Russ Harvey Consulting - Computer and Internet Services

Computer Support Scams

“Computer Support” Calls | Fake Error Messages

Computer keyboard with “SCAM” in white letters on red keys.

Beware of “Computer Support” Calls

I'm calling from Microsoft…

No, they aren't. They are scamming you!

Just Hang Up!

Any phone call from a “technical support” person saying that you have a problem with your computer is a SCAM! Just hang up.

If they had the ability look into your computer to see errors, they could have fixed them without calling you.

If you get such a call, don't panic. Stop and think it through.

The Direct Call

This is an example of a vishing attempt — the “phone call” version of a phishing email.

Most such calls are made directly to your phone number. While not everyone has a Microsoft Windows computer, many more do than don't.

Neither Microsoft nor anyone else can remotely detect viruses on your computer (that is the job of your security software).

You can't trust call display to tell you who is calling because it is commonly faked.

What If It Was Legitimate?

You might wonder if the call is real and there is a problem with your computer.

Remember, they called you to tell you about a problem you weren't experiencing.

If you have reason to believe the call is legitimate, hang up then look up the number from legitimate source such as a recent invoice or statement from that company then call them back using the number printed on those documents.

In most cases, the company won't know what you're talking about.

If it was a genuine support call, they will understand your reasons for hanging up.

Fake Error Messages

An alternative method is to place a fake error message on your computer with a phone number listed for you to call for “help.”

The Phone Number is Fake

The number in the error message doesn't belong to Microsoft or any legitimate company. Error messages should never contain a phone number.

If you call that number, you will be talking to a scammer somewhere overseas in countries where prosecution is difficult or impossible.

Fake Websites

The caller may attempt to “prove” they are legitimate by getting you to visit their website. Don't!

These callers are criminals regardless of what their website indicates.

+

When provided with that offer of proof, I once told a scammer to call back in a half hour and I'd have a website proving that I was the King of Siam. They never bothered.

Tech Support Scams are Costly

The caller will attempt to convince you that your computer needs fixing then charge you for this unnecessary “support call.”

Telephone scams return around $470 per call. Thanks to robocalling (automated calling), number finding technology, and fake caller IDs, scammers fool more people than ever before.

 

Given how much money the scam makes, and how little call centers pay (e.g., Indian call centers pay around $2 an hour), your decision to "keep them on the line" really isn't helping anyone.
MakeUseOf

The unspecified expenses may come later:

At first I hung up on this call, then he kept calling so finally I thought maybe this is legitimate. He proceeded to tell me my computer was at a security breach and he would clear it for me.

 

He also said he was from Microsoft and that it would not cost me any charges. After about 3 hours of calling back and forth I ended up $1,999.99 ripped off.
— as reported to BBB.org

What Actually Happens?

Most of these calls have two goals:

  1. To bill you excessively for unnecessary services.
  2. To gain access to your computer and steal your personal information.

They will make your computer less secure.

In addition to selling you bogus security software, the scammers will attempt to locate and download personal information that can later be used for profit.

When give the scammers access to your computer, they will download your personal information and data, including your passwords, banking info and other financial information. They use this data to steal money from you, potentially blackmail you, and even steal your identity.
InfoPackets

Fake Windows Errors

One trick is to have the victim click on the Windows Key + R keyboard combination to bring up the Run command, then have them type in “msconfig” (they'll spell it out) to open System Configuration then click on the Services tab:

Screen capture showing a normal Services tab in MSConfig

They scammer will point out the stopped Microsoft services, calling these “errors” and telling you that your computer is about to crash. It isn't.

These stopped services are normal, but most users are confused by the use of the keyboard commands and immediately feel out of their depth.

They Want You to Panic

The use of this intimidating technique is intentional. The caller wants you to panic so that you follow their advice without thinking about it.

Now they'll get you to enter the same Windows Key + R keyboard combination, then www.google.com (which opens Google) and have you search for an older (insecure) version of remote access software like TeamViewer.

Designed to Confuse

This is different that the way most users would approach a search by using their mouse to open their primary browser then enter a generalized search term that would bring up a current version of TeamViewer.

Again, the use of the keyboard combinations is intentional and designed to confuse you.

NOW They Have Access to Your Computer

Once installed, the insecure (vulnerable) remote access program will provide the caller with unlimited access to your computer.

This older program lacks any of the newest security measures which makes your computer more vulnerable to future attacks.

They Don't Know You

Remember, the caller has no advance information about you or your computer.

All they have is their bag of tricks to try to scam you as well as access to your social media (watch what you post!).

  • Never provide remote access to your computer via TeamViewer or any other product based upon a phone call, email or any unexpected popup warning on your computer.
  • Never follow instructions to navigate to folders or type any instructions via your keyboard.
  • Never provide nor confirm any personal or computer information (including passwords, software versions or serial numbers, credit card numbers, etc.).
  • Never visit websites or install software suggested by an unknown caller.

Your best option is to hang up without saying goodbye and without following any of their instructions.

Providing Remote Access is Dangerous

My policy is to disable remote access for my clients and not provide remote service.

I don't want my clients trusting remote access simply because I serviced their computer remotely in the past.

Remote access or unknown software can allow the remote user to do ANYTHING on your computer, including installing nefarious software or stealing your personal information.

If you follow their advice, you'll waste your money on software that won't help protect your computer.

Worse, it will make your computer more vulnerable and you'll become a victim of identity theft for which you'll foot the bill.

Don't be a victim! Just hang up.

Have You Allowed Access to Your Computer?

If you fall for such a scam, immediately shut down the computer and call a local service technician you can trust.

Scammers cannot access your computer or its data if it is shut down.

The Recovery

Because you can never be certain that your computer is safe, you'll need to have the hard drive wiped then a clean install performed.

A service centre can perform these tasks safely (or you can hire me):

  1. The computer's drive can be removed and data can be recovered without turning on the computer.
  2. The drive can then be wiped, followed by a new installation of Windows, macOS, Linux, etc.
  3. Current security software can be then installed and updated to protect your computer and data.
  4. Data can then be restored.
  5. Programs can then be installed for which you can provide a licence.

Depending upon the service and their history with you, they may be able to do a more personalized install. Unfortunately, there is no way to clean up your computer by simply removing suspicious files and know that it is safe after scammers have had access.

I suggest you be very selective in what software you choose to restore to your newly cleaned computer or device.

Cleanup is Costly

Yes, this is going to cost you but at least you'll be able to minimize future potential damage caused by continued access by unknown parties. It cannot prevent the use of material already stolen during the time the scammer had remote access to your computer.

Microsoft estimated the cost of cleaning up after a successful scam at $875.00 (and that was in 2011). More on these sites:

Don't be the next victim! Just hang up.

If You've Become a Victim

If you become a victim, it will probably take you hundreds of hours and an average of $1,000 to recover from ID theft. Even worse, some innocent victims have ended up in prison because identity thieves have committed crimes in their names.
Scambusters

If you've fallen for one of these scams, don't be embarrassed. If you were the only victim, the crooks would be out of business.

Report the Crime

However, you do need to take some immediate measures to limit the damage, starting with reporting the crime.

Have Your Computer Checked

If your computer was accessed, take your computer to a trusted computer professional to assess the damage. Service personnel can look for the signs of problems but no one can guarantee the computer is clean under these circumstances.

In some cases the computer many need to have a clean install (data backed up, operating system and software reinstalled, data restored) to ensure the computer is not infected.

Change Your Passwords

Your passwords may be compromised. Notify the companies involved and immediately change ALL your passwords.

Notify Financial Institutions and Police

If you provided a credit card or banking details, you'll need to immediately notify those financial institutions.

Notify the police to report the potential identity theft and contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report that you've probably become the victim of identity theft.

Microsoft issued a warning on tech support scams:

  • Be wary of any unsolicited phone call or pop-up message on your device.
  • Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.
  • Do not call the number in a pop-up window on your device. Microsoft's error and warning messages NEVER include a phone number.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
  • If skeptical, take the person's information down and immediately report it to your local authorities.

 

Fake Error Messages

Never call phone numbers listed in error messages.

Instead call your local tech support person or hire me.

No Phone Numbers

Error messages should never contain a phone number.

Neither Microsoft nor any other legitimate company's error message don't include a phone number.

If anything, they will provide a like to resources within their own company's support website.

If a recovery phone number is displayed, you're seeing a scam. NEVER call that number.

Unexpected Error Messages

Unexpected error messages or dire warnings are NEVER legitimate.

They are generally malware designed to trap you into unnecessary yet expensive service contracts.

These are all scams.

More About Suspicious Popups

Beware of suspicious warnings or popups on websites and on your computer:

These are all attempts at getting you to call the phone number and submit yourself to some sort of scam.

Having Difficulty?

If you're having difficulty closing a popup, see popup warnings that won't go away for solutions.

Remote Infection Detection Unlikely

There is no current technology for websites to determine if your computer is infected with malware or viruses.

“Honey-pots”

Microsoft and other agencies may run “honey-pot” programs that collect information about spam emails.

Even if your email is involved, they are unlikely to call you.

However, they may disable your account at the server level if your computer has become part of a botnet infecting other computers.

Related Resources

Related resources on this site:

or check the resources index.

Buy Me A Coffee

 

Return to top
RussHarvey.bc.ca/resources/computerscams.html
Updated: April 2, 2023