Strong passwords and password phrases can really strengthen your defenses against hackers and attackers, but what if someone calls from Microsoft and tells you that your computer is out of compliance? Would you oblige the caller and provide information? How about letting that person have control of your computer to check the software that is installed to confirm it is in compliance?
Well, it happens everyday. These unscrupulous people randomly call and provide just enough information to sound legit. As they speak to you they glean more information and build a compelling case of deceit. Their confidence puts you at ease. In essence, these people are social engineers. They are social engineering an attack specifically geared to you using information they gather as they are speaking to you. As a rule of thumb, Microsoft will NEVER call you about a problem. If someone calls and claims to be from Microsoft, be very leery.
Here are some helpful hints from Microsoft Security Team:
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
I recently had a customer who thought their computer might be infected and received a phone call from "Microsoft". During the conversation, the fake technician asked to have remote access to their system to perform a series of tests to confirm the problems. After a brief amount of time, the fake tech claimed he found the issues and wanted $199 to complete the fix! The client, beginning to realize this was not legitimate, began talking the tech down. Another offer was made for $99 - a special discount for seniors. My customer said no again and began asking the fake tech some more information. The fake tech completely changed their attitude. Fake tech then changed the user's password, locked the computer (remember they had remote access), and told the user they would not have access to the computer until the money is paid and then hung up.
The best passwords, antivirus, and firewalls in the world can't defend against user actions. Be smart out there and don't trust unsolicited calls.
Even Wal-Mart is vulnerable:
http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm?iid=Popular
Security is up to you!
