The other customer fell for it. The scammer convinced her that he was from Microsoft, and that her PC was hacked. So she turned it on and went to the website he directed her to, and he established a remote session using showmypc. He then told her all her files were corrupt, and scared her by showing event log entries. Then he wanted her to go to Western Union send him $25. She refused and he hid her desktop icons, and hung up. She thought she lost everything and called me in a tearful panic.
She's all cleaned up now, and better educated about phone scams I hope.
Those of you who support end users, do you get calls like this?
I've seen videos posted by other forum members of pentesters using similar SE techniques to trick corporate users who should know better, pretending to be the Help Desk, or similar. Do you find that these sort of methods work better / faster than vulnerability scanning and exploitation? Or do you do both, and report the technical issues and the SE issues?