All About Windows Tech Support Scams

by


*Editors Notes:  The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done.  DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer.

Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it?  These cold calls typically come from loud call centers, and are targeting the uninformed and naïve in hopes of gaining access to their individual machines, and ultimately the victim’s credit cards

While there are many variants of this kind of scam, we recently received one of these phone calls and we decided to see just what happened.  The company that called us, which we later found out to be called Arjun Inc, called claiming they have received notifications that there are errors on the PC and they are calling to help correct those errors.

After playing along, we followed the directions of the agent.  The agent asked us to open the Event Viewer (which typically shows errors) and claims that those errors could cause the computer to crash and they need to fix the issues.  These are not actually critical errors, and as this scam is aimed at less tech savvy users, it can be seen how this is believed.

From this point, our agent asks to Remote Control the PC and instructed us on how to set up the Remote session.  The agent then logged in, looked at a few things, and installs the programs CCCleaner and Advanced Windows Care by Iobit. After this, we were advised that the installed programs will always run and protect the computer.  However, this is not the case as the programs installed don’t have ‘shields’ and thus, no real-time protections. He also says they will protect me from porn sites and potentially dangerous websites, but of course they do not.

At this point, the agent turns into a sales person.  He tells us how much the estimated costs of repairs will be and then proceeds to try and process the transaction through their spicywebtech.com login.  He told me that he had corrected the issues with my PC already via the Advanced Windows Care program, however, it’s plain as day that he never actually clicked the ‘repair’ button and thus never performed the ‘repairs’.

During the call, the agent informs us that their company (Windows Help and Support) is “part of Microsoft”, and I’m also advised that I won’t need to purchase antivirus for my PC any longer.

While the software loaded onto the machine were not malicious, they would not work as advertised by our agent, and could be consider unwanted programming.  By letting a stranger into your machine without verifying beyond reasonable doubt to their identity, you put yourself, your data, and your network at risk.  Never trust cold calls from strangers, and remember, Microsoft will never call you.

We have a full recording of the conversation up and live. If you’re interested in all the steps and how these scammers sound, give it a listen.


Tags:



About the Author

Name: Adam McNeil
Role: Threat Team Member


I am a self-taught malware forensics investigator with nearly a decade of first-hand malware related experience.  I have a primary focus and a keen interest in Commercial System Monitor applications – also known as keyloggers – and have spent many years researching their practices, deployment methodology and search optimization tactics. When I’m not researching the latest malware samples or experimenting with supposed FUD keylogger applications, I tend to spend my time experimenting with other scientific and/or technological applications.


1 comments
jimfritz09
jimfritz09

I've had something like this happen to me through Microsoft, it cost me $300 and it did nothing to fix my computer. Having an IT degree this was embaressing.