Fake tech reps calling

Published: 2012-03-30
Last Updated: 2012-03-30 21:38:53 UTC
by Daniel Wesemann (Version: 1)
11 comment(s)

Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys.

ISC reader Fred received such a call earlier today. The caller claimed to be from the "Tech department of Windows" and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed "You indeed have the deadly errors" .. and proceeded to ask Fred to connect to www.ammyy.com and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.

Bottom line: If "tech support" calls you without you having opened a ticket with them first, be veeery suspicious. Chances are high it is a scam.

Keywords: scam
11 comment(s)


I had a relative who fell for this. She "bought" a package from them to fix it and it came with yearly maintenance.

They took her credit card info over the phone and processed it through google checkout. They created the google checkout account for her. I had her cancel the card.

They installed some generic speed boost and registry fix stuff on the computer. I didn't see anything malicious installed, but I re-formatted it anyways.

They used ammyy to access her computer as well, but from what I can tell it's legitimate software. I've heard stories about the scammers using logmein rescue as well, which is definitely legit software.
The BBC's technology correspondent, Rory Cellan-Jones has tweeted this conversation with one of the scammers:

I've had over 50 customers in the past 12 months that have had this phone call. It is also interesting to note that the "Microsoft rep" on the line also has the name of the potential victim and sometimes other personal information Many times they will announce that Microsoft can see their computer is infected with a worm and it must be removed or the computer will be deactivated. Luckily, with a little education, most people will not fall for this bogus come-on.
Oh how I wish they would call me. I don't have a single Microsoft product in my network ;) Just think of the fun I could have.
My father's girlfriend got called by www.webtecsupport.com - who told her they were from Microsoft - and having scared her, she paid $230 for them to run a spyware scan and defrag her hard disk. I expected the system to be loaded with malware when I got my hands on it - but not a bit of it. If you check their comedy website, one of the terms you have to agree to is that you understand they really are NOT affiliated with Microsoft. Still bastards, however.

Reason she never checked with me? "You were on holiday and I didn't want to bother you".

I received a call last night from one of my clients about a wireless network issue, and she happened to mention in passing that Microsoft called her about a virus. Luckily she was savvy enough to call their bluff, and when she asked "Who are you?" to the 'technician' on the phone, he simply said "Your husband" and hung up.

She then promptly ran a virus scan and found no threats.

Gotta love the different angles the bad guys are exploiting these days.
"one of the terms you have to agree to is that you understand they really are NOT affiliated with Microsoft. Still bastards, however."

Just because they put it in there terms doesn't mean what's going on isn't fraud and illegal.
I got this call today and it took me a second to get in the mindset to record the conversation. However, I did... and it almost matches word for word with what happened to me. However, they hung up before we got to the remote control piece.
This scam has been widespread in New Zealand for perhaps a year. I've had three calls claiming to be "Microsoft Tech Support", all with strong Indian accents. The last two calls I've simply told them I know what they're up to, and they just hang up. The first time I pretended to run the command and when she asked what I saw I replied "My PC has crashed". "What is that?" she asked. "It has crashed. I cannot do anything", I replied. "But Sir, that is not possible" she said - with a surprised tone, and hung up on me. They're not only scammers, they are rude scammers.
I had one call and I was curious where it would go, so I pretended to look in my event log, etc.

Eventually they had me install some remote control software, which naturally wouldn't work with the link they gave me. So being helpful, I installed the Mac version and let them come in and do their thing.

They asked me to log into my bank account so I could pay for the services at which point I sadly had to decline.

Diary Archives