For the last nine months, I’ve heard numerous stories from friends, family, and clients about calls they’ve supposedly received from Microsoft. Unfortunately, the calls are all scams that can have dire consequences. If you haven’t heard similar stories, they usually go something like this: a person calls and says that he is a tech with Microsoft that’s contacting you because your Windows-based computer is being monitored by them and is infected with a virus and he wants to help fix it. Over the course of the conversation, he’ll ask to remote into your PC, and ultimately tell you that the level of support required to fix it requires payment and that you’ll have to provide a credit card number. More nefarious scammers will then go the extra mile and install spyware on your machine to snag your passwords and other personal information, which could then be used to access your bank accounts or even steal your identity.
Fake Microsoft Support Scams Lead to Dire Consequences
This just can’t be repeated enough and I encourage all that read this article to spread the word to friend and family alike !
My experience:
Well, I just got off the phone with a couple of these scammers.
Of course, I knew right out of the gate that the call was a sham. The odds of Microsoft ever calling an end-user out of the blue are about as likely as Bill Gates giving away millions of dollars on Facebook because you shared a photo, so that’s the first clue. But I’m also experienced enough to know when a so-called technician doesn’t know his gigabits from gigabytes, and it wouldn’t have taken long to figure out the caller was full of it anyway.
Just in case you find yourself the target of one of these phone scams, or you want to inform your not-so-tech-savvy acquaintances about the possibility, I figured it would be beneficial to let you all know how the call went down. When I answered the phone, a heavily accented fellow explained that he was with Microsoft and that my ISP has contacted them because a Windows machine using my broadband connection was infected with a virus. He asked me to go to my Windows PC and requested that I perform some mundane tasks, like opening the web browser, and hitting a couple of websites–all the while telling me what I should expect to see on-screen. I assume this was some sort of half-witted ploy to gain my trust, but there was no chance of that happening. While the scam-artist was trying to prove his worth, I used the time to check e-mail and other unrelated things, I thought I’d waste as much of the guy’s time as possible, to prevent him from calling someone else and having more success.
After a while “checking websites” the scammer then had me open Event Viewer. He tried to explain the importance of the information contained in Event Viewer’s logs, and then used a rudimentary scare tactic that I suspect would work on casual PC users. He asked how many entries were in the system log (to which I happily answered 1337!), and tried to convince me that all of those entries were errors caused by the virus. He then took a more dire tone and asked me to check the Security and Application logs (again, I gave bogus numbers of 43 and 666!).
This was the point where the real scam was about to start. The caller used the number of events listed in Event Viewer to claim that the “infection” on my system was more severe than anticipated and that there would be a charge for any tech support services moving forward. He then asked for a credit card number. I refused to give him one and said I would only pay upon completion of the clean-up. As I mentioned earlier, I wanted to keep him on the line as long as possible, but I also wanted to see what tactics these low-lives were using to scam people. After my charade, the original caller put me on hold and said he had to forward me to a tech support manager who would continue to help me out.
The second man to take the line then directed me to logmein123.com and asked me to install some remote desktop software. I should point out that logmein123.com is totally legit (and actually a great tool), but the scammer planned to use it for no good. I went so far as to install the logmein123.com remote desktop client, so I could see what a correct user ID looked like, but did not give the caller the correct ID. I fed him some false IDs (again, to waste more time), and ultimately told the caller to megabyte me (in not so kind words) and they hung up after sharing a few choice words. Had I given him the correct ID, the caller would have been able to instantly access my PC.
If I was better prepared and had a virtual machine setup that I could sacrifice for the cause, I would have let the scammers do their thing and let them believe they’d infiltrated another unfortunate soul’s computer, but I wasn’t. It’s a shame too, because it would have been useful to see what (and where) they’d download and install. Regardless, I hope this little bit of information helps. If you’re the recipient of one of these calls, at least now you’ll know they are a scam, and if you have a little time of your hands you can waste the scammers’ time and limit the number of other folks they can prey on. And if you’ve already been targeted, be sure to check your system for malware and report the call to the FTC at 1-877-FTC-HELP
Fighting back
Report the scam
- In the US: File a complaint (FTC) | More information about online fraud
Report misleading ads
“TrustInAds.org comprises a group of Internet industry leaders that have come together to work toward a common goal: Protect people from malicious online advertisements and deceptive practices.” Report misleading ads here.
Shut down their remote software account
- Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
- LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.
Tech Support Blacklist
This list is being updated on a regular basis from our own investigations as well as from tips we receive from our readers. There are two main objectives with that list:
- To protect people who are about to call for tech support assistance and want to make sure the company has not already been listed.
- To provide assistance to victims that have already been conned and are googling the phone number they called or company they interacted with.
If a company is listed below, it meets at least one of the following criteria:
Criteria:
- #1 Pretends to be working for Microsoft or ‘Windows’.
- #2 Uses misleading tactics to force a sale (see an example here).
- #3 Finds viruses, malware or an infection on a perfectly clean system.
- #4 Validates a fraudulent popup or page as legitimate (see an example here).
List:
Company name and aliases: 24/7 PC Guard Website(s): 247pcguard.com Phone number(s): 1-888-855-7953 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000001
Company name and aliases: 365 Tech Help Website(s): 365techhelp.co/bng/slow-pc, fastsupport.com Phone number(s): 1-866-539-8804 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 09/27/2013 Incident ID: 0000002
Company name and aliases: Speak Support Website(s): speaksupport.com, 121usa.com Phone number(s): 1-800-806-0768 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 10/04/2013 Incident ID: 0000003
Company name and aliases: PC Smart Care Website(s): pcsmartcare.com, pcsmartcare.us Phone number(s): 1-855-569-5945 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 11/27/2013 Incident ID: 0000004
Company name and aliases: PC Mask Website(s): pcmask.com Phone number(s): 1-877-385-1667 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 11/28/2013 Incident ID: 0000005
Company name and aliases: My Tech Gurus Website(s): mytechgurus.com Phone number(s): 1-866-587-1775 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 12/11/2013 Incident ID: 0000006
Company name and aliases: MegaITSupport Website(s): megaitsupport.com Phone number(s): 1-888-939-3618 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/09/2013 Incident ID: 0000007
Company name and aliases: GBM Support Website(s): gbmsupport.net Phone number(s): 1-800-492-3960 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/23/2013 Incident ID: 0000008
Company name and aliases: Click4Support Website(s): lickforsupport.net, webtechmasterhelp.com, techsupportcenter.org, techsupportive.com Phone number(s): 1-855-668-8555 Affiliate(s): N/A Remote control software: LogMeIn: 292242 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/23/2013 Incident ID: 0000009
Company name and aliases: PC Toolkit Pro Website(s): pctoolkitpro.com Phone number(s): 1-855-803-1370 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000010
Company name and aliases: iGennie Website(s): igennie.net Phone number(s): 1-888-239-4339 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/30/2013 Incident ID: 0000011
Company name and aliases: Compute My PC Website(s): computemypc.com Phone number(s): 1-800-356-7697 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/31/2013 Incident ID: 0000012
Company name and aliases: TechFix Pro Website(s): techfixpro.com Phone number(s): 1-888-768-0082 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000013
Company name and aliases: iMax Support Website(s): imaxsupport.com, fix247.org Phone number(s): 1-800-247-0830 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 03/25/2014 Incident ID: 0000014
Company name and aliases: Internet Security Protect Website(s): internetsecurityprotect.com Phone number(s): (020)-3289-1596 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000015
Company name and aliases: All In One Tech Support Website(s): allinonetech.net, allinonetech.us Phone number(s): 1-800-487-9456 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000016
Company name and aliases: 1844desktop Website(s): 1844desktop.com Phone number(s): 1-884-337-5867 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000017
Company name and aliases: Comlogic Website(s): comlogicinc.com Phone number(s): 1-888-930-1033 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000018
Company name and aliases: PC Tech Clinic Website(s): pctechclinic.com Phone number(s): 1-855-486-4411 Affiliate(s): N/A Remote control software: LogMeIn: 152903 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 06/17/2014 Incident ID: 0000019
Company name and aliases: Condis Services Website(s): condiservices.com Phone number(s): 1-888-221-6490 Affiliate(s): N/A Remote control software: ISL: 19834912 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 06/17/2014 Incident ID: 0000020
Company name and aliases: aolrisk Website(s): aolrisk.com Phone number(s): 1-855-666-8849 Affiliate(s): N/A Remote control software: LogMeIn: 770772 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000021
Company name and aliases: 247 Support Experts Website(s): 247supportexperts.com, 3wayhelp.com Phone number(s): 1-888-221-1582 Affiliate(s): N/A Remote control software: LogMein: 146794 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/14/2014 Incident ID: 0000023
Company name and aliases: SysCare247 Website(s): syscare247.com Phone number(s): 213-260-2279 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000024
Company name and aliases: OMG Tech Help Website(s): omgtechhelp.com Phone number(s): 855-316-8324 Affiliate(s): N/A Remote control software: LogMeIn: 642695 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/21/2014 Incident ID: 0000025
Company name and aliases: OnVoiceSupport Website(s): omgtechhelp.com Phone number(s): 855-316-8324 Affiliate(s): N/A Remote control software: LogMeIn: 642695 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/21/2014 Incident ID: 0000026
Company name and aliases: Ecomputer Support Website(s): ecomputersupport.net Phone number(s): 1-877-360-0594, 1-855-820-8680 Affiliate(s): N/A Remote control software: LogMeIn: 432039 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/23/2014 Incident ID: 0000027
Company name and aliases: E-Racer Tech (Clean IT PC) Website(s): e-racertech.com, cleanitpc.com Phone number(s): 1-855-486-1800, 1-877-648-7339 Affiliate(s): error711971669.com Remote control software: LogMeIn: 432039 Payment processor: N/A Reason for blacklisting: #2, #4 Incident date: 05/28/2014 Incident ID: 0000028
Company name and aliases: Cump Tech Media Pvt Ltd Website(s): xevoke.com,onlineinstanthelp.com Phone number(s): 1-855-209-0559 Affiliate(s): onlineinstanthelp.com/malwarebytes-us/download.html Remote control software: LogMeIn: 186024 Payment processor: CheckOut LTD Reason for blacklisting: #2, #3 Incident date: 07/31/2014 Incident ID: 0000029
Company name and aliases: Fast Fix 123 Website(s): fastfix123.com Phone number(s): 1-800-832-3088 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #3 Incident date: 08/22/2014 Incident ID: 0000030
Company name and aliases: ProcomSupport247 Website(s): procomsupport247.com Phone number(s): 1-866-456-2763 Affiliate(s): techsupportnumber.us/online Remote control software: LogMeIn: 162225 Payment processor: FreshBooks Reason for blacklisting: #1,#2,#3,#4 Incident date: 09/04/2014 Incident ID: 0000031
Company name and aliases: American Tec Help Website(s): americantechelp.com Phone number(s): 1-800-984-9830 Affiliate(s): N/A Remote control software: LogMeIn: Payment processor: N/A Reason for blacklisting: #1,#2,#3,#4 Incident date: 11/06/2014 Incident ID: 0000032
Company name and aliases: LiveTechOnCall, Live Tech On Call, AVIVO LLC Website(s): livetechoncall.com Phone number(s): 1-888-456-7041 Affiliate(s): N/A Remote control software: TeamViewer Payment processor: N/A Price: $509.97 Reason for blacklisting: #1,#2,#3,#4 Incident date: 12/10/2014 Incident ID: 0000033