If you get a phone call from someone who claims to be a Microsoft technician and says your computer has problems they can fix, just hang up.
Microsoft never makes unsolicited support calls, but scammers pretending to come from the company would love to fool you into buying bogus antivirus software or letting them infect your PC with malware.
However, you might get a legitimate call from your internet service provider (ISP). So how do you avoid being a victim and what should you do if you've already fallen prey to a tech support scam?
How to tell it's a scam
In addition to pretending they come from Microsoft, scammers may claim to be from "Windows," "Windows Tech Support" or "Windows Service Center." None of these is a legitimate company.
There's a minute possibility that your ISP would call you if your computer has been infected with malware that turns it into a "bot" for hackers.
If a caller claims to be from your ISP, ask for the caller’s name, where his or her office is located, and for the office telephone number. Ask why you're being contacted by telephone, what the issue with your computer is and how the ISP could tell it was your PC specifically that had a problem.
If a call sounds legit, hang up and call the ISP yourself, then ask for the tech support department or for the person who called you specifically. Use a phone number listed on your ISP's website or on your bill, not a number that the caller gave you.
Don't be fooled by the caller ID you see on your phone, because scammers can easily spoof company names like "Comcast" or "Microsoft" in their outgoing calls. Don't be impressed, or scared, by the fact that the caller has your real name, address and phone number. Such information used to be in the phone book; now it's publicly available online.
Never give a caller your credit card number or allow them to install software on your PC.
How to report a scammer
If you want to report a scam, try to get as much information from the caller as possible: the name of the company he or she claims to work for, and the company's website, phone number or address. You'd be surprised how many of them will give that information to you.
Once you have all that information, hang up — and report the call to the relevant authorities. Microsoft has a web page dedicated to reporting tech-support scams. (opens in new tab) The U.S. Federal Trade Commission (opens in new tab) has a website for fielding complaints, while the Canadian Anti-Fraud Centre has a toll-free number at 1-888-495-8501.
What to do if you fell for a scam
If you made the mistake of letting the caller remotely access your PC, then it's time for drastic action. First, download and install legitimate antivirus software; we recommend that you pay for it, but some of the free stuff is almost as good. Then, run a scan.
While the software is installing, change the passwords on the user accounts on your PC. You don't have passwords on the user accounts? You should, and you should also create a separate administrative account that alone has the power to install, modify or delete software.
If you gave the scammer your credit card number, then you really need to act fast.
"Call your credit card provider and ask to reverse the charges," says the FTC Web page on tech-support scams (opens in new tab). "Check your statements for any other charges you didn't make, and ask to reverse those, too."
You should also contact one of the three credit-reporting agencies — Equifax, Experian or TransUnion — and ask it to place a free 90-day credit alert on your file. (Experian doesn't operate in Canada.) The agency you contact will alert the others. You'll be notified if someone tries to open an account in your name.
Computers do develop problems and do get infected by malware. But remember that if either happens, it's up to you to call tech support or to install antivirus software. Tech support will never call you first.