The Steel Guitar Forum Store 

Post new topic Windows Defender Scam????
Reply to topic
Author Topic:  Windows Defender Scam????
Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 4 May 2021 10:48 am    
Reply with quote

Got the following email in my spam folder today. I called the number, which is real. After telling them that I don't use Norton, McAffee or Webroot security software, he then tells me that this charge is for the rights to use Windows Defender (which I also don't use) on my Windows computer. My understanding has always been that Windows Defender was part of Windows and there was no extra charges if you use it (which I do not).

Has anyone else run into this? I am pretty sure it is a scam.

Forgot to add, he wanted to access my computer to see if I am indeed using Defender. Not going to happen in my lifetime.



_________________
Carter D10 8p/9k, Regal RD40 Dobro, "The Loar" (brand) mandolin, Cozart D6 lap steel, NV400, Evans DPR2 preamp, Rockville power amp, Ibanez acoustic/electric guitar.
View user's profile Send private message Send e-mail

Jack Stoner


From:
New Port Richey Florida
Post  Posted 4 May 2021 12:37 pm    
Reply with quote

Total scam.
_________________
GFI Ultra D-10, Quilter Travis Toy 12 Amp, NUX Atlantic Del/Reverb, MatchBro, Cakewalk Sonar and Studio One Pro V4.6 DAWs, MOTU 4pre(for sale).
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 4 May 2021 6:53 pm    
Reply with quote

Richard, didn't you find the poor English and word choices to be suspicious before you called the number? Bad grammar, misspellings and unusual word combinations are dead giveaways that an email is a scam.

Not all email scams are so poorly composed. Those take more analysis. But emails like this need no further exploration to determine that they are scams.

Richard, if you still have that email, please forward it to me as an attachment so I can read the headers and trace where it came from and add it to the appropriate blocklist. If you don't know how to forward as an attachment, send me a PM and I will guide you through it.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 4 May 2021 7:03 pm     Re: Windows Defender Scam????
Reply with quote

Richard Sinkler wrote:
I called the number, which is real. After telling them that I don't use Norton, McAffee or Webroot security software, he then tells me that this charge is for the rights to use Windows Defender (which I also don't use) on my Windows computer. My understanding has always been that Windows Defender was part of Windows and there was no extra charges if you use it (which I do not).


Richard;
Unless you are using an ancient version of Windows, like XP, you are using Windows Defender. It is an integral part of Windows 10 and is virtually impossible to disable. Even if you have no other anti-virus software, you do have Defender watching your six. As you guessed, you don't have to pay for it. It is part of Windows, always running in the background, updating silently as needed, staying out of the way unless something bad happens. It is getting better all the time.

I am glad you caught onto the scam before giving remote access to the scammer. He would have planted a backdoor, plus a keylogger or ransomware on your computer.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 5 May 2021 3:52 am    
Reply with quote

Wiz... The first thing I did notice was the part that says:
Quote:
the services automatically renewed for which you has charged $448.99
. Bad grammar.

Being pretty sure it was a scam, I called the number (which I expected wasn't real but it was) to scream, yell, cuss, accuse, and just basically make myself feel better. First he was telling me that the charge was for Norton, McAfee, Webroot, all of which I have used in the past (at least 5 years ago) and I never put antivirus software on autorenew because every one of them charge more to renew than to go buy brand new software. So naturally I was concerned. Then he started saying it was for continued use of Defender. I remember reading something about Defender, that installing 3rd party antivirus disables Defender, thus my comment about me not using it. When I started telling him that I knew about other companies, people, etc can get into your computer to do diagnostics, repairs and other really crappy stuff, it set him back a little. When I laid into him about it being a scam, he countered by saying that he has not asked for any private info, to which I screamed "YET!!!" and yelled at him that gaining access to my computer would be just as bad as giving him all my info. He tried to convince me he would just check to see if I was using Defender. After cussing him out, I told I would call him back if I needed to. After all, I might need an outlet for another fit of rage.

Wiz... PM me the email you want me to forward that email to. I know how to forward as an attachment.

I really had fun ripping into this putz.
_________________
Carter D10 8p/9k, Regal RD40 Dobro, "The Loar" (brand) mandolin, Cozart D6 lap steel, NV400, Evans DPR2 preamp, Rockville power amp, Ibanez acoustic/electric guitar.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 5 May 2021 6:16 am    
Reply with quote

Richard;
Even though Defender is sometimes disabled when it detects other anti-malware programs, it gets instantly turned back on if those programs stop monitoring in real time. In the case of Malwarebytes, it is never shut off, even though Malwarebytes Premium has a real time monitor. I have both protecting my computers.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Jack Stoner


From:
New Port Richey Florida
Post  Posted 5 May 2021 8:00 am    
Reply with quote

I use Windows Defender and Malwarebytes Premium (I have one of the lifetime Malwarebytes licenses). I've used other Antivirus programs but Windows Defender, along with Malwarebytes, has served me well.

Although it is an obvious scam, one word that hit home is
"kindly". I do support on the Dell forums and see "Kindly" used frequently in posts by users from India.
_________________
GFI Ultra D-10, Quilter Travis Toy 12 Amp, NUX Atlantic Del/Reverb, MatchBro, Cakewalk Sonar and Studio One Pro V4.6 DAWs, MOTU 4pre(for sale).
View user's profile Send private message Send e-mail

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 5 May 2021 10:56 am    
Reply with quote

The phone number is a New York number (but could forward to somewhere else). While the guy had a little bit of an accent, it didn't sound Indian. I also forgot to mention that I called the number and got a voice-mail. I left a message to call me, and he did.

Wiz... I'll forward the email in a little bit.
_________________
Carter D10 8p/9k, Regal RD40 Dobro, "The Loar" (brand) mandolin, Cozart D6 lap steel, NV400, Evans DPR2 preamp, Rockville power amp, Ibanez acoustic/electric guitar.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 5 May 2021 6:19 pm    
Reply with quote

Richard's scam email came from Italy, from a computer named "DESKTOP-286KB9O", possibly from a "botted" computer. I have reported it through SpamCop. The email template was composed in India by English speaking Indian scammers. I learned this from the source code, which includes several sentences like this one, all stating the language country code as EN-IN, meaning English-India.

<p class="MsoNormal"><span lang="EN-IN">Hello Customer,<o:p></o:p></span></p>

and this line: <p class="MsoNormal"><span lang="EN-IN">This is Kevin Peter, Manager ...
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 6 May 2021 2:14 am    
Reply with quote

Thanks. You're amazing.
_________________
Carter D10 8p/9k, Regal RD40 Dobro, "The Loar" (brand) mandolin, Cozart D6 lap steel, NV400, Evans DPR2 preamp, Rockville power amp, Ibanez acoustic/electric guitar.
View user's profile Send private message Send e-mail


All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and accessories
www.SteelGuitarShopper.com
BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron
The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Click Here to Send a Donation

Email SteelGuitarForum@gmail.com for technical support.