How Microsoft worked with CBI to take down Windows tech support scamming firms in India

As our dependency on laptops and PCs grow with ‘work from home' setups, scammers get a bigger ground to play on and a larger audience to play with. And scammers can dupe you in various ways, one of which is a phone call impersonating someone from a genuine company.

There have been several cases where users have received calls from Microsoft ‘authorised' executives to fix their Windows PC, which was working just fine. These executives call to report a fake flaw and inform users that it must be taken care of immediately. And fixing that would mean you need to pay them some fees.

If you have encountered similar calls, that, my friends, was probably a scam call.

Why? Because Microsoft never calls you to offer fixes or report your Windows device. All it has to do is to send an update over-the-air, which includes the fix.

So, why are we talking about it today? That's because Microsoft and the CBI recently joined hands for a collaborative effort to take down a network of fraudulent companies involved in tech support scams, targeting Microsoft customers.

Also read: Microsoft is impersonated the most by hackers for phishing emails

What exactly happened?

“Probably four or five years ago, Microsoft started to receive reports from customers that they believed that they might be a victim of a scam,” said Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia to HT Tech in an interview. “So we set up a reporting tool that allowed people to report directly to Microsoft when they had been a victim of a scam.”

Schrade says that Microsoft got over half a million reports via this tool over the years. The firm initially noticed that cold calls from India were made to Windows PC users in the US asking to fix the device as it had some 'serious' software problems. Later, these became more advanced with automated pop-ups on screens asking them to call Microsoft executives at the earliest to get it fixed. The number was that of a scammer sitting in India.

“So it started out with cold calls, and then it evolved to pop-ups on people's computers where a box would come up and say this is Microsoft. If you don't call us immediately, you will lose all the information on your computer,” said Schrade. “Then it would connect to a call centre where they would diagnose a fake issue with your computer and then charge you varying amounts of money, depending on how much they thought they could get out of the victim, and to report it to purportedly repair that problem.”

However, Schrade says that this wasn't it. The scam evolved further. And this time it was completely different.

Also read: An SMS phishing scam is duping netizens by pretending to be Apple chatbot

The fraud network from India started installing malware or unwanted software remotely to PCs, without the user sitting on the other side of the screen, knowing it. This was probably followed by a similar pop-up, asking users to call the number and get it fixed. However, this malware didn't just exist to make users call these fake executives and get it solved for a price.

“We've heard reports that some of this malware might leave a backdoor open into the victim's computer so that even after the tech support scammers disconnect, there's a possibility that they could go back into the victim's computer and obviously do anything that you would do if you could get access to someone's computer,” said Schrade during the interview.

And these cases were then finally referred to the CBI.

The team at Microsoft and how it worked on identifying these scams

As Schrade says, Microsoft's security team is not a usual one. “Our digital Crimes Unit is made up of lawyers and investigators but we also have data scientists and a variety of other technical people that you might not normally have in a legal department.”

These come in addition to a 3,500-large in-house cybersecurity team that works closely in such cases.

So, the cybersecurity team including researchers and Windows Defender teams were asked to look into the code and see what is happening to the malware-affected PCs. The test was then done on a completely segregated computer, which was not a part of the company's corporate network.

“One group of our data scientists did a poll of all of the pop-ups that were found at a particular time and took the phone numbers.” These phone numbers were being used by the criminals/scammers. “And so our investigators were able to call the phone numbers, and then record what happened to their computer during the course of that engagement with the scammers.”

Although Schrade did not reveal the techniques Microsoft uses to zero-down on the firm, its office and the location, she did mention that one of the ways of tracking the company and reaching them is via their payment accounts.

It has been explained that when a victim has to make a payment to supposedly fix the problem on their computer, their payment has to go to them at some point. So seeing how the flow of money is happening is one way of figuring that out.

Some scammers even prefer to get paid via gift cards. “And while that is a way to disguise who the recipient is, it's not as effective because people now become suspicious,” says Schrade. “And the people who work at the stores will often ask questions of someone who's buying a large volume of gift cards at a time that's not a holiday time or something like that just to make sure that they're not becoming a victim.”

The accused companies

Reporting on the same news, PTI agency stated that CBI conducted searches on some accused company's premises. These were New Delhi-based Softwill Infotech Private Limited and Saburi TLC Worldwide Services Pvt. Ltd, Jaipur-based Innovana Think labs Limited and Systweak Software Private Limited, Noida-based Benovellient Technologies Private Limited, and Noida and Gurugram-based Saburi Global Services Pvt Ltd.

It is said that CBI got hold of a ‘plethora of digital evidence' that suggested nefarious activities by these firms. It also seized assets worth ₹190 crore (roughly $25 million).

But that's not even a handful of companies, what about many others?

Of course, it is not possible for Microsoft to work with CBI all the time and take down all such scammers and fraud companies as these keep popping up from time to time. There's no permanent solution for now. What, however, might become one is if users get more aware of such scams, specially the elderly, who don't understand much of technology and are easy prey for scammers.

Schrade adds that Microsoft is already working on making people aware in the US since that is one of the target markets for such scams besides Canada and Europe. It is working with a nonprofit association for people who are of retirement age. They have a magazine, a website as well so as more and more people can be warned about this.

“We're also looking at other deterrent ways of referring cases. For example, when we become aware that a particular merchant account is being used by the criminals, we refer or let the Visa or MasterCard know so that they can investigate," Schrade said.

Essentially, Microsoft is trying to keep the message simple. If you get a call from Microsoft for PC repair, simply hang up. Like we said above, if you have a real issue, the company will patch it up with a software update that will roll out OTA.

A whole lot of Indians still remain susceptible to malware and ransomware attacks

Schrade thinks that this might be a possibility due to the massive population. We're talking 1.6 to 1.7 times as high as the rest of the world.

Also, the numbers may be higher because the people who have computers are not doing as much to patch or update their systems, she says. When a patch comes out, criminals then create malware to leverage the weakness that is being fixed by the patch. And these are targeted to those who haven't updated their systems with the latest fixes yet.