Tech support scams have been around since about 2008, but it seems like there has been a uptick in the frequency that they are happening these days.  In today’s post I will go over what these scams are, how to spot them, and what to do about them.

What are tech support scams?

Tech support scams are essentially the same as IRS scams, but instead of telling you that you owe money to the IRS, they get money from you to provide a fake service on your computer. These scams are started in one of two ways. The first way is that you will get a call from someone claiming to be from Microsoft, or a Microsoft Certified Partner. They will typically tell you that they have detected a virus on your computer or network and that you need to have them fix it as soon as possible. The second way is from a popup message while you are browsing the internet. These popups will usually sound very scary and imply that your hard drive is about to be erased and that you need to call the toll free number on the screen so that they can fix it. Some of the messages are even accompanied by alert sounds or someone talking.

Once these companies have made contact with you they will offer a free remote session to diagnose the problem. Once they are connected to your computer they will proceed to do several fake scans to show you the fake infections. Once they are done with all of their fake scans, they will tell you that for a low price they can connect you to a technician who will fix the problem. This price is anywhere from $99 on up to several hundred dollars. If you pay them the money they will then install some software, usually freely available software, and tell you that you are secured.

How to spot tech support scams

Here are just a couple of examples of tech support scams. There are hundreds of variations of these messages out there. Basically any message that says you are infected, and that you need to call a toll free number for support, is a scam.

Tech Support Scams
Example alert message, notice the countdown timer before the hard drive supposedly gets erased? No matter how long that message is loaded the timer never changes. That is because it is actually just a static image file.
Tech Support Scams
This message is also very common with these types of scams. This message even says not to restart your computer. That is because restarting your computer is all you need to do to fix the “problem”, but you aren’t supposed to know that.
Here are some examples tactics, that these scammers use to trick you into thinking something is wrong with your computer.
This is an example of a fake scan that the scammers run, is simply a list of all of the folders on your hard drive. While the list is being displayed, then can type any message that they want. When the list is done, what they typed will appear to be a message about finding viruses. In this example I started the “scan” by typing “dir /s” and while the folders were being listed I typed “ALERT! 341 VIRUSES FOUND!!!”.
Another common tactic that scammers use is to tell you that hackers have turned off Microsoft services so your computer is not being protected. Sometimes they will even claim that hackers are in your computer while you are on the phone with them. Services being stopped on your computer is perfectly normal. In fact, your computer could have as many as 50% of the services stopped at anytime. Not all services are needed all of the time and they will not run when they are not needed.
When the scammers tell you that there are hackers in your computer, they will typically run a program, called “netstat” that shows all active connections on your computer and they will tell you that those are hackers. In reality those connections are perfectly normal. The screen to the left shows how many connections happen just from opening a browser and going to A scammer will tell you that those are hackers connected to your computer.

Another classic tactic that scammers use is to show you the event log built into Windows. The event log shows a list of all logged events that happen on the computer. The scammers will filter the log to show you errors and warnings and claim that those are all issues that have been caused by a virus or by hackers. In reality those errors, for the most part, are perfectly normal. In the example to the left you can see hundreds of errors and warnings. Those are all perfectly normal and are reported on a perfectly clean, normally functioning, computer.

What you should do.

If you get a call from someone telling you that they have detected a virus on your computer, just hang up on them, it is a scam. If you get a popup on your computer about a virus and to call tech support, don’t click on anything or try to close the popup, just restart the computer. Right now, this is the best way to get rid of those popups without potentially causing other problems.

If you have already been the victim of one of these scams and paid the scammers money, I would recommend calling your credit card company and see if they can reverse the charges. The second thing I would recommend is contacting us so that we can check out your computer to make sure they didn’t cause any real damage.

What if you have been the victim of one of these scams and allowed someone to connect to your computer but you did not pay them? In that case, I would recommend contacting us so that we can check out your computer to make sure they didn’t leave any malware or spyware behind.

Worst Case Scenario

In a worst case scenario, the scammer may run a program called “syskey”. Syskey is a program that password protects Windows and you will not be able to use your computer without the password.

If this happens there is a good chance that you will have to reinstall Windows and all of your software. Fortunately, you should be able to recover most of, if not all, of your personal information such as documents, pictures, and music.

If you have been a victim of this scam, please contact us to see if we can help you recover your data.

Windows Syskey
Windows Locked with Syskey

“Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.”

Source: Microsoft Corporation

More Information:

Pin It on Pinterest