Fraudulent calls from people purporting to be from Microsoft or another well-known company and claiming they have detected some sort of problem - typically a virus infection - with your computer and offering to fix it for you are all too common.
Most iTWire readers will hang up, but some will string the caller along just to waste their time.
Security vendor ESET has published a lengthy report describing how the scams work.
1. Don't trust anyone who cold-calls. If you live in a jurisdiction with a "don't call me" opt-out registry of some sort, consider subscribing to it.
Australia does indeed have a Do Not Call Register, but business numbers are not accepted. Another issue is that "fault rectification calls" can be legitimately made to numbers on the register. So the important part is "Don't trust anyone who cold-calls."
2. Terminating such a phone call rather than trying to find out more about it lessens the risks to you. In fact, any cold call should be regarded as suspicious until proven otherwise, and more so if it offers security advice. At the very least, verify the source and authenticity of any offer of service, and don’t be panicked by warnings of immediate threat into making unwise decisions.
Cold calls should be treated with the utmost suspicion. It is almost certainly best to hang up. ACMA's advice is "Always be vigilant when receiving any unsolicited phone calls to your number and if you suspect it is a scam simply hang up."
3. If someone says you have a virus problem – or other system problem – ask them how they know. There are circumstances under which a service provider may have the ability to identify the owner of an infected machine, but most people and companies – won't generally be able to do that.
It might happen that the scammer claims to be from your ISP. If they pick one of the big names - especially Telstra - there's a reasonable chance of being right. So hang up anyway.
4. If you think there really may be some truth to the call, find out exactly who is calling you. Support scammers tend to be evasive about who they really are and who they represent. But if they do give you details, don’t take their word for it. Verify.
Part of the problem is that companies have trained us to "verify our identity" whether we call them or they call us, so unless you're on your guard from the start there's a risk of letting slip some information that could be used against your interests. So if you get such a call and you really think you need to talk to Microsoft or Optus or whatever and you don't already know its phone number, obtain it from a non-internet source such as the paper White Pages or from a bill you've received. Definitely don't trust anything the caller tells you. The longer you let them talk to you, the more chance you're giving them to suck you in.
5. Anyone can claim to be anyone on the phone. And if you have caller-ID, don’t take it for granted that the number you can see is genuine, even if it looks ok. Legitimate callers do sometimes withhold their numbers or simply show as international.
And if you pick up the phone and there's 'dead air', just hang up. If the caller is not waiting on the line, they're very likely to be someone you don't want to talk to. A genuine caller would ring back, a scammer will move on to the next number.
6. Even if they are who they say they are, that doesn’t mean their intentions are legitimate, and it doesn’t mean they have a right to call you.
It depends what you mean by "a right". Having a phone is arguably an implicit invitation for others to call you, subject to restrictions such as the Do Not Call Registry and unlisted numbers. But you are definitely entitled to ignore a ringing phone or to hang up on a caller!
One final observation: the way these scammers use remote control/screen sharing applications to mess around with their victims' computers has given that type of software a bad name in some quarters. There are many bona fide businesses of various sizes that use programs such as TeamViewer to provide their customers with remote support to save the expense of an on-site visit. A big difference is that they don't phone strangers and claim to have detected a problem with their computers!