“This is an important call from Microsoft Windows Security.”
No, it isn’t. Like phone calls claiming that you have an unsettled debt or a toll road fine from New Jersey, calls claiming to be from Microsoft, Apple, or Google are dangerous cons.
We, the computer users, are the weakest link in the chain of computer security. The best anti-virus software, the most secure browser and up-to-date applications cannot prevent us from making mistakes that allow hackers to access data.
Be a skeptical computer user and assume your data are at risk.
My wife and I do not use Windows at home, yet we receive phone calls claiming to be a special Microsoft security team. A friend of mine who works in information security plays along with these callers, acting like a novice computer user. When the “security expert” asks my friend to launch Microsoft Remote Desktop or another remote-control application, he launches an application on his Linux system and tracks the source of the attempted hacking. He passes the information along to the FBI Cyber Crimes Division in Pittsburgh, Pennsylvania.
If any unexpected caller asks you to log-in to your computer and start a remote-control application, hang up and be sure your anti-virus software scans for malware, ransomware, and other infections.
Unless you called technical support, never give someone control of your computer. You wouldn’t hand over the keys to your car if a “technician” approached you in a parking lot. Don’t hand over your data to a thief.
Long ago, in the ancient days of DOS, PC Anywhere (later pcAnywhere) allowed you to call into a PC with a dial-up modem. The software wasn’t secure, but the odds of someone knowing the phone number to the modem were low. Then along came the Internet and locating computers became a lot easier. By 2014, Symantec discontinued pcAnywhere over security concerns.
In April 2017, many of the National Security Agency’s hacking tools were released online by the hacker collective Shadow Brokers. Among the hacks were several tools for remotely controlling computers and stealing data. Microsoft has continued to release emergency patches as code has leaked online. Some of the NSA tools have been used in recent international attacks.
The most serious hacking tools that target Windows, macOS (previously OS X), and Linux require direct access to at least one computer on a network. Unfortunately, it seems that people not knowing better have allowed hackers posing as technicians remote access to computers at banks, hospitals, power plants, schools, and more.
Remote access is as good as sitting at the keyboard of a computer. A skilled hacker can create a virtual second monitor or workspace that the user never sees.
The United States Computer Emergency Readiness Team (CERT) posts the latest news on attacks to their website, us-cert.gov, and many of these attacks were the result of users not realizing they were handing over the keys to data. Large organizations are particularly vulnerable to imposter technical support calls.
It’s not just phone calls that are tricking computer users: fake “pop-up” alerts designed to look like Windows and macOS warnings lead users astray. These fake alerts appear genuine and warn that a computer has been infected with a virus, malware, or other infection. Users unsuspectingly click the “remove” button and open the computer to attackers.
Sadly, you also need to be skeptical of technicians we should be able to trust. A quick search reveals pages of stories about technicians from national chain stores copying data from customer computers or even installing hacking tools on the systems.
Technicians can also steal data when they upgrade storage and keep the old drive. When you update a hard drive or solid-state drive, ask for the old drive. Never let a technician dispose of the drive for you unless you absolutely trust that person with your identity.
When I receive a computer back from service, I check to see what the technicians did. At a university, even though I’m a technician, work must be performed by the IT department. I have worked at a university that released IT workers for violating data privacy rules. Many people click “save password” when using websites. The technicians only need your primary passwords to start unlocking other passwords, especially with the macOS Keychain or Google Chrome’s password database.
Using the Console on macOS, you can read the logs of what was done on an Apple computer. On Windows, Event Viewer offers similar functionality. If your system doesn’t seem normal after a service call, you can check the logs to see what programs were used. There are also tools to determine what programs are running in the background on a computer: Activity Monitor on macOS and Task Manager on Windows.
Some malicious code can still hide, which is why you absolutely should run malware detection software on a computer on a regular basis.
Many people are surprised to learn recycling centers pose another threat to your data. You might have erased or reformatted a disk drive, but unless you used a Department of Defense Standard 5220.22-compliant erasing utility, data remain on the drive. To fully erase a drive, it should be overwritten more than a dozen times and then degaussed with a magnet. KillDisk for Windows and the macOS Disk Utility include 5220.22 media erasing.
We walk around with our computers wirelessly transmitting data over public wireless networks and we use public USB charging stations. We do those things not always considering the risks. But, there are other risks.
I’ve watched people toss away USB thumb drives. Do not do this if the drive ever carried important data. The only way to properly dispose of such a device is to crush it. Destroy the device to protect the data.
Laptops, tablets, and phones are easily lost or stolen, too. If your portable device synchronizes accounts and passwords with your main computer, or if the portable is your main computer, losing it almost guarantees identity theft and future hacking. Set every device to require a password at all times. No device or computer should start without requiring a secure password.
Apple, Google, and Microsoft have started to include “self-destruct” features in their phones and tablets. Centrally managed computers running Windows can also be erased remotely by an administrator, but most personal computers cannot be erased if stolen. Your best hope is to make it difficult to access the computer.
Security starts with not trusting other people with our computers.