They are constant prey: cold calling scammers claiming to be from “Windows Tech Support” who really have the nefarious purpose of downloading spyware and/or charging you for their assistance while they are remotely are linked (or worse, both).
This is one of the biggest loopholes around, and it still continues. But how do Windows tech support scams work?
Getting a Windows Tech Support Call
I actually got two calls from “Windows Tech Support” scammers.
First, right after lunch, I was surprised. Overburdened with work, I burst into laughter at the news that my computer could “crash at any moment.”
The laughter didn’t stop till the caller hung up. Sadly they didn’t get the hint.
Another call came six hours later. Maybe the same woman, I don’t know because I didn’t get the caller’s name at first. This one, despite her strong Indian accent, was called Rachel.
Of course, it’s all part of the strategy, which is surely in the back of most people’s minds to present a “decent” veneer of legitimacy to a surprise call.
Because the call itself is unreliable. It suggests via script that cold calling scammers stick too closely to that Microsoft can detect if your computer has an “infection”.
They are clear on this too; This isn’t a call about a virus, as your computer’s antivirus software can handle it. No, it’s all about “infection”, some loose reference to malware.
Coincidentally, that’s what they’re selling.
Engaging Windows Tech Support “Experts”
Now, I was just rolling three computers on the day of the call. My usual Surface Pro, a Raspberry Pi, and my Toshiba laptop that I just installed Linux Mint on. This scam is designed to be used only on Windows computers, and as you may be well aware, Linux security issues and viruses are rare.
With Linux Mint booting up right in front of me, I couldn’t help myself but make an example of these guys. So I explained to “Rachel” how I was unable to follow her instruction to make the Run box appear. Pressing the Windows key and R had no effect.
Opening run boxes is a major scam tactic. Its purpose is to show you “errors” in the Security View log in Windows Event Viewer, a useful troubleshooting tool in Windows.
As is the case with any scam, there is a believable aspect to this one. Opening Event Viewer > Custom View > Administrative Events reveals some really grim looking warnings. The red circles, exclamation marks, and “error” labels — not to mention the yellow “warning” triangles — look grim.
Scammers present these as infections, but of course, they are just log entries.
They want to charge you for deleting log entries.
Variations of the Windows Tech Support Scam
Other versions of the scam target various Windows features that may cause alarm to anyone without in-depth knowledge.
Payment to “resolve” these “issues” is usually through nontraceable gift cards. Refuse to pay, and they lock or otherwise disable your computer.
As you can hear in this recording, the “expert” was passed to me to continue with the script with more authority.
Presumably, the pleasant voice of the initial caller is intended to “soften up” the victims.
Windows Tech Support Scam Victims
Yes, victims, because that’s what we are. Whether we have been scammed or have been successfully detected before this nonsense escalates, anyone who is scammed is a targeted victim.
Eventually, “Jonathan” told me to go to a website, support24.6te.net, after failing to open the run box.
For obvious reasons we’re not linking to it, but checking the WhoIs results shows it resides on a free web host. Inspection of the webpage reveals a crude single HTML file with embedded CSS.
Not exactly professional attire; Rather classic signs of a scam.
The next step, whether or not the run box can be opened, is to install software called AMMYY (who claim to be aware that their software is being misused in this way, and in many places an unreliable appear as a service). It’s the TeamViewer-style remote desktop app favored by this type of scam that allows them access to your computer.