The tech support scam is making the holiday rounds and researchers at Tripwire are warning potential victims.

Lamar Bailey, senior director of security research and development at Tripwire, said cybercriminals use “robo calls” to tell unsuspecting consumers they work for Microsoft and have identified malware on the potential victims' computer.

The second part of the scam involves the caller being transferred to a call center in India where a worker reads a prepared script which directs the victim to install malware on their system. In most cases, the malware being installed looks to steal financial login credentials and payment card data.

Bailey said: "Most people simply don't imagine that a cyberattack can be initiated over the phone, but these scams ultimately lead to malware being installed on your computer.”

The call center workers may not be aware that they are installing malware. If a victim deviates from the script, the call workers are often flustered and don't know how to proceed.

“Microsoft won't call you to say something's wrong with your computer,” Bailey said.

“If you're concerned that the call might be legitimate and you want to ensure you're not missing something, hanging up and calling the organization or company back on a verifiable phone number is a good policy," he explained. "If you're having a hard time understanding which actual company to call, that's probably a red flag.”

Source: SCMagazine