11:23 AM

Microsoft Tech Support Scams: Why They Thrive

Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.

4. Telephone Scams: Cheap, Easy, Repeatable.

Microsoft support scams succeed in part because they're cheap and easy to run. International call centers -- think boiler rooms -- are often used, situated in an inexpensive labor market such as India, and facilitated via low-cost VoIP telephony.

Thankfully, consumer watchdogs have been mobilizing. Last year, the Federal Trade Commission cracked down on some tech support scams, filing charges and freezing assets associated with 14 businesses and 17 people. It said the scam operations had successfully conned tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand and the United Kingdom, into paying between $49 and $450 for fake services.

At the time, the FTC detailed how many of these scam artists operate: "When consumers agreed to pay the fee for fixing the 'problems,' the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers' computers," according to the FTC. "Once the telemarketers took control of the consumers' computers, they 'removed' the non-existent malware and downloaded otherwise free programs."

5. Technobabble Warnings: "Frozen DNS Trojan."

Obviously, support scams often succeed because many consumers don't understand Windows information security intricacies. But con artists often operate on the edge of believability, slowly reeling in even technologically savvy targets, who they might have caught unaware with an impromptu phone call.

One reader, for example, emailed earlier this year to say the lure of "free" technical support -- no apparent harm there -- initially caught her off guard. "I just received one of those scam calls from an 800 number obviously from someone in India trying to tell me my computer was infected with a 'frozen DNS Trojan' -- originally he said 'virus' but switched to 'Trojan' later in the call," she said. "I didn't fall for it at all but was curious enough to find out exactly what he was up to. Eventually I told him I knew he was a scammer and didn't believe a word he was saying and hung up."

Technobabble aside, she reported almost falling for the scam. "I'm relatively computer savvy and for a brief second I wondered if this was for real," she said. "So if I could be duped (even for a split second) I can see how people get pulled into this type of scam especially when the scammer tries to tell you this is all 'free' for him to show you are infected with this virus or Trojan."

6. Virus Scanners Fake Results.

To try to get their way, scammers might bring psychological pressure to bear. For example, when Jerome Segura, senior malware research at Malwarebytes, was cold-called by tech support con artists he gave them access to a virtual machine. They flew into repair rage when he refused to pay $229 following their fake ministrations. "They got mad and deleted documents and pictures from my (virtual) machine before cutting me off in a very rude way," he said in a blog post.

Fake bells and whistles might also be employed. This month, for example, Segura said he decided to call a tech-support number that flashed up in a pop-up advertisement window, just to see where it might lead. As before, he gave the tech support person who answered remote access to his PC -- not telling him it was a fully cleaned and isolated virtual machine -- on which he installed, as instructed, TeamViewer software, through which the supposed tech-support agent accessed the PC, then ran a downloaded scanner. Just two seconds later, the scanner reported extensive virus infections. Segura said his analysis of the scanner's database found that it was "stuffed with false positives which aren't just accidents, but clearly used to add some drama."

Added drama or not, don't fall for tech-support scams.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/17/2017 | 12:25:39 PM
Thank You!!!!!
Thank you!!! Just had a call desribing the exact steps listed here on the startcontrol scam. Before I hit download I told them to hold, googled startcontrol.com scam and this popped up. Thank you for this service. James
User Rank: Apprentice
9/10/2016 | 1:30:24 PM
Scam alive and well!
I just got a call and a gentleman with an Indian accent told me he was the tech that worked on my PC (I just got a new PC) and my Windows PC was not updating and they were going to enable this.  I played along and they asked me to go to www.startcontrol.com (he even 'guessed' that I was a Chrome user).  I told him my PC rebooted and looked it up online and found some SCAM info, but not a lot.  As I played along they told me to enter a code, I didn't have one so they gave me one, told me to enter it in the box and hit the inocuous gray 'download' button. He was smooth.  I can see people falling for this and actually downloading terribly malicious software onto their PCs.  No one you don't know should tell you download something onto your PC.  This is just the phone version of an email hoax with a virus or worm attached except they are talking you through the download!  HANG UP! 
User Rank: Apprentice
12/30/2014 | 6:26:53 PM
Re: MicroSoft Fraud
I do not believe that Microsoft can legally monitor/trace phone calls, review credit charges, and trace the money trail to catch these cyber criminals.  The federal governament does, and with the billions scammed with these fraud cases, some people might think it would be a good idea.  (Just dont know if any of those poeple are in the current administration)


Here is one possible scenerio,  (I just got off the phone with a scammer by the way).  These guys have call centers; huge operations making money hand over foot.

They also have a consistent process, making it real easy to catch.

 When a call is received by a scammer, (I knew it was a scammer),  you go to a webpage while the scammer is on the phone and enter the phone number on which the call is recieved and details about the operation.

The phone could be traced real time; the web site could provide a credit card number specifically designed to be traced.  You give this credit card number to the fraudulent person.  Then put in the ach request and the destination account would simply be identified; the phone conversation recorded an the fraud halted.  Additionally the account could then be reviewed and the charges reversed for like transactions.

Not sure what the motivation for not doing this is.  Must be some motive.


 This is a very low tech means.  In reallity this could be done in an automated fasion.  The keywords "From Microsoft" could be scanned real time like other key phrases, that trigger a person to monitor and prevent the fraud, and stop the losses.  If there was a privacy concern the technology could speak to the scammee, without the scammer hearing to allow the call to be monitored; thereby catching the criminal.  I beleive the law provides for a non-citizen to be monitored during a criminal act;  the monitoring would occur only after technology identifies the call is part of a  criminal act.


Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
12/3/2014 | 10:57:06 AM
Re: MicroSoft Fraud
You were wise not to fall victim to that vishing scam, @WilburD802. But you are in the minority. Here's some data from a recent Dark Reading poll on the subject of social engineering tactics like this one...
User Rank: Apprentice
12/3/2014 | 10:40:15 AM
MicroSoft Fraud
Recieved last night a phone call from MicroSoft that my computer had some problems and He has called to fix them.  I thought it was a Scam so I played on a little while, knowing that I did not have a problem with my MicroSoft because I do Not have Microsoft. 

Their telephone number is 348-975-6987 they called me @ 7:06 P.M. Tuesday the 2nd, Wanting me to turn on my computer and he would fix things for me..  No Thanks I told him he was a Scam and he hung up.

Micro Soft should be able to stop this someway. I do not know what the outcome would be but I did not want to find out.

Can you give me any feedback ?    [email protected]
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
5/17/2013 | 1:59:17 AM
re: Microsoft Tech Support Scams: Why They Thrive
Let me be the first to say it... Thank you Steve Case.

Without the explosive popularity of America OnLine and the massive expansion of the Internet in the 90s, I highly doubt that this would be an issue at this point. Remembering the days when the Internet was a utopia of thinkers, students, educators, defense contractors and technically savvy people - a very small percentage of those people would fall for this sort of social engineering.

But, since we've got Ma and Pa Kettle bringing home a brand new PC from their closest big box store and hooking it up to that "new fangled" Internet, you'll have people taking advantage of those who are less savvy.

Something to keep in mind here - how much of a role does the media play in feeding into this monster? Remember Nimda and CodeRed and all of those virii from days gone by? The entire world was made to be extremely afraid of virii - possible considering them to be even worse than a virulent strain of H1N1... because they don't really grasp the idea of a computer virus and what it really does, while everyone knows that H1N1 gives you physical symptoms of an infection.

That said, why isn't there more of an effort to educate people, BEFORE they become a victim of this sort of thing? Ounce of prevention being worth a pound (or dollar) of cure, and all...

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
5/15/2013 | 6:05:06 PM
re: Microsoft Tech Support Scams: Why They Thrive
I got one of these a couple of weeks ago. "I am calling about problem with operating system of, Microsoft Windows, blah, blah, blah" something like that. I just hung up, maybe next time if I have time and feel like it I'll play them like Number 6 did.
Number 6
Number 6,
User Rank: Apprentice
5/15/2013 | 3:00:48 PM
re: Microsoft Tech Support Scams: Why They Thrive
I actually enjoyed getting the telephone scam call a couple months ago. I told the woman who called (Indian accent) that I needed to know the IP address of the PC with the problem, since I have several and she wanted me to go to a URL from that PC. She didn't know what an IP address was, let alone the difference between IPv4 and IPv6. I asked for a phone number that I could call her back at, and got one that I found out later was for a florist in Wisconsin!

After continuing to get nowhere with my IP question, I asked if I could talk with someone who could help. I got her "supervisor," told him that I work in IT, and he tried to convince me that I don't know how networking works. Um, yeah, good luck with that. I was probably coding network software before he was running his first scam. I finally hung up on him, but I regret not getting that URL.

Sounded like a boiler room operation, not an individual.

I agree with Tom. The call was the first time I'd heard about this particular scam. Lots of people could fall for this.
User Rank: Strategist
5/14/2013 | 6:26:58 PM
re: Microsoft Tech Support Scams: Why They Thrive
Is anyone surprised? Most computer users probably shouldn't be allowed near a computer, much less trusted to take the rudimentary steps needed to protect said computer. Until training/schooling focuses on security from day one scamming and the like will remain a major problem.
Tom LaSusa
Tom LaSusa,
User Rank: Apprentice
5/13/2013 | 4:35:07 PM
re: Microsoft Tech Support Scams: Why They Thrive
The real reason why they thrive? Lack of education/passing this information along to family and friends. That's the bottom line. And it doesn't take a whole lot either -- instead of posting yet another silly meme on your Facebook profile, post a notice reminding friends and family to hang up when they get these calls.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.