(405) 919-9901

by Dave Moore, CISSP

01/23/2022

If someone wearing an official-looking uniform rang your doorbell unannounced, stated they were from your local car dealership’s service department, and said they needed your car keys to fix a recently discovered problem, would you do it; would you give them the keys to your car?

That may sound far-fetched, but people do it all the time with their computers. Think about this scenario: if someone called you on the phone, said they were from the “Microsoft Windows Technical Department” and claimed they needed to remotely repair your computer because it had been hacked, would you believe them?

I hope not, because it’s a scam. Someone contacts me at least once a week, stating they have received such a call, and asking if it was legitimate. One of my jobs lately has been helping someone who fell for the scam, gave the bad guys their credit card number, had money stolen, and had the bad guys lock them out of their own computer, losing everything there, to boot.

The calls go something like this: the Windows Technical Department’s “Central Server” has been receiving error warnings from your computer, indicating that your computer is in danger of crashing or being hacked. The helpful tech support guy, speaking with a great sense of urgency, then asks you to “test” your computer by pressing certain key combinations on your keyboard. A confusing-looking window called “Event Viewer” opens, filled with technical gobbledygook error messages, “proving” your computer has been hacked. He further explains that the “Central Server” gave him your phone number, so he could call and help you out of this terrible situation.

As the call progresses, you are pressured to visit a certain website and install something that will allow remote control of your computer, so that “repairs” can be effected. You are also asked to provide a credit card number to pay for services rendered. Victims of this scam end up losing between $50-500. They also risk losing everthing on the computer.

A few years ago, the Federal Trade Commission started taking scammers like this to court; unfortunately, new scams spring up every day, so it’s an ongoing crackdown that may never end. “The FTC has been aggressive – and successful – in its pursuit of tech support scams,” said FTC Chairman Jon Leibowitz, “and the tech support scam artists… have taken scareware to a whole other level of virtual mayhem.”

The FTC stated that the operations – mostly based in India – target English-speaking consumers in the United States, Canada, Australia, Ireland, New Zealand, and the U.K.  Most of the scammers use telemarketing boiler rooms to call consumers. Others lure consumers by placing ads with Google which appear when consumers search for their computer company’s tech support telephone number.

According to the FTC, after getting the consumers on the phone, the telemarketers claim they are affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and tell consumers they have detected malware that poses an imminent threat to their computers.

The FTC also says the scammers try to avoid detection by consumers and law enforcers by using virtual offices that are actually just mail-forwarding facilities, and by using hundreds of different website names and phone numbers.

Visit my website at davemoorecomputers.com and you’ll see a video of me called “Scamming the Tech Support Scammers” that you may enjoy. In the video, I call one of the scammers and lead him on for a bit, demonstrating some of the tactics they use. Just keep in mind that nobody from Microsoft will ever call you out of the blue offering to fix your computer. Enjoy the video and caveat emptor.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org