What do Tech Support Scammers want?
In this section I will be discussing exactly what Tech Support Scammers want and the various characteristics surrounding it. Quite strangely, it’s not only money that Scammers want regrettably… One of the most obvious things that Scammers want is money and more generally “Sales Commission” for the amount of Services they have sold. You could sum this up as the number of people they have individually scammed. Traditionally, when it comes to Salesmen they want to make more sales in order to gain extra bonuses on their salary. There is a strong possibility this also includes the Tech Support Scam sector also. Scammers overall will do anything to get a sale even if it is making up things that make no sense - they will do absolutely anything in their power to push a sale through and get their extra pay. This also includes intimidating the victim and making them feel uncomfortable and scaring them into paying hundreds of pounds/dollars for services they do not need. Scammers also will most likely have “Targets” to meet on a Weekly/Daily basis in order to retain their current position or salary. Often, companies of this nature will set strict targets for employees to meet and strive towards. In this case the “Target” is to scam as many victims as possible - selling them services they do not need. Scammers due to this will go as far as they can to make their sale. Some Scammers will also go after victim’s personal information and confidential information. In some unique cases scammers have robbed victims bank accounts without them knowing and have gained unauthorized access to the victim's Social Media accounts. This can be done by the scammer installing a Keylogger Trojan which is developed to steal victim’s sensitive information including their banking info and logins. This can be all done without the victim knowing or being aware of this. Sometimes if the scammer feels threatened or embarrassed during a scam call they will often attempt to regain the upper hand and delete system files and also enable a Syskey on the system. This can happen if the scammer feels annoyed or has been ridiculed for their actions (like saying you know this is scam OR I knew you typed “Koobface” into Command Prompt.) This is often seen as revenge for the scammer and a bit of payback for wasting their time.
Tactics used by Tech Support Scammers
In this section I discuss the known tactics used by Technical Support Scammers in order to attempt to deceive you and run away with your hard earned cash. Scam Companies based out of India make thousands a year taking money from innocent people who they have conned out of their money.
Perhaps one of the most popular scamming methods by scammers is to use the Event Viewer feature within Windows in order to scare and frighten you into believing that you have a serious problem with your computer. The reality being the good majority of these Errors/Warnings are harmless and are completely normal within any computer new or old and are certainly nothing to worry about.
System Configuration (Msconfig)
Scammers also lie about stopped services found in the System Configuration tool within Windows. They will often claim that many of the services that are stopped are due to a virus or an infection and you need to pay them to reinstall them all to a running state. This couldn’t be further from the truth, as all the services do not need to be on at all times and do not need to run simultaneously.
Command Prompt (Cmd)
Another common technique used by scammers is using the Command Prompt feature within Windows. They then run a series of commands and say that they are performing a scan – which of course is not true. They run the Tree command which just states the directories and files within the Operating System and has no way of scanning the system for infections. They will then type in “Infection Found” or “No Network Protection” something along these lines to convince you that your system has problems when it does not. You can even hear them typing when the command is listing the directories if you listen closely.
Temp Folder (%Temp%)
Scammers will also in some cases claim that you may viruses or hacking intrusions located within your Temp Folders which usually includes the Temporary Internet Files within the system. They will also, in some cases delete the files to the Recycle Bin and bring them back claiming the virus is blocking the removal of these files whereas in reality a simple keyboard shortcut can do that. They will also, say you can’t delete some of the files due to a virus but in reality you cannot delete the files because the files associated with the program are in use.
Some scammers will also, say that the Prefetch folder contains viruses and they particularly mention Csrss.exe and Rundll32.exe. In this case these files are not viruses but some Malware will use these names however they will not be digitally signed by Microsoft and will not be located within this folder. The reason the Prefetch folder exists is because the Operating System automatically puts the programs you most frequently use like firefox.exe so they open up faster and the folder has no association with any viruses.
Task Manager (Taskmgr)
Scammers may use Task Manager to perform various scam tactics to trick you into believing there is something wrong with your computer when there really isn't. One common tactic used by scammers within Task Manager is going into the performance tab and holding "F5" to make it look like your computer is running poorly then tell you it's running poorly because of an "infection." This is a all false, holding "F5" simply refreshes Task Manager and has no relation to "infections" or anything related. (Pictured above.) Scammers will also, use the services tab inside of Task Manager to lie about the stopped services, claiming they need to be running when in reality, they all don't need to be running and they are not stopped because of an "infection" or anything related, they are normally stopped services.
This scam is one of the least common scams we have seen used by scammers but typically what they will do is they will open your ie settings and open up SSL Certificates, Then they will go under the "Untrusted Publishers" section. In this section there are 2 SSL certificates that were issued back in 2001 by VeriSign because of a fraudulent company trying to act as Microsoft. (More Info Here) It has been in Windows ever since then. Scammers will use this to say that someone has tried to hack your computer or it was caused by a virus or something ridiculous that isn't true.
Prevent being scammed by Fake Tech Support
In this section, I will discussing how exactly you can prevent being scammed by the Tech Support fraudsters. Most of this is common sense and security precautions to remain protected. One common way Tech Support Scammers attempt to reel in their victims is by calling their landline or mobile and pretend to be from Microsoft, Windows or Malware-bytes. By doing this they attempt to gain your trust and request Remote Access into your computer. They will claim that they have identified that your computer has a Virus or is sending Errors reports to Microsoft’s “Head Server”. They also try to intimidate you into thinking that your computer has problems when it doesn’t. If you get a phone call of this nature, simply disconnect the call and don’t entertain these people. Often saying that you will call the Police or you know this is a scam is enough to get them to leave the line. Keep in mind Microsoft will never call you regarding your computer at any point and have made this clear on their website with a page dedicated to these scams. Also, the so called “Microsoft Server” is a common myth that does not exist and Microsoft has no way of determining if your computer has Virus or is having problems. Some scammers also, claim that they can “Shut off your computer from the Head Server” which is another intimidation tactic they use which of course is just lies to coach you in. Another common way Tech Support Scammers attempt to gather up victims is through a Fake Alert/Pop-up from a reputable company or a scanner to make it look like the user has an issue with their computer. In reality these are just advertisements from the company and have no way of scanning the computer or determining any problems. They often rip-off names of legitimate Anti-Viruses or Anti-Malware programs to coach people into phoning their numbers. They will also say that you have fake viruses that do not exist in order to scare unknown users into the scam. If you ever get one of these pop-ups, then simply go to Task Manager and kill the process as they often are extremely difficult to close. Due to this many people are scared into phoning the number thinking they have problems with their machine. Perhaps, one way you can prevent these pop-ups is by having an up-to- date Anti-Virus software installed on computer from a reputable company. Examples of these include Avast, Comodo and Avira. Also, makes sure your Windows OS is regularly updated and that your Antivirus is working. If you have a working anti-virus you're less likely to see these pop-ups or advertisements. In simple terms the best bit of advice is to simply not panic and if you’re unsure simply consult an IT Professional for advice or support.
How to tell if a Tech Support Company is legit
There are many fake tech support companies all over the internet and you would be surprised how many there actually are. These tips below will help you determine what sites are providing real tech support and what sites aren't.
1. Layout and Design:
If the site looks like it was poorly designed and objects on the website look misplaced or non-professional, This could be a tech support scammer and should be avoided. Also, look out for bad grammar, spelling and things that may have been copied and pasted from another website.
This may seem silly but this is usually a dead give away in determining if the company is a scam or not, Scroll down to the bottom of the page, If the copyright is not in 2016 by now then there is a good chance it's a scam. If a copyright is 2014 or older it is definitely a scam and should be avoided.
Many tech support scammer websites have many fake reviews listed on their website, They are always 5 stars and there is no way to create your own review.
4. Americans Wearing Headsets
I have never seen a legitimate tech support company have pictures of Americans wearing headsets on their website and it not be a scam. I really don't know why tech support scam companies do this, nevertheless, These sites should be avoided.
5. Phone Number
Copy the phone number listed on the website and paste it into Google, if the company is a scam more of their fake websites will show up with the same phone number listed and claiming to be a different tech support company, Sometimes the websites can be identical with a few minor changes.
6. Social Media
If the site has social media links click them to see where they take you, If you end up back at the home page then this is an example of a poorly designed website. If you click the link, for example "Facebook" and it takes you to their page, Read the reviews and see how active they are. If the page contains outdated information such as "Happy Holidays" and it is currently May, you should avoid that company.
DO NOT! believe any pop-up that says your computer is infected, As stated above there is NO WAY for your browser to detect if your computer is infected. As stated above, simply close it and do not bother with it.
What to do if you have been Scammed?
In this section I discuss what you can do if you have been scammed by the Tech Support Scammers and how you can go about reporting them to the appropriate authorities in your country. The first bit of advice I could give you if you have been scammed is to simply not panic and attempt to remain calm. Take deep breaths and relax. Firstly, if you gave your card details to the scammers you must immediately report this to Bank and cancel your card – this will stop the scammers further raiding your account of cash. Secondly, I recommend you take note of the information the scammer gave you. Take down the Agent's name alongside their website domain. Also make sure to make note any additional notes down as this can help aid the investigation. Simple basic notes are fine and long paragraphs are not needed. Thirdly, you want to report the information to your local Police force or department. You can do by contacting them through a non-emergency phone line or visiting a Police Station in person. If you decide to go to the Police Station, please remember your notes you took and any memories you have of the incident. You may be asked to have a conversation with them in a private room about the incident. You may also contact the Police through their non- emergency phone line where you will be asked to describe the incident and any information you may have. Keep in mind it’s much easier to speak to them face-to- face and you will be able to show them your notes you collected. Your case will then most likely be passed on to the Cyber Protection Unit for further investigation. People in the UK can also report scams to Action Fraud an organization in conduction with the Home Office. They can be contacted through phone or through email from their website. They take any claims of scams extremely seriously and work alongside the Police in the UK. You also can call us here at SPS (+1-815-246-2357) and report what happened.
Q&A on Tech Support Scammers
In this section I will answer some of the most frequently asked questions surrounding Tech Support Scammers and their behavior.
Does a Tech Support company listed on Microsoft Pinpoint mean they are
Regrettably not as many scam companies manage to leak onto the Microsoft
site and continue to. Just because Microsoft recommends them doesn’t mean
they are legit sadly. I would suggest Microsoft carry out better filtering in
future to prevent this. Proved scammer companies like Yodacare and Winsurf
Technology are still on that website.
Are all scammers aware that they are scamming people?
This is an interesting question as surprisingly some employees who work for
some scam companies have not been informed this by their employer.
However, most scammers are well aware of this and are presumed to accept it.
Are all Tech Support Scam companies based out of India?
The good majority of Tech Support Scam companies are based out of India
particularly around the New Delhi region. In isolated cases there also been
Tech Support Scam companies based in the US however this is uncommon.
Are Scammers Trained?
The good majority of them will have undergone some type of training session
involving this to show them the ropes. Commonly, most Scammers are just
reading off a script anyway next to them.
Why do so many Tech Support Scam companies exist?
It’s a big business for them and they make thousands scamming innocent
people every year. In India in particular they pay employees really badly unlike
in countries like the UK and US as there’s no restriction on how little a
company can pay their employees.
Why do Tech Support Scam companies change their numbers so regularly?
Many Scam companies change their number often because their most likely
not to identified so easily by the public. They also use VPNs to hide their
location. Most of these companies either have multiple numbers or change
their direct number every few months.
Are any Agents within these companies legitimate Technicians?
No, these companies simply lie outright about this in order to make the victim
have confidence in them. Most of these people have no idea how to become a
certified technician never mind have the genuine skills to do it. Some of the
Agents are not aware of legitimate tools to resolve basic issues on a PC.
Stop Phone Scammers
This work is NOT to be hosted anyplace else besides:
unless granted permission.