Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Microsoft Tech Support Scams: Why They Thrive

Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.

Windows Blue
(click image for larger view and for slideshow)
8 Things Microsoft Should Fix In Windows Blue
Consumers: Hang up on anyone who cold-calls offering Windows technical support, never believe an Internet pop-up that reports your PC is infected with malware, and, above all, don't ever install software from an untrusted source who offers to rid your PC of viruses, perhaps for free.

If people followed those precepts, they'd avoid the hassle and expense of scammers out to make a quick buck. But Microsoft technical support scams continue to be alive and well, sticking victims with bills of between $50 and $450 for security smoke and mirrors, or sometimes perpetrating financial fraud that costs far more.

According to a 2011 Web survey of 1,298 people conducted by British consumer rights watchdog Which?, 3% of respondents said they'd allowed scammers to log onto their PC and 2% gave them money. Interestingly, 3% said they weren't sure if a technical support cold call had really been a scam or not.

Here's a hint: Cold callers offering tech support advice are scammers. Here are six recent examples of how these fraudsters operate.

1. Scammers Reuse Scripts.

The con artists behind telephone repair scams often reuse the same script, which often begins: "I'm calling from Microsoft. We've had a report from your Internet service provider of serious virus problems from your computer."

[ Tired of being stuck in password hell? See 10 Top Password Managers. ]

One reader emailed Saturday to say that he'd received "an almost word for word phone call on my landline." After hanging up, he alerted his telephone company. "All they could offer was ... a call trace, and to notify my local police. Which I may pursue," he said.

2. South African Targeted By StartControl.

Another reader, a retired South African systems programmer, emailed last week to report that he'd been targeted by telephone scammers offering technical support. First, they asked him to press the Windows start button, then enter this URL: www.startcontrol.com. That took his browser to a site labeled as BeAnywhere support express, which prominently features the following message: "Please insert the reference supplied to you," with the reference referring to a six-digit PIN. "They even give you a six-digit PIN, that's where I stopped them, 19 minutes later," he said.

BeAnywhere is legitimate remote-control software. But who is Startcontrol.com? According to Alexa, Startcontrol.com has been operating for 10 years and ranks in the top 3.8 million of all websites globally. It appears that 77% of search engine traffic to the site involves Arabic speakers. A link to the website's "Termos of Service," however, lead to a "server error: 404 - File or directory not found" message.

The site's whois listing says that the domain was registered by GoDaddy, which lists the site's administrative and technical contact as being based in Portugal. But an email sent to the listed whois contact bounced back with an error message that the account didn't exist. Likewise, the telephone number listed in the whois entry appears to be bogus; a call to that number lead to BSPI - Intelligent Business Solutions. An employee at the firm said his company, which resells Sophos security products, has no affiliation with startcontrol.com, and that he'd never before heard of the company.

GoDaddy.com didn't immediately respond to an abuse report filed Friday morning for www.startcontrol.com.

3. Support Routines Might Be Real-Time Smokescreens.

One risk from allowing scammers to install software on your PC is that the "support application" might be used to disguise fraudulent activities. In April, for example, a reader emailed to say he'd been cold-called by someone claiming to be a Microsoft representative, warning that he had numerous viruses on his computer. The caller offered to remove the viruses and get the PC "running like new" for free, provided he "renew" his software.

"He then [asked] for card info which I gave him. Then I [got] an email from Western Union of a transfer of money which I did not authorize so I [checked] my account and found he had taken $882 out," said the reader. "I called Western Union about it and they said there was nothing they could do as the money was picked up and they could not give me the name of who got it."

The supposed virus-killing offer seemed to mask fraudulent activity. "He went so far as to show me all the errors he found but, while the program was supposed to be loading, my screen was black and I suspect that was when he was hitting my account," he said.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/17/2017 | 12:25:39 PM
Thank You!!!!!
Thank you!!! Just had a call desribing the exact steps listed here on the startcontrol scam. Before I hit download I told them to hold, googled startcontrol.com scam and this popped up. Thank you for this service. James
User Rank: Apprentice
9/10/2016 | 1:30:24 PM
Scam alive and well!
I just got a call and a gentleman with an Indian accent told me he was the tech that worked on my PC (I just got a new PC) and my Windows PC was not updating and they were going to enable this.  I played along and they asked me to go to www.startcontrol.com (he even 'guessed' that I was a Chrome user).  I told him my PC rebooted and looked it up online and found some SCAM info, but not a lot.  As I played along they told me to enter a code, I didn't have one so they gave me one, told me to enter it in the box and hit the inocuous gray 'download' button. He was smooth.  I can see people falling for this and actually downloading terribly malicious software onto their PCs.  No one you don't know should tell you download something onto your PC.  This is just the phone version of an email hoax with a virus or worm attached except they are talking you through the download!  HANG UP! 
User Rank: Apprentice
12/30/2014 | 6:26:53 PM
Re: MicroSoft Fraud
I do not believe that Microsoft can legally monitor/trace phone calls, review credit charges, and trace the money trail to catch these cyber criminals.  The federal governament does, and with the billions scammed with these fraud cases, some people might think it would be a good idea.  (Just dont know if any of those poeple are in the current administration)


Here is one possible scenerio,  (I just got off the phone with a scammer by the way).  These guys have call centers; huge operations making money hand over foot.

They also have a consistent process, making it real easy to catch.

 When a call is received by a scammer, (I knew it was a scammer),  you go to a webpage while the scammer is on the phone and enter the phone number on which the call is recieved and details about the operation.

The phone could be traced real time; the web site could provide a credit card number specifically designed to be traced.  You give this credit card number to the fraudulent person.  Then put in the ach request and the destination account would simply be identified; the phone conversation recorded an the fraud halted.  Additionally the account could then be reviewed and the charges reversed for like transactions.

Not sure what the motivation for not doing this is.  Must be some motive.


 This is a very low tech means.  In reallity this could be done in an automated fasion.  The keywords "From Microsoft" could be scanned real time like other key phrases, that trigger a person to monitor and prevent the fraud, and stop the losses.  If there was a privacy concern the technology could speak to the scammee, without the scammer hearing to allow the call to be monitored; thereby catching the criminal.  I beleive the law provides for a non-citizen to be monitored during a criminal act;  the monitoring would occur only after technology identifies the call is part of a  criminal act.


Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
12/3/2014 | 10:57:06 AM
Re: MicroSoft Fraud
You were wise not to fall victim to that vishing scam, @WilburD802. But you are in the minority. Here's some data from a recent Dark Reading poll on the subject of social engineering tactics like this one...
User Rank: Apprentice
12/3/2014 | 10:40:15 AM
MicroSoft Fraud
Recieved last night a phone call from MicroSoft that my computer had some problems and He has called to fix them.  I thought it was a Scam so I played on a little while, knowing that I did not have a problem with my MicroSoft because I do Not have Microsoft. 

Their telephone number is 348-975-6987 they called me @ 7:06 P.M. Tuesday the 2nd, Wanting me to turn on my computer and he would fix things for me..  No Thanks I told him he was a Scam and he hung up.

Micro Soft should be able to stop this someway. I do not know what the outcome would be but I did not want to find out.

Can you give me any feedback ?    [email protected]
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
5/17/2013 | 1:59:17 AM
re: Microsoft Tech Support Scams: Why They Thrive
Let me be the first to say it... Thank you Steve Case.

Without the explosive popularity of America OnLine and the massive expansion of the Internet in the 90s, I highly doubt that this would be an issue at this point. Remembering the days when the Internet was a utopia of thinkers, students, educators, defense contractors and technically savvy people - a very small percentage of those people would fall for this sort of social engineering.

But, since we've got Ma and Pa Kettle bringing home a brand new PC from their closest big box store and hooking it up to that "new fangled" Internet, you'll have people taking advantage of those who are less savvy.

Something to keep in mind here - how much of a role does the media play in feeding into this monster? Remember Nimda and CodeRed and all of those virii from days gone by? The entire world was made to be extremely afraid of virii - possible considering them to be even worse than a virulent strain of H1N1... because they don't really grasp the idea of a computer virus and what it really does, while everyone knows that H1N1 gives you physical symptoms of an infection.

That said, why isn't there more of an effort to educate people, BEFORE they become a victim of this sort of thing? Ounce of prevention being worth a pound (or dollar) of cure, and all...

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
5/15/2013 | 6:05:06 PM
re: Microsoft Tech Support Scams: Why They Thrive
I got one of these a couple of weeks ago. "I am calling about problem with operating system of, Microsoft Windows, blah, blah, blah" something like that. I just hung up, maybe next time if I have time and feel like it I'll play them like Number 6 did.
Number 6
Number 6,
User Rank: Apprentice
5/15/2013 | 3:00:48 PM
re: Microsoft Tech Support Scams: Why They Thrive
I actually enjoyed getting the telephone scam call a couple months ago. I told the woman who called (Indian accent) that I needed to know the IP address of the PC with the problem, since I have several and she wanted me to go to a URL from that PC. She didn't know what an IP address was, let alone the difference between IPv4 and IPv6. I asked for a phone number that I could call her back at, and got one that I found out later was for a florist in Wisconsin!

After continuing to get nowhere with my IP question, I asked if I could talk with someone who could help. I got her "supervisor," told him that I work in IT, and he tried to convince me that I don't know how networking works. Um, yeah, good luck with that. I was probably coding network software before he was running his first scam. I finally hung up on him, but I regret not getting that URL.

Sounded like a boiler room operation, not an individual.

I agree with Tom. The call was the first time I'd heard about this particular scam. Lots of people could fall for this.
User Rank: Strategist
5/14/2013 | 6:26:58 PM
re: Microsoft Tech Support Scams: Why They Thrive
Is anyone surprised? Most computer users probably shouldn't be allowed near a computer, much less trusted to take the rudimentary steps needed to protect said computer. Until training/schooling focuses on security from day one scamming and the like will remain a major problem.
Tom LaSusa
Tom LaSusa,
User Rank: Apprentice
5/13/2013 | 4:35:07 PM
re: Microsoft Tech Support Scams: Why They Thrive
The real reason why they thrive? Lack of education/passing this information along to family and friends. That's the bottom line. And it doesn't take a whole lot either -- instead of posting yet another silly meme on your Facebook profile, post a notice reminding friends and family to hang up when they get these calls.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).