Microsoft's Tech Support Is Calling From Nigeria Now

Image: Getty Images

We hear the same messages from large tech companies and security specialists all the time. Don't click on links from unknown and untrusted sources, and don't fall for over-the-phone scams. Many banks and other companies never send links in email in order to "train" us in being cyber smart.

But every now and then, companies do dumb things that leave us scratching our heads. Like what Microsoft did with a friend of mine earlier this week.

My friend, who because of his work needs to remain anonymous, received a call from "Microsoft tech support". There's alarm bell number one. And where did the call originate? Nigeria. That's alarm bell number two.

As it happened, my friend had a support call in with Microsoft and the engineer that called him via Nigeria was, in fact, an actual support engineer from Microsoft. After some discussion, it was established that the engineer was working from Mumbai and that Microsoft routes its calls around the world to get the lowest call charges.

Which makes great sense except that we've spent the last 30 years being told to be aware of dodgy messages and calls from Nigerian princes.

As my mate said: "Microsoft, couldn’t you have dropped a VoIP gateway into Australia rather than Nigeria?".

Many people have been called, over recent weeks, by scammers who either are in Africa or are routing calls through there to reduce their costs. So, it's not unreasonable to expect tech companies to get wise and adjust their processes. Customers shouldn't be put into a position where they have to discern whether a call is legitimate or not.

Protecting you personal data is a big deal. And most security experts agree that one of the most effective weapons against bad guys is you - the human firewall. But when companies do dumb things that fly in the face of years of training and conditioning, they make it harder for people to make good decisions when it comes to being safe in our digital interactions.


Comments

    An anti-virus company sent me a customer survey, when you compared it to their online guide for spotting Phishing scams it failed every criteria they listed onsite, including being unsolicited, link to a third party server, tracking information, an unsubscribe button that went to a different site, and there is no mention on their site they have a business partnership with this company. The funniest part was the email was plastered with catchphrases on how secure they are and how dangerous the net is.

    I even had to complain to one of my financial institutions recently for doing the exact same thing, a third party survey asking me about my experience. Absolutely terrible, you shouldn't be training your customers to click unsolicited emails (especially surverys - thats how Cambridge Analytica stole information... surveys)

      Lots of companies do those newsletter/update things but use 3rd parties to do so. So you look at an email that's genuine but don't trust it. Or worse, you do trust it and wind up getting trained in bad behaviour and fall for the one that's a scam.

      Sometimes it's not even that it's a 3rd party, it's just that they use a ridiculous URL instead of a straight-forward one. "http://click.em.blizzard.com/" is a legit blizzard URL that's used in their emails at the moment. It's not as bad as some but it still provides opportunity for confusion. What happens when someone gets an email from http://blizzard.click.em.com" or "click.em_blizzard.com"? Will they realise the URLs are wrong or just click?

      It's honestly a terrible approach. Surely big companies could afford to send mailers out using their own domains and emails?

Join the discussion!

Trending Stories Right Now