India Based Faked Tech Support Scams
These pop-ups and calls happen to even me and they are as old as the Nigerian prince scams. I’ve played tech ignorant so I could watch what they do and how they are scamming real people. You are browsing the internet and a popup (usually the full screen) comes up and has dire warnings like you are being hacked, all your sensitive information is being leaked and everything including the Biblical plagues are about to be unleashed unless you call this number. Some will claim that your Windows license has expired and you have to pay hundreds to keep using Windows. Usually, they are 844 or 855 toll-free number but vary greatly.
Now sometimes they will call you directly and saw they are Microsoft and your computer is infected with viruses and sending our messages. Same scam, they have no idea you have a computer but most people in America have at least one so they go off assuming you will fall for their scam.
Now sometimes they will call you directly and say they are Microsoft or some other company and your computer is infected with viruses and sending our messages. Sometimes they will claim your Windows license is about to expire which isn’t true, Office 365 will expire but not your Windows itself. Trust me, Microsoft will not call you, they don’t care about us, little people. Calling real tech support for anyone is a pain when they call you offering help that is a major red flag. Same scam, they have no idea you have a computer but most people in America have at least one so they go off assuming you will fall for their scam.
For the TL;DR folks out there, the skinny of it is, the pop-up is just a pop-up ad, I get calls from clients all the time and I go out there and your computer is almost always fine. The ad may have sound to it and is just trying to scare you. You have may trouble to get out of the pop as it may keep popping up new warnings.
Some ways to get out of the pop-up ad.
- Hit Alt + F4 on your keyboard at the same time, that closes out windows / apps / programs using a keyboard shortcut.
- Close your browser process via Task Manager
- Way 1 of accessing Task Manager: Right-click blank area on the taskbar, and choose Task Manager in the context menu.
- Way 2 Right-tap the lower-left corner on the windows symbol to open the menu, and then select Task Manager on it.
- Way 3 Press Ctrl+Alt+Del and choose Task Manager from the choices.
Just don’t call these people, they have fake websites that claim to be Quicken tech support, Apple tech support, the most common Microsoft Support or Microsoft Support Team.
Why do these people do this? I get asked when people are scammed. Most are based in India.
Here is a Forbes article about the Indian call center industry. The average entry level call center salary in India is about $300. That means they’re earning an hourly wage of about $1.75 which is why many legitimate tech companies have their tech support in India, why pay someone $12-16 an hour when you get someone $1.75 or so.
Given that I’ve seen examples of these scams earning as much as $600 at a time with the average being $200-400 from clients of mine, there’s simply no way you’re going to stop this from being immensely profitable and therefore with a population of 1.3 billion people only have to scam one person to earn a year or two salary. I had one client floored I fixed his computer for $80 because he had just paid someone on the phone in India two payments of $600 to do something that I can do in an hour using free programs at that. They never fixed anything anyways.
How does the scam work? They will call you or you call them via a pop-up message and they will need to access your computer. They almost always use www.logmein123.com or teamviewer.com which are legit remote access programs. I use both myself, however, my logmein requires a program to be installed on the computer. They were trying to charge me $250 a month for what I use and it was much higher to use logmein rescue which uses these 6 digit codes and once the remote session is over with, they can’t access it again.
Anyways once they login to your machine they will try to scare you into thinking your computer is in very bad shape and they can help you. The common scammer will open up Event Viewer. EVERY computer, even fresh out of the box has warnings,
The common scammer will open up Event Viewer. EVERY computer, even fresh out of the box has warnings, error and information in the event logs. Even mine is covered in Red Errors. This is normal. Yes, when comes to troubleshooting sometimes there is useful information here. If you have 50 errors referring to your hard drive then maybe that is something to look into. However, the scammer knows every computer will look scary in here and they count on you not knowing what you are looking at to call them bluff.
The common scammer will often open up services here or in computer management, in msconfig it shows services as running or stopped, in computer management, it usually shows running or manual for most services. These are very important, some infections will disable many or all of them. However, the scammer plans on you not knowing what is good or bad so they show you this list and tell you that your computer is very sick.
Scammers will do other things like show you the prefetch folder and saw they will rebuild such files and other temporary file places and claim they are hackers trying to get into your computer. Sometimes they will open a command prompt and do commands like the tree command or the dir /s command which shows all the files on your computer and they will claim they are running a virus scan, which is a lie. Those commands just list your files.
Sometimes they use netstat, netsh or ipconfig. Every computer needs an IP address to get online and sometimes they show your actual IP and say that it is a hacker connected to your machine now. I use to play with friends years ago with some of these commands, they look scary.
Command Prompt can come in handy for actual computer repair but what these scammers show you is nothing to be scared of, they are to be expected but they know it looks scary so they use that fear against you.
After this, they will run a batch file doing who knows what, some of may be seeing if you are messing with them by using a virtual machine, some of them are changing settings to which they can show you as “proof” you were being infected.
Then they usually open a notepad and say something similar to this picture. Offer a price, a warranty and a long list of things they will do. Some of these are just total BS, and sometimes full of spelling mistakes. I’m like Microsoft forgot to spell their name right. Small red flag, some what they say they will do like they disinfect Quicken file and repair batch file errors just make no sense for what you are doing.
In some cases, they use legitimate free programs like AVG, CCleaner, Malwarebytes ( I use those three often) and from time to time they install a real paid for product but something you were conned into paying. So in some ways, a few of these companies aren’t a total scam as you get something real but at the same time, the methods they used were not ethical as they used your fear and ignorance of computers to get you to pay. The markup is pretty high, basically paying $249.99 for a $50 program, 12 tune ups every month, that is a tad excessive but it sounds good. I’ve seen people pay $500 and they have everything fixed online but eventually figured out they paid for nothing. When it comes to hardware issues these people can’t help.
What to do if you they are on your computer right now?
Unplug the computer / turn it off but hopefully, you won’t let them on in the first place.
Don’t fight with these fake support people, if they have access to your computer. Many of them will trash your computer if you don’t pay them. Examples like they will delete your documents, pictures, etc. They will delete your networking adapter so you can’t get online.
Some of them will do a “Sys-Key” lock out. Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key that, by default, is stored in the Windows registry. In other words, you now have a password on your computer that I have no program to undo or crack.
So your option is to pay them a ransom to remove it at which point that $200 is now $500 or more or I can attempt some fixes on this (in my experience none of them have worked yet) or to recover your information and wipe your system clean and install windows fresh again. One option to fix a Sys-Key lock out is here.
Below is a video of a Scammer at work and then deleting all the information on the computer.
Getting even with the scammers
There are a good amount of tech savvy folks who mess with scammers all the time. I’ve done that myself, more so with craigslist and phone scammers. (I get a couple payday loan scams claiming I owe them money and never paid despite never having a payday loan) Also have the fake IRS call too.
In fact, there is a 24/7 live stream on youtube where they just waste their time and call them out on being scammers. Some will admit and say they live a great life doing it.
How do they do it safely? They use a virtual machine which runs on their real computer, so when a scammer messes up their computer then restore the virtual machine snapshot and it is like nothing ever happened. They also use apps that let them switch their caller id number and VPN so they can get a hidden IP address.
Some of the best scammer scammers out there are below, these are people who volunteer their time keep the scammers busy from getting real victims.
MALCOLM MERLYN: https://www.youtube.com/channel/UC_b1…
Nightmare On Scam Street: https://www.youtube.com/channel/UCvXO…
Tired of SPAM email? James Veitch is hilarious in his stories on how he messes with spam scammers.
This guy made a fake Hillary Clinton email deleting virus and made a fake Donald Trump Anti-virus to make your computer great again and will build a great firewall. He uses this to mess with some of these Indian scammers and you can even download the file yourself for pranks.