Microsoft Tech Support Scams: Why They Thrive

Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
4. Telephone Scams: Cheap, Easy, Repeatable.

Microsoft support scams succeed in part because they're cheap and easy to run. International call centers -- think boiler rooms -- are often used, situated in an inexpensive labor market such as India, and facilitated via low-cost VoIP telephony.

Thankfully, consumer watchdogs have been mobilizing. Last year, the Federal Trade Commission cracked down on some tech support scams, filing charges and freezing assets associated with 14 businesses and 17 people. It said the scam operations had successfully conned tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand and the United Kingdom, into paying between $49 and $450 for fake services.

At the time, the FTC detailed how many of these scam artists operate: "When consumers agreed to pay the fee for fixing the 'problems,' the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers' computers," according to the FTC. "Once the telemarketers took control of the consumers' computers, they 'removed' the non-existent malware and downloaded otherwise free programs."

5. Technobabble Warnings: "Frozen DNS Trojan."

Obviously, support scams often succeed because many consumers don't understand Windows information security intricacies. But con artists often operate on the edge of believability, slowly reeling in even technologically savvy targets, who they might have caught unaware with an impromptu phone call.

One reader, for example, emailed earlier this year to say the lure of "free" technical support -- no apparent harm there -- initially caught her off guard. "I just received one of those scam calls from an 800 number obviously from someone in India trying to tell me my computer was infected with a 'frozen DNS Trojan' -- originally he said 'virus' but switched to 'Trojan' later in the call," she said. "I didn't fall for it at all but was curious enough to find out exactly what he was up to. Eventually I told him I knew he was a scammer and didn't believe a word he was saying and hung up."

Technobabble aside, she reported almost falling for the scam. "I'm relatively computer savvy and for a brief second I wondered if this was for real," she said. "So if I could be duped (even for a split second) I can see how people get pulled into this type of scam especially when the scammer tries to tell you this is all 'free' for him to show you are infected with this virus or Trojan."

6. Virus Scanners Fake Results.

To try to get their way, scammers might bring psychological pressure to bear. For example, when Jerome Segura, senior malware research at Malwarebytes, was cold-called by tech support con artists he gave them access to a virtual machine. They flew into repair rage when he refused to pay $229 following their fake ministrations. "They got mad and deleted documents and pictures from my (virtual) machine before cutting me off in a very rude way," he said in a blog post.

Fake bells and whistles might also be employed. This month, for example, Segura said he decided to call a tech-support number that flashed up in a pop-up advertisement window, just to see where it might lead. As before, he gave the tech support person who answered remote access to his PC -- not telling him it was a fully cleaned and isolated virtual machine -- on which he installed, as instructed, TeamViewer software, through which the supposed tech-support agent accessed the PC, then ran a downloaded scanner. Just two seconds later, the scanner reported extensive virus infections. Segura said his analysis of the scanner's database found that it was "stuffed with false positives which aren't just accidents, but clearly used to add some drama."

Added drama or not, don't fall for tech-support scams.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)