At least $1.7m lost since February to scams where fraudsters impersonate Microsoft tech support (original) (raw)

SINGAPORE – At least $1.7 million has been lost since February in at least 10 reported cases of scams involving the impersonation of Microsoft technical support officers.

In such cases, victims typically encounter a pop-up alert purportedly from Microsoft on their computer’s internet browser, said the Singapore Police Force and Cyber Security Agency of Singapore (CSA) in a joint advisory issued on June 9.

The alert would inform victims that their devices have been hacked or compromised and that they have to contact a “technical support officer” via an internet-based phone number to resolve the issue. An internet-based phone number is an eight-digit phone number which starts with “3”.

Upon contacting the “technical support officer”, the victims would be transferred to speak to another scammer impersonating a police officer and would then be informed that their device had been used for illegal activities such as money laundering.

They would then be instructed to make bank transfers or provide banking credentials to assist with police investigations.

In some cases, the victims were instructed to grant remote access of their devices to the scammers by downloading remote access applications or by clicking a link which would allow the scammers to take control of the victims’ bank accounts.

The victims would realise they had been scammed when unauthorised transactions were made in their bank accounts.

Reminding the public to remain vigilant against such technical support scams, the police and CSA advised the public to verify the authenticity of such alerts through their respective software providers’ official channels.

“Microsoft does not include phone numbers in its error or warning messages,” they said.

“If you encounter suspicious pop-up alerts, you should refrain from calling any numbers displayed, avoid clicking any links or buttons within the alerts, and close them by exiting the browser.”

If anyone thinks he has fallen for a scam, he should:

• Disconnect from the internet or turn the computer off to prevent further unauthorised access.
• Contact the bank to halt any unauthorised transactions.
• Remove any applications installed at the scammer’s instructions.
• Perform a full anti-virus scan and delete any malware detected.
• Change the account passwords and banking credentials using a separate trusted device.
• Remove any unauthorised payees added to the bank accounts.
• Report the incident to the Police and to CSA’s SingCERT at singcert@csa.gov.sg or via the reporting form at www.csa.gov.sg/singcert/reporting

The police and CSA reminded members of the public that government officials will

not

, over a phone call or e-mail, ask anyone to transfer money, disclose banking log-in details, install mobile applications from unofficial app stores, or transfer your call to the police.

They also reminded the public to take precautions against scams by adding the ScamShield app, checking signs on official sources and that their computer’s security software is updated, as well as telling the authorities and people around them if or when they encounter scams.