Scam of the Week: Tech Support Exploits WanaCry Ransomware Fears

We all know about the infamous WanaCry ransomworm which caused a worldwide 1 billion dollars in damage, targeting mainly un-patched Windows 7 machines. As expected, the bad guys are now exploiting the mass media coverage and have come up with tech support scams that use the fears of people about getting infected with WanaCry.

We also know that Eastern European organized cyber crime is using the UK as their beta test site before they unleash their attacks on America. So here is your heads-up, this may very well happen to machines in your office the coming few weeks.

The UK’s cybercrime center called Action Fraud, recently released a warning regarding scams that concern WanaCry.

The bad guys use a pop-up window that appear from nowhere, refuses to close, and looks like a message claiming to be from Microsoft. It will say that the user’s workstation has been infected with WanaCry, and they are prompted to call the number flashed on the screen.

After the user calls the number they are urged to give the scammer remote access to the machine. Once granted, these scam artists run the Windows Malicious Software Removal tool – which anyone can download for nothing from Microsoft – and then demand a whopping £320 (roughly 415 dollars) as payment.

I suggest you send the following to your employees, friends, and family. You’re welcome to copy, paste, and/or edit:

“Bad guys are now trying to trick computer users into believing they are infected with the WanaCry ransomware. A popup arrives on your screen from nowhere, and you cannot get rid of it. They popup claims it is from Microsoft, that your computer is infected and that you need to call tech support.

But when you call the number you get a scammer on the phone who will try to charge you 400 dollars to run a Microsoft malicious software removal tool that anyone can download for nothing. Remember that Microsoft’s error and warning messages on your PC will never include a phone number. Also, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.”