Technical support scam

From Rotten Websites Wiki
Jump to navigation Jump to search

Technical support scam is a common internet scam where a scammer organization pretends to be a legitimate technology company's technical support division, or pretend to be a legitimate technical support company. There are many forms of this scam, however, they all try to coax the victim to pay for service that the victim doesn't need and/or will never help in any way.

Fake popup/error messages

Scammers often create fake webpages that look like error messages, saying the victim's computer is infected with viruses, spyware, ransomware, etc. It instructs the victim to call a phone number to talk to a technical support scammer.

  • They are often designed to look like real Microsoft help website, Windows Defender, Chrome Safe Browsing warning, Windows infamous blue screen of death, etc. in order to make it look more legitimate.
  • Often has an infinite loop alert dialog to prevent potential victims from closing the page until dialogs are blocked
  • Some also have an infinite loop fullscreen to prevent potential victims from closing it
  • Often has beeps and voice recordings to make the message seem scarier
  • Some have a JavaScript infinite loop to intentionally crash the browser and sometimes freezing the victim's computer

Fake technical support websites

A scammer organization makes a website to pretend to be a legitimate technology company's technical support division or a legitimate third party technical support company.

  • They often include many keywords to make the website show at the top of search results on Google and many other search engines
  • Some may also correlate with malware/scam software such as fake antivirus programs.

Scam calls

Most technical support scam websites and popups instruct potential victims to call their phone number. The potential victim then talks to a technical support scammer. Then they request remote access using Teamviewer, GoToAssist, LogMeIn Rescue, Supremo, etc.

  • Usually, scammers claim "problems" the victim is facing is a result of a "network infection", "expired license", "adware infection", etc.
    • Scammers may define the following fake terms as:
      • Network infection - A virus and/or hacking that has infected the victim's network. It is spread throughout all of the victim's devices connected to the same network, and cannot be removed using a standard antivirus program. However, in reality, this does not exist.
      • Expired license - The victim's computer has been hacked as a result of deactivated security due to expired licenses. However, in reality, Windows license keys do not expire, ever.
      • Adware infection - A (generic) malware. It's a false definition, the real definition is malware that causes unwanted advertisements to appear.
      • rundll32.exe - Common malware program file. In many cases, the scammer will also search on Google for "rundll32.exe" and open a webpage about it, and scroll down where it talks about possible malware using that name. However, the victim's computer actually has a legitimate Windows process.
  • They often open command prompt and say it is a security scanner.
    • They say the tree or dir command is a virus scanner. They then manually input text like "Virus detected! System 98.49% infected". However, in reality, it is just listing all the files on the computer.
    • They say netstat command a network security scanner. They point out the foreign IP addresses list, claiming they are hackers. In reality, they are normal and appear when the computer connects to something on the internet or network.
  • They may point out certain Windows processes/services showing status as "stopped". Having several Windows services showing stopped is very normal as it does not always or ever use certain Windows Services.
  • Always, the scammer will claim the victim needs to pay for service, and/or "security".
    • The security is actually nothing installed or a scam antivirus program.
    • This leads to the victim losing money to something completely unhelpful.
  • Sometimes, the scammer may even try to make the victim's computer unusable.
    • They may delete certain critical Windows files such as the System32 folder and claim they are viruses.
    • They may use SAM Lock Tool (also known as syskey) to encrypt the victim's computer files with a password only known to the scammer. This makes all the files unrecoverable and the computer will not boot unless the victim somehow finds the password.
    • They may change the login password

Tips to avoid Tech Support Scams

  • Don't call the phone number of where it was seen on this scam site, many of those companies doesn't let you call that number.
  • It's the best way to ignore and don't follow these instructions, which those can make you fall from a scam, or hang up.
  • Don't provide remote access to a scammer, which means you'll provide remote access to no one, ever.

Other information

  • Many technical support scammers are based in India or Nigeria
  • They often use VOIP phone numbers that can easily be deactivated and replaced
  • Most of the technical support scams are evil and cruel