Windows 7 End of Life Creates New Opportunities for Scammers

With the surge of businesses switching to remote work during the pandemic, some employees are using personal devices to do their job at home. Make sure that these devices' operating systems are up-to-date and educate your employees about these possible Windows 7 support scams.

They say when one door closes another one opens, but in this case, it’s a window. On January 14th, 2020, Microsoft ended its support for Windows 7. Since Microsoft is no longer offering patches or security updates for vulnerabilities identified in Windows 7, hackers have a new way of gaining access to data for any individual or organization still running Windows 7. Outside of exploiting any identified vulnerabilities, hackers are using Windows 7 end of life as a perfect way to scam unsuspecting users of the outdated software into falling for their tricks.

Healthcare Running the Largest Percentage of Windows 7 Devices

According to Forescout Device Cloud, the healthcare sector runs “by far” the largest percentage of Windows 7 devices. This is a big problem. Since vulnerabilities will no longer be patched by Microsoft, if a cybercriminal identifies one, it could leave a healthcare organization’s protected health information (PHI) up for grabs. This is a big reason why continuing to operate on an unsupported operating systems is a HIPAA violation and could result in a regulatory fine if a breach of PHI occurs.

Close up of Windows key on a keyboard

Enter Windows 7 Support Scams

Through social engineering or other popular tactics, scammers are contacting users and posing as Microsoft employees (or other credible resources) who are simply “here to help” by looking to make sure that you obtain ongoing support for your outdated software. They appear to be very helpful, offering you a solution to your situation. And all that the user must do is commit to paying a fee for ongoing support or allow access to their computer so that they can install or deploy “helpful” software.

Generally, users will be contacted by telephone or via a pop-up window that alerts them to click on a link for support. Unsuspecting victims will assume that Microsoft is deploying this via their own software, and so it must be legitimate. It is not.

You have control over your own accounts, the business and your co-workers to a degree, but not entirely, so be sure to educate everyone in your office about the dangers that lurk about if they have Windows 7 at home, or if the systems internally have not been updated yet.

Guidelines – Be Aware!

  • Microsoft will NEVER call you to open a support ticket. Support tickets ALWAYS have to be initiated by the consumer.
  • Never give your credit card, banking, or other payment information over the phone to someone calling you about support.
  • Microsoft is not liable for your mistakes. If you fall for a scam, you will not be reimbursed by Microsoft for any monies lost.
  • Computer pop-ups can be deceiving. If you are suddenly alerted to an urgent need to update or upgrade software, it is likely a scam, especially if it is about Windows 7.

Should any of these scenarios come up, you and your employees should call your IT support team immediately. The sooner you can bring it to their attention, the more likely it will prevent you from having a much larger crisis to deal with later.

If your organization is still using Windows 7, it is highly recommended that you upgrade your software as soon as possible. If you have questions regarding how to upgrade, contact your IT support for assistance.

There is no convenient time to be disrupted by cybercriminals, but awareness can reduce your risk incredibly.

Have questions? We can help!

Next Century Technologies has been helping businesses with IT since 2001! Call us at 859-245-0582 or click here to reach out to us.

We are a proud partner of HIPAA Secure Now!, a company of HIPAA experts dedicated to helping medical entities stay compliant and keeping their data safe.  Thank you HIPAA Secure Now! (www.HIPAAsecurenow.com) for the contents of this article.

Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.

Posted in

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.