Fake Microsoft Support Scams Lead to Dire Consequences

For the last nine months, I’ve heard numerous stories from friends, family, and clients about calls they’ve supposedly received from Microsoft. Unfortunately, the calls are all scams that can have dire consequences. If you haven’t heard similar stories, they usually go something like this: a person calls and says that he is a tech with Microsoft that’s contacting you because your Windows-based computer is being monitored by them and is infected with a virus and he wants to help fix it. Over the course of the conversation, he’ll ask to remote into your PC, and ultimately tell you that the level of support required to fix it requires payment and that you’ll have to provide a credit card number. More nefarious scammers will then go the extra mile and install spyware on your machine to snag your passwords and other personal information, which could then be used to access your bank accounts or even steal your identity.

Fake Microsoft Support Scams Lead to Dire Consequences

This just can’t be repeated enough and I encourage all that read this article to spread the word to friend and family alike !

My experience:

Well, I just got off the phone with a couple of these scammers.

Of course, I knew right out of the gate that the call was a sham. The odds of Microsoft ever calling an end-user out of the blue are about as likely as Bill Gates giving away millions of dollars on Facebook because you shared a photo, so that’s the first clue.  But I’m also experienced enough to know when a so-called technician doesn’t know his gigabits from gigabytes, and it wouldn’t have taken long to figure out the caller was full of it anyway.

Just in case you find yourself the target of one of these phone scams, or you want to inform your not-so-tech-savvy acquaintances about the possibility, I figured it would be beneficial to let you all know how the call went down. When I answered the phone, a heavily accented fellow explained that he was with Microsoft and that my ISP has contacted them because a Windows machine using my broadband connection was infected with a virus.  He asked me to go to my Windows PC and requested that I perform some mundane tasks, like opening the web browser, and hitting a couple of websites–all the while telling me what I should expect to see on-screen. I assume this was some sort of half-witted ploy to gain my trust, but there was no chance of that happening.  While the scam-artist was trying to prove his worth, I used the time to check e-mail and other unrelated things, I thought I’d waste as much of the guy’s time as possible, to prevent him from calling someone else and having more success.

Event Viewer
After a while “checking websites” the scammer then had me open Event Viewer. He tried to explain the importance of the information contained in Event Viewer’s logs, and then used a rudimentary scare tactic that I suspect would work on casual PC users. He asked how many entries were in the system log (to which I happily answered 1337!), and tried to convince me that all of those entries were errors caused by the virus. He then took a more dire tone and asked me to check the Security and Application logs (again, I gave bogus numbers of 43 and 666!).

This was the point where the real scam was about to start. The caller used the number of events listed in Event Viewer to claim that the “infection” on my system was more severe than anticipated and that there would be a charge for any tech support services moving forward. He then asked for a credit card number. I refused to give him one and said I would only pay upon completion of the clean-up. As I mentioned earlier, I wanted to keep him on the line as long as possible, but I also wanted to see what tactics these low-lives were using to scam people. After my charade, the original caller put me on hold and said he had to forward me to a tech support manager who would continue to help me out.

The second man to take the line then directed me to logmein123.com and asked me to install some remote desktop software. I should point out that logmein123.com is totally legit (and actually a great tool), but the scammer planned to use it for no good. I went so far as to install the logmein123.com remote desktop client, so I could see what a correct user ID looked like, but did not give the caller the correct ID. I fed him some false IDs (again, to waste more time), and ultimately told the caller to megabyte me (in not so kind words) and they hung up after sharing a few choice words. Had I given him the correct ID, the caller would have been able to instantly access my PC.

If I was better prepared and had a virtual machine setup that I could sacrifice for the cause, I would have let the scammers do their thing and let them believe they’d infiltrated another unfortunate soul’s computer, but I wasn’t. It’s a shame too, because it would have been useful to see what (and where) they’d download and install. Regardless, I hope this little bit of information helps. If you’re the recipient of one of these calls, at least now you’ll know they are a scam, and if you have a little time of your hands you can waste the scammers’ time and limit the number of other folks they can prey on. And if you’ve already been targeted, be sure to check your system for malware and report the call to the FTC at 1-877-FTC-HELP

Fighting back

 

Report the scam

Report misleading ads

TrustInAds.org comprises a group of Internet industry leaders that have come together to work toward a common goal: Protect people from malicious online advertisements and deceptive practices.” Report misleading ads here.

Shut down their remote software account

  • Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
  • LogMeIn: Report abuse

Spread the word

You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.

Tech Support Blacklist

 

This list is being updated on a regular basis from our own investigations as well as from tips we receive from our readers. There are two main objectives with that list:

  • To protect people who are about to call for tech support assistance and want to make sure the company has not already been listed.
  • To provide assistance to victims that have already been conned and are googling the phone number they called or company they interacted with.

If a company is listed below, it meets at least one of the following criteria:

Criteria:

  • #1 Pretends to be working for Microsoft or ‘Windows’.
  • #2 Uses misleading tactics to force a sale (see an example here).
  • #3 Finds viruses, malware or an infection on a perfectly clean system.
  • #4 Validates a fraudulent popup or page as legitimate (see an example here).

List:

Company name and aliases24/7 PC Guard 
Website(s): 247pcguard.com
Phone number(s): 1-888-855-7953
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000001
Company name and aliases365 Tech Help 
Website(s): 365techhelp.co/bng/slow-pc, fastsupport.com
Phone number(s): 1-866-539-8804
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 09/27/2013
Incident ID: 0000002
Company name and aliasesSpeak Support 
Website(s): speaksupport.com, 121usa.com
Phone number(s): 1-800-806-0768
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 10/04/2013
Incident ID: 0000003
Company name and aliasesPC Smart Care 
Website(s): pcsmartcare.com, pcsmartcare.us
Phone number(s): 1-855-569-5945
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 11/27/2013
Incident ID: 0000004
Company name and aliasesPC Mask 
Website(s): pcmask.com
Phone number(s): 1-877-385-1667
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 11/28/2013
Incident ID: 0000005
Company name and aliasesMy Tech Gurus 
Website(s): mytechgurus.com
Phone number(s): 1-866-587-1775
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 12/11/2013
Incident ID: 0000006
Company name and aliasesMegaITSupport 
Website(s): megaitsupport.com
Phone number(s): 1-888-939-3618
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 01/09/2013
Incident ID: 0000007
Company name and aliasesGBM Support
Website(s): gbmsupport.net
Phone number(s): 1-800-492-3960
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 01/23/2013
Incident ID: 0000008
Company name and aliasesClick4Support
Website(s): lickforsupport.net, webtechmasterhelp.com, techsupportcenter.org, techsupportive.com
Phone number(s): 1-855-668-8555
Affiliate(s): N/A
Remote control software: LogMeIn: 292242
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 01/23/2013
Incident ID: 0000009
Company name and aliasesPC Toolkit Pro
Website(s): pctoolkitpro.com
Phone number(s): 1-855-803-1370
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000010
Company name and aliasesiGennie
Website(s): igennie.net
Phone number(s): 1-888-239-4339
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 01/30/2013
Incident ID: 0000011
Company name and aliasesCompute My PC
Website(s): computemypc.com
Phone number(s): 1-800-356-7697
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 01/31/2013
Incident ID: 0000012
Company name and aliasesTechFix Pro
Website(s): techfixpro.com
Phone number(s): 1-888-768-0082
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000013
Company name and aliasesiMax Support
Website(s): imaxsupport.com, fix247.org
Phone number(s): 1-800-247-0830
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 03/25/2014
Incident ID: 0000014
Company name and aliasesInternet Security Protect
Website(s): internetsecurityprotect.com
Phone number(s): (020)-3289-1596
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000015
Company name and aliasesAll In One Tech Support
Website(s): allinonetech.net, allinonetech.us
Phone number(s): 1-800-487-9456
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000016
Company name and aliases1844desktop
Website(s): 1844desktop.com
Phone number(s): 1-884-337-5867
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000017
Company name and aliasesComlogic
Website(s): comlogicinc.com
Phone number(s): 1-888-930-1033
Affiliate(s): N/A
Remote control software: 
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000018
Company name and aliasesPC Tech Clinic
Website(s): pctechclinic.com
Phone number(s): 1-855-486-4411
Affiliate(s): N/A
Remote control software: LogMeIn: 152903
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 06/17/2014
Incident ID: 0000019
Company name and aliasesCondis Services
Website(s): condiservices.com
Phone number(s): 1-888-221-6490
Affiliate(s): N/A
Remote control software: ISL: 19834912
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 06/17/2014
Incident ID: 0000020
Company name and aliasesaolrisk
Website(s): aolrisk.com
Phone number(s): 1-855-666-8849
Affiliate(s): N/A
Remote control software: LogMeIn: 770772
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000021
Company name and aliases247 Support Experts
Website(s): 247supportexperts.com, 3wayhelp.com
Phone number(s): 1-888-221-1582
Affiliate(s): N/A
Remote control software: LogMein: 146794
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 07/14/2014
Incident ID: 0000023
Company name and aliasesSysCare247
Website(s): syscare247.com
Phone number(s): 213-260-2279
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: N/A
Incident ID: 0000024
Company name and aliasesOMG Tech Help
Website(s): omgtechhelp.com
Phone number(s): 855-316-8324
Affiliate(s): N/A
Remote control software: LogMeIn: 642695
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 07/21/2014
Incident ID: 0000025
Company name and aliasesOnVoiceSupport
Website(s): omgtechhelp.com
Phone number(s): 855-316-8324
Affiliate(s): N/A
Remote control software: LogMeIn: 642695
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 07/21/2014
Incident ID: 0000026
Company name and aliasesEcomputer Support
Website(s): ecomputersupport.net
Phone number(s): 1-877-360-0594, 1-855-820-8680
Affiliate(s): N/A
Remote control software: LogMeIn: 432039
Payment processor: N/A
Reason for blacklisting: #2, #3
Incident date: 07/23/2014
Incident ID: 0000027
Company name and aliasesE-Racer Tech (Clean IT PC)
Website(s): e-racertech.com, cleanitpc.com
Phone number(s): 1-855-486-1800, 1-877-648-7339
Affiliate(s): error711971669.com
Remote control software: LogMeIn: 432039
Payment processor: N/A
Reason for blacklisting: #2, #4
Incident date: 05/28/2014
Incident ID: 0000028
Company name and aliasesCump Tech Media Pvt Ltd
Website(s): xevoke.com,onlineinstanthelp.com
Phone number(s): 1-855-209-0559
Affiliate(s): onlineinstanthelp.com/malwarebytes-us/download.html
Remote control software: LogMeIn: 186024
Payment processor: CheckOut LTD
Reason for blacklisting: #2, #3
Incident date: 07/31/2014
Incident ID: 0000029
Company name and aliasesFast Fix 123
Website(s): fastfix123.com
Phone number(s): 1-800-832-3088
Affiliate(s): N/A
Remote control software: N/A
Payment processor: N/A
Reason for blacklisting: #3
Incident date: 08/22/2014
Incident ID: 0000030
Company name and aliasesProcomSupport247
Website(s): procomsupport247.com
Phone number(s): 1-866-456-2763
Affiliate(s): techsupportnumber.us/online
Remote control software: LogMeIn: 162225
Payment processor: FreshBooks
Reason for blacklisting: #1,#2,#3,#4
Incident date: 09/04/2014
Incident ID: 0000031

Company name and aliasesAmerican Tec Help
Website(s): americantechelp.com
Phone number(s): 1-800-984-9830
Affiliate(s): N/A
Remote control software: LogMeIn:
Payment processor: N/A
Reason for blacklisting: #1,#2,#3,#4
Incident date: 11/06/2014
Incident ID: 0000032

Company name and aliasesLiveTechOnCall, Live Tech On Call, AVIVO LLC
Website(s): livetechoncall.com
Phone number(s): 1-888-456-7041
Affiliate(s): N/A
Remote control software: TeamViewer
Payment processor: N/A
Price: $509.97
Reason for blacklisting: #1,#2,#3,#4
Incident date: 12/10/2014
Incident ID: 0000033