Tech Support Scams – Help & Resource Page
Tech support scams are a million-dollar industry and have been around since 2008. Every single day, innocent people are tricked into spending hundreds of dollars on non-existent computer problems.
There is no sign of these scams slowing down despite several actions taken by the Federal Trade Commission.
Perhaps even worse, companies right here in North America are now pulling the same tricks and taking advantage of existing and prospect customers replying to online ads.
Since we wrote our very first blog post on the subject and subsequent articles (A look behind the curtain, Turning the tables), we’ve received much feedback and many people have shared their own experiences. We believe tech support scams are despicable and need to be exposed for the greater good.
The purpose of this page is to gather all the information we have collected over time into one place which you can use as a goto resource when you need it.
- Cold call
- Calling for assistance
- The Event Viewer (eventvwr)
- The System Configuration Utility (msconfig)
- The Task Manager (CPU ‘spikes’)
- The System Information (msinfo32)
- The Prefetch files
- The Temporary files (%temp%)
- The fake scanners
- The dir and tree commands
- The custom Virus message
- The red Command-Line Terminal
- The ‘ping’ (on Mac OS X)
- The netstat command
- The online glossary or wikipedia trick
- The Network Access Protection (NAP)
- The notepad trick
- The Power Efficiency report (powercfg energy)
- The (value not set) registry trick
- If you already let them in
- If you already paid
- Report the scam
- Shut down their remote software account
- Spread the word
How it all begins
The scam is straightforward: pretend to be calling from Microsoft, gain remote control of the machine, trick the victim with fake error reports and collect the money.
If you ever get a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is simply hang up. Scammers like to use VoIP technology so their actual number and location are hidden. Their calls are almost free which is why they can do this 24/7.
As per Microsoft: “There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”
Calling for assistance
Located in India but also in the US, these companies heavily advertise on popular search engines as well as websites with high traffic. People call them for assistance and get fooled with similar techniques employed by Indian cold callers.
Another source for these companies comes from some of their existing customers or customers of parent companies sent to them. The remote technician upsells the customer who only came to activate their software but ends up forking hundreds of dollars on “Windows support”.
If you decide to call in for remote computer assistance, you need to be very careful about which company you are going to deal with. Simply picking the top ad on a search results page could end very badly.
Unfortunately, the company/technician being from the US is no longer a guarantee for honest service. Many businesses here in the US are using the same dirty tricks to take advantage of people.
If you don’t feel comfortable doing this online, brick and mortar computer repair shops are a good alternative. Pick one near you and check for reviews, BBB ratings and such before engaging them.
Fake pop ups claiming your computer is infected (reminding of FakeAV) are a good way for scammers to reel in innocent victims:
A new trend shows that crooks are using phishing scams as a ruse to get people to phone in, not only stealing their credentials but also claiming their account was suspended:
The ‘technician’ requests to have remote access to your computer (taking control of it) and may use one of the following programs. Note that these applications are perfectly legitimate and used daily for good reasons. However, it is important to remember that if you run remote login software you are effectively giving a complete stranger total control of your computer.
There are too many other applications that are used for remote support to list them all here. They pretty much do the same thing which is to provide direct access to your computer from anywhere in the world.
Tricks of the trade
Once logged into your computer, the remote technician will attempt to trick you by fabricating errors or even viruses on your computer. They like to use the default Windows tools and turn them against you, hoping you’ll get scared and follow up their directions.
The Event Viewer (eventvwr)
even on Windows 8:
The Event Viewer is an application that aggregates all of the log files from your computer. It is traditionally used by system administrators to diagnose certain errors. However, most events are harmless notifications.
The System Configuration Utility (msconfig)
The Task Manager (CPU ‘spikes’)
The System Information (msinfo32)
The Prefetch files
The Temporary files (%temp%)
The fake scanners
The dir and tree commands
The custom Virus message
The red Command-Line Terminal
The ‘ping’ (on Mac OS X)
The netstat command
The online glossary or Wikipedia trick
The Network Access Protection (NAP)
The Network Access Protection is a feature that mostly applies to PCs that connect to a domain. It ensures they adhere to safety standards. If this is your one and only computer, NAP should be left Off.
The notepad trick
Certain files are not meant to be read with notepad. In particular, executable files need special tools to read their ‘sections’. Therefore, it is perfectly normal that this files cannot be read as ‘text’.
The Power Efficiency report (powercfg energy)
The (value not set) registry trick
Getting help (damage control)
Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.
If you already let them in
- Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
- Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.
- Change all your passwords (Windows password, email, banking, etc).
In some cases (you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:
- Master password lock out
There are various ‘hacks’ to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utilty. It is described here.
- Missing software drivers
First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and download the appropriate driver.
- Missing files
First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.
If you already paid
- Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.
- If you gave them personal information such as date of birth, Social Security Number, full address, name and maiden name you may want to consult the FTC’s website and report identity theft.
Report the scam
- In the US: File a complaint (FTC) | More information about online fraud
- In Canada: Contact Law Enforcement
- In the UK: Report fraud | Report cold call (cold calls are illegal in the UK)
- In Australia: Report a scam | Report telemarketing abuse
Shut down their remote software account
- Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
- LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.
While hanging up is the safest thing to do when you get a cold call, some people have gone on a mission to expose those scammers. While we don’t endorse this behaviour, if you do have information to share, please let us know and we will update this page with any new relevant details.
List of reported scammers
(This list is being updated on a regular basis)
- 24/7 PC Guard | 247pcguard.com | 1-888-855-7953 | Watch Scam
- 365 Tech Help | 365techhelp.co/bng/slow-pc, fastsupport.com | 1-866-539-8804 | Watch Scam
- Speak Support | speaksupport.com, 121usa.com | 1-800-806-0768 | Watch Scam
- PC Smart Care | pcsmartcare.com, pcsmartcare.us | 1-855-569-5945 | Screenshot
- PC Mask | pcmask.com | 1-877-385-1667 | Screenshot | Watch Scam
- My Tech Gurus | mytechgurus.com | 1-866-587-1775 | Watch Scam
- MegaITSupport | megaitsupport.com | 1-888-939-3618 | Screenshot
- Click4Support | clickforsupport.net, webtechmasterhelp.com, techsupportcenter.org | Watch Scam
- PC Toolkit Pro | pctoolkitpro.com | 1-855-803-1370 | Watch Scam
- Phone scammers call the wrong guy, get mad and trash PC
- Tech support scams: a look behind the curtain
- Online PC Support Scams: Turning the Tables
- Tech Support Scams: Coming to a Mac near you
- Tech support scammers spam YouTube with robot-like warnings
- Tech support scammers target smartphone and tablet users
- Tech support scams: Show me the money
- Netflix Phishing Scam leads to Fake Microsoft Tech Support
About the author:
I am senior security researcher at Malwarebytes where I specialize on tracking down malicious websites, general online threats as well as scams.
I first got interested in the Microsoft Tech Support Scams when I received a cold call back in April 2013 while working remotely from home.
Since then I’ve been documenting the various tricks crooks use and exposing companies involved in scamming innocent people.
While law enforcement has taken actions with some success many times before, I still believe the best solution to this problem is awareness.
At the same time, as more people know about these scams, there have been an increasing number of pranks played on the cold-callers. Beside the funny aspect and the fact it is well deserved, it has made scammers eager to seek revenge and be even more aggressive.
Beyond the technological tricks which can be amusing, there remains a human element and deep socio-psychological factors at the core of this scam, all of which I find quite fascinating.
You can follow me on Twitter @jeromesegura