Have you ever received a call from a mysterious person claiming to represent a legitimate company? The person then proceeds to ask you for payment information for some bogus good or service he is providing after some social engineering to convince you of his legitimacy. Many years ago, I received a call claiming to be from the company I had purchased a computer from within the past 1-2 years. Within approximately 1 minute, I was being asked for my credit card number so that I could purchase some software he was supposedly offering. After being rebuffed, he quickly hung up. In my case, the caller had my phone number and knew that I had done business with the company in question, which leads me to believe that he was an insider of some kind; perhaps a rogue employee who was using his access to company information to scam consumers.
Microsoft recently took legal action against at least one company that it accused of running bogus tech support scams. Among other things, Microsoft accused them of offering to fix a virus while doing nothing (or installing malware) and charging money to “fine tune” the computer using free programs. According to page 13 of the legal complaint, the fine tuning was necessary because a supposed infection had damaged system files.
Generally speaking, you should avoid making payments, giving any kind of personal information (e.g. name, address, date of birth, Social Security number, account numbers, usernames, and passwords), or following instructions to visit a link when you are uncertain of a caller’s identity. You should be especially suspicious if the call was unsolicited. You could be sending your money/information to a scammer or infecting your computer with malware that steals sensitive information. If the call is from a legitimate party, it is safer to tell them that you will call them back. You can then make the call using a phone number you know is legitimate.