?

You’ve been hacked! Now What?


Free Security Newsletter

Sign up for Microsoft’s free, monthly email security newsletter that’s packed with valuable information to help you protect your home computer. This newsletter provides practical security tips for you and your family, useful resources and links, and a forum for you to provide feedback and ask security-related questions.

Available in text and HTML formats, the newsletter is a convenient way for you to stay up to date on the latest issues, insights, and events with:

  • How-to articles and security tips
  • Security bulletins and critical updates
  • Answers to frequently asked questions on security topics
  • Information about security trials and downloads
  • Articles on helping to keep kids safe online
  • Tips from our Security Community for Home Users

View the latest security newsletter.