They’re constantly on the prowl: cold calling scammers claiming to be from “Windows Tech Support”, who in reality have the nefarious aim of downloading spyware and/or charging you for their assistance while they are remotely connected (or, worse still, both).
It’s one of the biggest scams on the web, and it still goes on. The fact that it persists strongly suggests that the scam still works, and with VOIP offering a low cost overhead for endless cold calling, these characters have the means to call as many people as they can fit into a working day.
But let’s not be charitable. This isn’t work, but crime. It’s theft, pure and simple.
Receiving The Call
I actually received two calls from the “Windows Tech Support” scammers.
The first, just after lunch, caught me at a bad time. Snowed under with work, I laconically burst out laughing, and didn’t stop until the caller hung up. Sadly, they didn’t get the hint.
Six hours later came another call. Perhaps the same lady, I don’t know as I didn’t take the first caller’s name. This one, despite her strong Indian accent, was called Rachel, one of the most English names you will find. Of course, this is part of the tactic, to present a “civilized” veneer of legitimacy for what is, surely at the back of most people’s mind, a surprising call.
Because the call itself is incredulous, it suggests, through the script that the cold calling scammers stick to very closely, that Microsoft can detect whether or not your compute has an “infection”. They’re clear on this too, the callers. This isn’t a call about viruses, as your computer’s anti-virus software can handle those. No, this is all about “infections”, some loose reference to malware.
Which, incidentally, is what they’re peddling.
The Smooth, Polite Tech Support “Expert”
Now, I just happened to be rolling three computers on the day of the call. My usual Surface Pro, my Raspberry Pi and my Toshiba laptop, running Linux Mint. This scam is designed to be used on Windows computers only, and as you may well know, Linux security issues and viruses are rare.
You can probably see where this is going…
With Linux Mint booted up right in front of me, I couldn’t help myself but make an example of these people. So I explained to “Rachel” how I was unable to make the Run box appear when pressing the Windows key and R. Opening the Run box is a key strategy of the scam, designed to show you “errors” which are items found in the Security view log in Event Viewer, a component of Windows. As I was unable to open Run and enter the eventvwr.exe command, I was passed onto “Jonathan”…
As you can hear in the recording above from my YouTube page, the “expert” I was handed over to basically continues the script with a little more authority, the initial caller’s pleasant voice no doubt intended to “soften up” the victims.
Yes, victims, because that is what we are. Whether we’re scammed or successfully spot this nonsense before it goes too far, anyone subjected to it is a victim of attempted fraud.
Eventually, after the Run box fails to open (remember, I was using Linux Mint) “Jonathan” asks me to visit a website, support24.6te.net. For obvious reasons we’re not linking to it, but if we check the WhoIs result, it would seem that the website is hosted as a subdomain of an ISP or other free web host. Inspection of the webpage reveals an unsophisticated single HTML file with embedded CSS. Not exactly a professional outfit; rather the classic signs of a scam.
The next step, whether the Run box can be opened or not, is to install software called AMMYY (who claim to be aware that their software is being misused in this way, but show up in many places as an untrusted service) a TeamViewer-style remote desktop app, favoured by this sort of scam, which allows them access to your computer. At this point, the scam comes alive, as “infections” are found and you’re charged for their removal. Simultaneously, malware such as Trojan keyloggers and spyware can be installed by the scammers.
Now, I took “Jonathan” as far as I could before ultimately getting bored, realising I’d wasted around 25 minutes of their time and making my Linux reveal at the end. But what you should do is hang up your phone, the moment you hear that someone calling you out of the blue is attempting to repair your PC. Even if you *have* requested some telephone support from your PC vendor or work IT, verify their identity before proceeding.
The Aftermath: What You Should Do Next
If you’re landed here having been taken in by this scam, then you need to act quickly. Matthew Hughes has previously covered what you need to do immediately, which is essentially to cancel your credit cards and talk to the credit card company to arrange a refund as the money has been paid fraudulently.
You should also take to Facebook, and let as many of your contacts, friends and family in the local area, know that the scam is targeting your region. These scammers tend to focus on an area code, so if you’ve been targeted the chances are other people in the area will be too. Note, however, that many variations of this scam exist, including one in which you make the phone call to a scammer posing as a professional.
For more on this issue, find out what you can do about the tech support scam.
Image Credits: Calling thief Via Shutterstock