End of Windows 7

They say when one door closes another one opens, but in this case, it’s a window.  On January 14th, 2020, Microsoft ended its support for Windows 7.  Since Microsoft is no longer offering patches or security updates for vulnerabilities identified in Windows 7, hackers have a new way of gaining access to data for any individual or organization still running Windows 7. Outside of exploiting any identified vulnerabilities, hackers are using Windows 7 end of life as a perfect way to scam unsuspecting users of the outdated software into falling for their tricks.

Healthcare Running the Largest Percentage of Windows 7 Devices

According to Forescout Device Cloud, the healthcare sector runs “by far” the largest percentage of Windows 7 devices. This is a big problem. Since vulnerabilities will no longer be patched by Microsoft, if a cybercriminal identifies one, it could leave a healthcare organization’s protected health information (PHI) up for grabs. This is a big reason why continuing to operate on an unsupported operating system is a HIPAA violation and could result in a regulatory fine if a breach of PHI occurs.

Enter Windows 7 Support Scams

Through social engineering or other popular tactics, scammers are contacting users and posing as Microsoft employees (or other credible resources) who are simply “here to help” by looking to make sure that you obtain ongoing support for your outdated software.  They appear to be very helpful, offering you a solution to your situation.  And all that the user must do is commit to paying a fee for ongoing support or allow access to their computer so that they can install or deploy “helpful” software.

Generally, users will be contacted by telephone or via a pop-up window that alerts them to click on a link for support.  Unsuspecting victims will assume that Microsoft is deploying this via their own software, and so it must be legitimate.  It is not.

You have control over your own accounts, the business and your co-workers to a degree, but not entirely, so be sure to educate everyone in your office about the dangers that lurk about if they have Windows 7 at home, or if the systems internally have not been updated yet.

Guidelines – Be Aware!

  1. Microsoft will NEVER call you to open a support ticket. Support tickets ALWAYS have to be initiated by the consumer.
  2. Never give your credit card, banking, or other payment information over the phone to someone calling you about support.
  3. Microsoft is not liable for your mistakes. If you fall for a scam, you will not be reimbursed by Microsoft for any monies lost.
  4. Computer pop-ups can be deceiving. If you are suddenly alerted to an urgent need to update or upgrade software, it is likely a scam, especially if it is about Windows 7.

Should any of these scenarios come up, you and your employees should call your IT support team immediately.  The sooner you can bring it to their attention, the more likely it will prevent you from having a much larger crisis to deal with later.

If your organization is still using Windows 7, it is highly recommended that you upgrade your software as soon as possible. Remember, a data breach on an unsupported operating system such as Windows 7 could result in a hefty regulatory fine. If you have questions regarding how to upgrade, contact your IT support for assistance.

There is no convenient time to be disrupted by cybercriminals, but awareness can reduce your risk incredibly.

The post Windows 7 End of Life Creates New Opportunities for Scammers appeared first on HIPAA Secure Now!.