{"id":16405,"date":"2014-05-01T09:26:06","date_gmt":"2014-05-01T15:26:06","guid":{"rendered":"https://www.webroot.com/blog/?p=16405"},"modified":"2018-01-30T11:03:33","modified_gmt":"2018-01-30T18:03:33","slug":"windows-tech-support-scams","status":"publish","type":"post","link":"https://www.webroot.com/blog/2014\/05\/01\/windows-tech-support-scams\/","title":{"rendered":"All About Windows Tech Support Scams"},"content":{"rendered":"

*Editors Notes:\u00a0 The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done.\u00a0 DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer.<\/em><\/p>\n

Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it?\u00a0 These cold calls typically come from loud call centers, and are targeting the uninformed and na\u00efve in hopes of gaining access to their individual machines, and ultimately the victim\u2019s credit cards<\/p>\n

While there are many variants of this kind of scam, we recently received one of these phone calls and we decided to see just what happened.\u00a0 The company that called us, which we later found out to be called Arjun Inc, called claiming they have received notifications that there are errors on the PC and they are calling to help correct those errors.<\/p>\n

After playing along, we followed the directions of the agent.\u00a0 The agent asked us to open the Event Viewer (which typically shows errors) and claims that those errors could cause the computer to crash and they need to fix the issues.\u00a0 These are not actually critical errors, and as this scam is aimed at less tech savvy users, it can be seen how this is believed.<\/p>\n

\n\t\t\t\t
\n\t\t\t\t\t
<\/div>
<\/div>
<\/div>
<\/div>
<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n

From this point, our agent asks to Remote Control the PC and instructed us on how to set up the Remote session.\u00a0 The agent then logged in, looked at a few things, and installs the programs CCCleaner and Advanced Windows Care by Iobit. After this, we were advised that the installed programs will always run and protect the computer. \u00a0However, this is not the case as the programs installed don’t have ‘shields’ and thus, no real-time protections. He also says they will protect me from porn sites and potentially dangerous websites, but of course they do not.<\/p>\n

\n\t\t\t\t
\n\t\t\t\t\t
<\/div>
<\/div>
<\/div>
<\/div>
<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n

At this point, the agent turns into a sales person.\u00a0 He tells us how much the estimated costs of repairs will be and then proceeds to try and process the transaction through their spicywebtech.com login.\u00a0 He told me that he had corrected the issues with my PC already via the Advanced Windows Care program, however, it’s plain as day that he never actually clicked the ‘repair’ button and thus never performed the \u2018repairs\u2019.<\/p>\n

During the call, the agent informs us that their company (Windows Help and Support) is \u201cpart of Microsoft\u201d, and I’m also advised that I won’t need to purchase antivirus for my PC any longer.<\/p>\n

While the software loaded onto the machine were not malicious, they would not work as advertised by our agent, and could be consider unwanted programming. \u00a0By letting a stranger into your machine without verifying beyond reasonable doubt to their identity, you put yourself, your data, and your network at risk. \u00a0Never trust cold calls from strangers, and remember, Microsoft will never call you.<\/p>\n

We have a full recording of the conversation up and live. If you’re interested in all the steps and how these scammers sound, give it a listen.<\/p>\n\n

*Editors Notes:\u00a0 The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done.\u00a0 DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer. Have you ever received a phone call from a tech […]<\/p>\n","protected":false},"author":65,"featured_media":17048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[14317,14295,17499,14315,17519,15289,14313,14303,17523,15283,14307,15281,15285,17501,17521,15287,17525],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/16405"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=16405"}],"version-history":[{"count":4,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/16405\/revisions"}],"predecessor-version":[{"id":16446,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/16405\/revisions\/16446"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17048"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=16405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=16405"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=16405"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=16405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}