Unsolicited phone calls
(aka Tech Support Scamming
) and browser pop-up alerts
with phone numbers from "so-called Support Techs
" advising your computer is infected with malware
has become an increasing common and prolific scam tactic over the past several years.
In the majority of these cases the scammers use social engineering
to trick a victim into spending money to buy a an application which claims to remove malware. They typically use bogus warning messages
or web page pop-ups
which look like a BSOD to falsely indicate that your computer is infected or has critical errors
. This is done as a scare tactic to goad you into calling a phony tech support phone number shown in the pop-up alert and allowing the scammer remote control access to your computer in order to fix the problem. In some cases you are instructed to download malicious software which will actually infect your system.
If the scam involves a phone call, the caller may claim to be an employee affiliated with Microsoft
or Windows Support
. However, there have been reports of callers claiming to be affiliated with major computer manufacturers such as Hewlett Packard, Lenovo
or familiar security vendors like Symantec
. Typically, the scammers attempt to trick their victims into believing that their computer is infected, often by having them look at a Windows log that shows dozens of harmless or low-level error entries. The scammer instructs their victim to type "eventvwr
" in the RUN box to open Windows Event Viewer and then scares them by pointing out all the warnings and error messages listed under the various Event Viewer categories. In other cases the caller pretends to provide free security checks or direct the download and use of a bogus registry cleaner which purports to find thousands of problems.
The scammer then attempts to talk (scare) their victims into giving them remote access to the computer in order to fix it and/or remove malware. If the victim agrees, the support usually costs hundreds of dollars and often leaves the victim's computer unchanged or intentionally infected with malware/ransomware. More nefarious scammers will install a backdoor Trojan
or Remote Access Trojan
in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.Not answering any questions and hanging up the telephone is the best way to deal with phone scammers
them to the appropriate authorities.Scamming Tech Support Scammers: