“I am calling you from Windows…”
We’ve all had the calls, but what can we really do about the Windows Tech Support scam? Should you hang up, or lead the callers on? Is there anyone you can report them to, and if so, should you even bother? Let’s find out.
The Windows Tech Support Scam: A Recurring Nightmare
Anyone claiming to be from “Windows” could be expected to know if there was a virus on your PC, right? And when they guide you into checking the Windows Event Viewer (where harmless errors are logged) and reading out a string of numbers, they usually manage to snare you into their swindle. After all, you don’t want to lose your hard work, or be without your computer due a virus, right?
The aim of the scammers is to talk you into installing remote software on your computer, so that they might then take control. Once done, this will either allow them to steal data, introduce a Trojan horse or other malware (the remote software itself may be a malicious tool) or just perform a bit of “tech support theater” to make it seem as though they know what they’re doing.
Once the “virus” is discovered, of course, the scammers will demand money for their services of “removing” it. This can go a number of ways, but if you refuse, there is the possibility that the scammers have remotely changed your password or encrypted your files, transforming this into a one-on-one ransomware scam.
Perhaps you’ve just received one of these calls, or you know someone who has. What should you do next time?
Handling a Scam Call
So, how should you deal with a scam call?
Well, the answer is simple: hang up.
Now, a lot of people – mostly those wise to the scam – think that the best way to deal with Windows tech support scammers is to keep them talking. By diverting the caller, leading them on by pretending you’re looking for the “error code” or installing their remote software, the thinking is that you’re stopping them (for a short time at least) from finding a less savvy victim. A common method (one I’ve used myself) is to omit to mention that you’re using Linux or Mac OS X, which naturally are not targeted by the scammers (between them, they account for just 11% of the computers currently online).
While this approach makes sense, it isn’t without its dangers. The scammers are aggressive and pushy by nature, and have been known to be sleazy as well (a fact revealed by one of our readers). Throw in some threats by the scammers and unsubstantiated reports of violence and doxing against victims who called them out, and you see that it really isn’t worth stringing the scammers along.
Should you find yourself still talking, avoid sharing any personal information. And don’t go to the webpage that the scammer directs you to; certainly don’t install any software.
Hanging up, then, is the best option. If everybody simply ended the call as soon as the scammer’s voice reveals he or she is from Microsoft (the company probably doesn’t have your phone number, unless you’re an employee), then this would help push the scammers out of business far quicker.
Finally, make sure you tell people. Anyone and everyone – the more people who know about the scam, the greater the chance of it being abandoned by its perpetrators.
What If You Already Gave the Scammer Access to Your Computer?
Something that concerns a lot of people is the condition of their PC after the scam. Many find themselves partially taken in before installing the software, or worse, after installing it. Perhaps you saw the mouse pointer moving around and felt something was wrong. Perhaps you ended the call and switched off your PC. Perhaps… perhaps you gave access to the scammer, believed their lie, and paid up.
If any of these scenarios sound familiar, this is what you should do.
Did you give remote access before having second thoughts and ending the call? If so, you’re probably safe, but make sure you run a scan with your anti-virus software and Malwarebytes’s Antimalware tool. You should also restart your PC to force-end the remote session; if for some reason this isn’t possible (due to remote access) hold the power button on your computer down until it shuts down.
Did the scammer install any software, or go looking around your personal files and folders? In this case, there is a strong chance that they copied (or attempted to) data from you. If this data features personally identifiable information, this could be used to determine one or more passwords. If you use Facebook, for instance, and your password can be guessed, then a whole load of information can be harvested about you. This is how identity thieves get their claws in.
Have you paid a Windows tech support scammer to “remove” a “virus”? Call your credit card company right away, tell them you have been scammed, and they should cancel the transaction. You should also change the password for your credit card account… and every other password you use, too.
By giving your credit card details to the scammers to pay for their “service”, you’re also likely to give them the information they need to use your card. By sharing the 16-digit number, the valid until date and the three-digit number on the reverse, you’ve essentially given them everything they need to steal from you. Remember, they called you: this is not a safe way to conduct business!
Our dedicated guide looking at the aftermath of a tech support scam call explains futher.
Can You Report the Scammers?
Whether you can report the scammers for their criminal behavior depends on where in the world you live. But as a general rule, the police can’t do anything about this, unless provided with location-based information (they will, however, act if given sufficient information by an industry regulator or government department).
So who can you get in touch with?
In the USA, the target of your complaints should be the Federal Trade Commission. Calls to the FTC on this scam are treated seriously, but you need to have kept a note of the name of the person calling (it’s fake, but still important) and the number they’re calling from. You should be able to get the number from your handset, or by dialing your regional “last incoming call” number.
If you’re in the UK, contact Action Fraud and log a report.
Scammers preying on unsuspecting computer users cannot be allowed to win this battle. We suggest that in addition to hanging up and reporting the callers that you also consider abandoning your landline, if practical. Should mobile numbers then be targeted, whitelisting and blacklisting call management apps can be used to block them,
Have you fallen victim to the Windows tech support scam? Did you report the scammers, or simply hang up? Tell us in the comments.