What to do If You are Victim of a "Windows" Phone Scam

The best solution to any scam of course, is not to fall victim to it in the first place.  Never give out any personal information to anyone who you have not cleared first.  It's okay to give your account number to the bank teller, but don't give it to anyone else. Try not to let your credit cards out of your sight and don't let anyone get access to your computer that you haven't paid to work on it already.  


I have a special hate for people who perpetrate this particular scam though, because they prey on people who are elderly and do not have any knowledge of computers.  I do remote technical support on contract and I've gotten several panicked calls from people who have been victimized by this scam.  In one case, the client was lucky because she didn't have any financial information on her computer at all (she did everything the old fashioned way) and she called my contractor right after it happened.   She was still out the $50 that the bank charged and days and days of inconvenience, but that was it.  Most people aren't nearly so lucky and can lose their savings, face immense charges that take months to straighten out and even potentially lose their social security. 

Once the scammer gets a hold of your financial information (social security number, bank account numbers, birth date, credit cards and so on - and they only need one or two pieces to pull the rest), they can open accounts, buy houses and other goods in your name, access your current accounts, rack up tons of charges online or in person, and so on.  They can even collect your social security.

Here is what the scam looks like:   Someone calls you on the phone claiming to be from "the Windows company" or Microsoft or Best Buy.  They tell you that your computer is infected with many many viruses, bugs, etc.  They then tell you that they need to clean your computer and it will cost $199.99.  They ask for your credit card number and then ask for access to your computer via remote control software.   Once they are in your computer, they can get access to everything you have if you keep any financial information on your computer at all.  This includes access to banking sites, online shopping sites like amazon, etc.   Most of these sites may encrypt passwords, but they still leave accessible files called cookies which the hacker can grab to gain access to those sites and accounts.  They can also install a keystroke logger to capture any passwords you may enter going forward.

As I said before, the best solution is not to fall for the scam in the first place.  Microsoft, Best Buy or any other computer company will not ever call you to tell you that you have an infected PC.   A general rule for any scam is never to give anyone financial information online or over the phone who you have not already verified.   You can expect amazon.com to be mindful of how they handle your credit card information, but Joe Schmoe is under no such obligation.

Barring that, if you or someone you know falls victim to a scam:

1) Immediately call the banks and credit companies to notify them that your account information has been stolen and that the card needs to be cancelled and all outstanding charges need to be reviewed.  They will close that account and give you a card with a different number.  Yes, it will be inconvenient but it's better than having to deal with fraudulent charges.

2)  Change every password to every financial institution and online store where you shop or do transactions.  Also talk to the banks and have them change the pin numbers on your debit cards, if they don't issue you a new card (see step 1). 

3)  Change your email passwords immediately and notifiy your provider that your account has been hacked.  If you have google or yahoo, they have special procedures to handle account hacking.  You may want to be sure you have copies of all your emails because they may have to shut your mail account down and create a new account for you.

4) If they got access to your computer and not just your credit card information, make sure you have the computer thoroughly checked over by a professional, if not wiped and re-installed.  Just running a virus scan yourself won't do it.  It's very easy to install malware or keystroke loggers that won't show up on most virus scanners.

5)  Contact the 3 major credit bureaus to notify them of the fraud and have them put a notice on your credit record.  That will put companies on alert to verify any unsual transactions and provide you with some legal recourse in the case of fraudulent accounts or charges.  Also get a copy of your credit report and verify that all the accounts that show up are valid.

6)  Call the Social Security Administration and make sure your social security account is secure.

7)  Call your local police and contact the FTC.  If you were victim of a phone scam, it is a crime and should be reported.  Your local police can also help you with further actions to take.  I realize that most phone scammers don't get caught, but there's more of a chance if it's reported.

There are a number of companies that offer identity theft services.  I have never used them so I can't advise on the best ones, but they will handle many of the actions you need to take in case of identity theft.  Some also insure you against more than X dollars in damage, so that is another advantage. 

Here are some additional resources to help in case of an online or phone scam.

1) The Federal Trade Commission for phone scams

2) US Government Internet Fraud Information

3)  Consumer Fraud Reporting  (non-government site)  I wouldn't report anything here, but they do have good information.

4) Internet Crime Complaint Center (joint FBI, FTC and Dept. of Justice site)

5) Your local police.  They often have a department that focuses on fraud and knows how to help.