Technical support scam

From Rotten Websites Wiki
Revision as of 02:18, 25 November 2021 by DarkMatterMan4500 (talk | contribs) (Reverted edits by Do you know my favorite movie, answer it when you bl0ck me (talk) to last revision by Dorothy Nightingale)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
An example of a technical support scam.

Technical support scams, alternately called FakeAV sites are a common internet scam where a scammer organization pretends to be a legitimate technology company's technical support division, or pretend to be a legitimate technical support company. There are many forms of this scam, however, they all try to coax the victim to pay for service that the victim doesn't need and/or will never help in any way.

While they are hard to find by Google Search, they can easily appear via pop-ups.

Fake popup/error messages

Scammers often create fake webpages that look like error messages, saying the victim's computer is infected with viruses, spyware, ransomware, etc. It instructs the victim to call a phone number to talk to a technical support scammer.

  • They are often designed to look like real Microsoft help website, Windows Defender, Chrome Safe Browsing warning, Windows blue screen of death, etc. in order to make it look more legitimate.
  • Often has an infinite loop alert dialog to prevent potential victims from closing the page until dialogs are blocked
  • Some also have an infinite loop fullscreen or dialog box to prevent potential victims from closing it
  • Often has beeps and voice recordings to make the message seem scarier
  • Some have a JavaScript infinite loop to intentionally crash the browser and sometimes freezing the victim's computer

Fake technical support websites

A scammer organization makes a website to pretend to be a legitimate technology company's technical support division or a legitimate third party technical support company.

  • They often include many keywords to make the website show at the top of search results on Google and many other search engines. They may also pay Google or other search engines for advertising their site and displaying it at the top of the results.
    • This hides legitimate customer support webpages, tricking victims in believing they are contacting legitimate customer support.
  • Some may also correlate with malware/scam software such as rogue antivirus programs.
    • Reimage Plus is an infamous example of scareware that correlates with technical support scams.
  • Some sites involve illegitimate things, such as your iPhone being infected with viruses, and telling you to download a something (e.g VPN, etc) to fix a problem. In reality, VPNs don't even fix viruses, they serve as an alternate connection.

Scam methods

Most technical support scam websites and popups instruct potential victims to call their phone number. The potential victim then talks to a technical support scammer. Then they request remote access using Teamviewer, GoToAssist, LogMeIn Rescue, Supremo, etc.

  • Usually, scammers claim "problems" the victim is facing is a result of a "network infection", "expired license", "adware infection", etc.
    • Scammers often use terms with false definitions to scare the victim, such as"
      • Network infection - A virus and/or hacking that has infected the victim's network. It is spread throughout all of the victim's devices connected to the same network, and cannot be removed using a standard antivirus program. However, in reality, this does not exist.
      • Expired license - The victim's computer has been hacked as a result of deactivated security due to expired licenses. However, in reality, Windows license keys are perpetual and never expire.
      • Adware infection - A generic term for malware. It's a false definition, the real definition is malware that causes unwanted advertisements to appear.
      • rundll32.exe - Common malware program file. In many cases, the scammer will also search on Google for "rundll32.exe" and open a webpage about it, and scroll down where it talks about possible malware using that name. However, the victim's computer actually has a legitimate Windows process.
  • They often open command prompt and say it is a security scanner.
    • They use the tree or dir command, which lists all the files on the computer, and claims it is a virus scanner. They then manually input text like "Virus detected! System 98.49% infected" to make it look legitimate.
    • They use the netstat command and claim it is a network security scanner. They point out the foreign IP addresses list, claiming they are hackers. In reality, they are normal and appear when the computer connects to something on the internet or network.
  • They may point out certain Windows processes/services showing status as "stopped". Having several Windows services showing stopped is very normal as your computer does not always or ever use certain Windows Services.
  • Always, the scammer will claim the victim needs to pay for service, and/or "security".
    • The security is usually nothing, a fake antivirus program that could ironically be malware, or an antivirus program that is already free. Scammers might also uninstall reputable software/antiviruses and replace them with fake antivirus or inferior programs.
    • This leads to the victim losing money to something completely unhelpful. The service prices are overpriced usually costing over 200+ USD to 'fix' when other software can do that at a lesser price or free. They may also try to bargain the victims into buying a 'lifetime' support or the most expensive option sometimes even 'discounting' it for them as tactics to get more money.
  • Sometimes, the scammer may even try to make the victim's computer unusable if the victim does not comply.
    • They may delete certain critical Windows files such as the System32 folder and claim they are viruses.
    • They may use SAM Lock Tool (also known as syskey) to encrypt the victim's computer files with a password only known to the scammer. This makes all the files unrecoverable and the computer will not boot unless the victim somehow finds the password. This feature was removed in Windows 10 because it was considered obsolete and was often abused by this scam.
    • They may change the login password, sometimes might even ask the victim to type their current password to create the new passcode.
  • While on your computer, they may rummage around your desktop to try to get your information such as banking, credit card numbers, or personal info sometimes activating webcam. They can have remote access to your computer at any point even after the session is over.

Tips to avoid Tech Support Scams

  • Don't call the phone number of where it was seen on this scam site, many of those companies doesn't let you call that number.
  • It's the best way to ignore and don't follow these instructions, which those can make you fall from a scam, or hang up.
  • Don't provide remote access to a scammer or someone you don't know.
  • Do not click suspicious links or ads, this is where most people encounter these fake messages.
  • Get an antivirus, they are able to detect most malicious pop-ups before they appear. Also use reliable web browsers in which they can detect and block bad webpages.
  • Use a reputable antivirus program. Some programs such as Avast also offer protection against phishing sites.

Other information

  • Many technical support scammers are based in India or Nigeria.
    • While some Remote access software can detect suspicious connections from other countries, scammers bypass this by having the victim connect to the scammers PC in which scammer says their connection ID.
  • They often use VOIP phone numbers that can easily be deactivated and replaced. The fake virus pop-ups as well are replaced frequently whenever they are reported or taken down.
  • Older or less technical people are the primary targets of these scams.
  • Scammers may collect your number to get other scammers to call you.
  • Scambaiting, the act of pretending to be victims and contacting scammers to waste their time, has become popular online.


Loading comments...