Tech Support Scams – Help & Resource Page
Tech support scams are a million-dollar industry and have been around since 2008. Every single day, innocent people are tricked into spending hundreds of dollars on non-existent computer problems.
There is no sign of these scams slowing down despite several actions taken by the Federal Trade Commission.
Perhaps even worse, companies right here in North America are now pulling the same tricks and taking advantage of existing and prospect customers replying to online ads.
Since we wrote our very first blog post on the subject and subsequent articles (A look behind the curtain, Turning the tables), we’ve received much feedback and many people have shared their own experiences. We believe tech support scams are despicable and need to be exposed for the greater good.
The purpose of this page is to gather all the information we have collected over time into one place which you can use as a goto resource when you need it.
- The cold call from a fake Microsoft technician
- Calling a dishonest ‘premium’ tech support company
- The Event Viewer (eventvwr)
- The System Configuration Utility (msconfig)
- The Task Manager (CPU ‘spikes’)
- The System Information (msinfo32)
- The Prefetch Files
- The Temporary Files (%temp%)
- The Fake Scanners
- The dir and tree Commands
- The Custom Virus Message
- The ‘ping’ (on Mac OS X)
- If you already let them in
- If you already paid
- Report the scam
- Shut down their remote software account
- Spread the word
How it all begins
The cold call from a fake Microsoft technician
The scam is straightforward: pretend to be calling from Microsoft, gain remote control of the machine, trick the victim with fake error reports and collect the money.
If you ever get a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is simply hang up. Scammers like to use VoIP technology so their actual number and location are hidden. Their calls are almost free which is why they can do this 24/7.
As per Microsoft: “There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”
Calling a dishonest ‘premium’ tech support company
Located in India but also in the US, these companies heavily advertise on popular search engines as well as websites with high traffic. People call them for assistance and get fooled with similar techniques employed by Indian cold callers.
Another source for these companies comes from some of their existing customers or customers of parent companies sent to them. The remote technician upsells the customer who only came to activate their software but ends up forking hundreds of dollars on “Windows support”.
If you decide to call in for remote computer assistance, you need to be very careful about which company you are going to deal with. Simply picking the top ad on a search results page could end very badly.
Unfortunately, the company/technician being from the US is no longer a guarantee for honest service. Many businesses here in the US are using the same dirty tricks to take advantage of people.
If you don’t feel comfortable doing this online, brick and mortar computer repair shops are a good alternative. Pick one near you and check for reviews, BBB ratings and such before engaging them.
The ‘technician’ requests to have remote access to your computer (taking control of it) and may use one of the following programs. Note that these applications are perfectly legitimate and used daily for good reasons. However, it is important to remember that if you run remote login software you are effectively giving a complete stranger total control of your computer.
There are too many other applications that are used for remote support to list them all here. They pretty much do the same thing which is to provide direct access to your computer from anywhere in the world.
Tricks of the trade
Once logged into your computer, the remote technician will attempt to trick you by fabricating errors or even viruses on your computer. They like to use the default Windows tools and turn them against you, hoping you’ll get scared and follow up their directions.
The Event Viewer (eventvwr)
even on Windows 8:
The Event Viewer is an application that aggregates all of the log files from your computer. It is traditionally used by system administrators to diagnose certain errors. However, most events are harmless notifications.
The System Configuration Utility (msconfig)
The Task Manager (CPU ‘spikes’)
The System Information (msinfo32)
The Prefetch Files
The Temporary Files (%temp%)
The Fake Scanners
The dir and tree Commands
The Custom Virus Message
The ‘ping’ (on Mac OS X)
Getting help (damage control)
Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.
If you already let them in
- Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
- Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.
- Change all your passwords (Windows password, email, banking, etc).
If you already paid
- Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.
- If you gave them personal information such as date of birth, Social Security Number, full address, name and maiden name you may want to consult the FTC’s website and report identity theft.
Report the scam
- In the US: File a complaint (FTC) | More information about online fraud
- In Canada: Contact Law Enforcement
- In the UK: Report fraud | Report cold call (cold calls are illegal in the UK)
- In Australia: Report a scam | Report telemarketing abuse
Shut down their remote software account
- Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
- LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.
While hanging up is the safest thing to do when you get a cold call, some people have gone on a mission to expose those scammers. While we don’t endorse this behaviour, if you do have information to share, please let us know and we will update this page with any new relevant details.
List of reported scammers
(This list is being updated on a regular basis)
- 24/7 PC Guard | 247pcguard.com | 1-888-855-7953 | Watch Scam
- 365 Tech Help | 365techhelp.co/bng/slow-pc, fastsupport.com | 1-866-539-8804 | Watch Scam
- Speak Support | speaksupport.com, 121usa.com | 1-800-806-0768 | Watch Scam
- PC Smart Care | pcsmartcare.com, pcsmartcare.us | 1-855-569-5945 | Screenshot
- PC Mask | pcmask.com | 1-877-385-1667 | Screenshot | Watch Scam