OFFICIAL SECURITY BLOG
February 11, 2014 | BY Jérôme Segura
Fake or rogue tech support companies are lurking everywhere.
Whether they cold-call you or deceive you with ads and pop-ups, you need to stay vigilant.
Before you know it, your ‘Windows’ is infested with viruses but thankfully the good guys from ‘Microsoft’ can help out for free and for a lifetime support, after you pay the one time charge of $399 or whichever amount they ask for.
But what exactly does a company that uses misleading tactics or straight out lies actually do if you were to go along all the way?
This is something I sought to find out, albeit without actually giving them any money. This article will not talk about the obvious identity theft risks when engaging with such individuals and of course does not condone social engineering scammers themselves.
Show me the money
You’d be surprised at how accommodating and flexible the fraudsters can be when they are asking for money. Most payment methods are accepted, although I have yet to come across one that would take Bitcoins.
The following screenshots were all taken from real scams before bailing out at the last second.
Once all is said and done, the technician may begin fixing your computer. If you were looking for anything fancy you will be disappointed.
The most common thing these fake tech support technicians will do is run the default Windows programs to optimize your PC (Disk Cleanup, Disk Defragmenter, etc.). In many cases, they will run free utilities they download off the web such as CCleaner, not really caring that these are for personal use only and not part of a commercial service.
The goal is to make you believe they did their job, although you can be sure they won’t be wasting too much time.
All in all, not so bad you might say. Except that paying $300 for someone to use free tools is a little bit much wouldn’t you say?
The placebo effect
Some crooks won’t even bother fixing anything for real (showing how much they care about your PC). They will simply pretend to clean things up by typing certain commands in a terminal prompt. For example, to clean up an infected network the technician will run a ping command:
“The paid version of MSE is a better product”
It gets even worse when those fake Microsoft technicians try to sell you license keys for software that was never intended to be sold.
In one particular instance, I was told the tech support company would install “a hundred percent compatible antivirus software in your computer for the lifetime.” which, to my surprise, turned out to be the free Microsoft Security Essentials.
After I pointed out that the program was already up and running on my PC, the scammers went further saying:
Microsoft Security Essentials does not recognize the viruses onto the computer because it is not a paid version. It is not the licensed version. Once we get the licensed version installed onto this you would be seeing these errors in your computer again.
Reselling free software is a well-known scam that affects many popular software makers. Contrary to affiliates who earn a commission for each sale, in this case the crooks make a hundred percent profit.
“Sit back and relax while we crack your software”
In a separate instance where the technician began ‘fixing’ my computer while I was searching for my credit card, I witnessed something that made me jump out of my seat.
After applying a few Windows updates they upgraded my copy of Windows 7 from Professional to Ultimate. While I was not entirely sure about the real benefits of doing that, I assumed it was part of their service.
But those upgrades (Windows Anytime Upgrade) can be quite costly and would be eating a large amount of the fee the crooks were asking for.
And that’s when they transferred a rather strange file (Windows_7_Loader_v1_9_7-DAZ_32Bit-64Bit) from their computers to mine.
This file, also known as a keygen, is used to crack paid software or, in this case register trial software. It is the kind of file you may found on shady websites or available as a torrent, and definitely not your official Microsoft ‘patch’.
In fact, Microsoft has sent Google several DMCA (copyright) complaints to remove this illicit program from Google’s search results.
It became obvious that the scammers were onto something bad simply to save themselves some money. For the victim, it’s a complete different story:
It would be easy to miss seeing this fraudulent act if you weren’t sitting at your computer and paying close attention as it took over half an hour and more system restarts than I can remember to perform this Windows ‘upgrade’.
Minimizing costs, maximizing ROI
One would think that these Microsoft tech support scammers only need to convince the victim, extort the money and then walk away without actually performing any ‘service’.
The truth of the matter is that many of these companies (for the most part based in India but some also in the U.S.) are trying to appear as legitimate businesses. They go to great lengths to build ‘professional-looking’ websites and some of them (few) even are official Microsoft partners or resellers for big brand names.
Performing a service after payment also shows that they aren’t simply trying to extort money. They can justify that they are actually helping out their customers – which technically they are – except that the services performed aren’t just subpar, they can also be detrimental to the victim.
On average they are earning $300 per customer but are slashing costs drastically by either using free or cracked tools. The only real cost is the time spent by the technician, who very often does multiple repairs at once.
Ultimately you reach a point where scammers will deny any wrongdoings until they’re blue in the face. They’ll even have staff scanning forums and rip-off reports replying to angry customers.
Hopefully, detailed recordings of ‘live’ scams where individuals get caught red-handed will draw enough attention onto them for police forces and global organizations to do what is necessary.
For more information on tech support scams and tips, please check out our resource page.