My troll call with a tech support scammer


This is a current popular scam that unfortunately snags a lot of unsuspecting computer users. It’s the Fake Tech Support scam.

tech support scammers

You get a call from someone claiming to be with “Microsoft” or from “Windows” and they tell you that your computer has been reporting some problems and viruses, so they need to just log in and check it for you.  The reality is that they are probably calling from an internet cafe like the one pictured above, just trying to “reel in” their next victim.

Of course, the end goal for the “tech” is to get the victim to pull out their credit card and pay for this “service”.  They will find all kinds of viruses and infections on the computer (that aren’t really there) in order to instill fear in the mind of the owner, and unfortunately a lot of people fall for it.

Recently I found one of these scam companies and contacted them, posing as a customer whose computer was running too slowly (probably the most common complaint any tech hears).  I was told I would get a call back in about 10 minutes, and that is what happened.

I was ready for that call – I recorded the audio of the call, as well as what was happening on my computer screen when I allowed the scammer to log in.

One thing to keep in mind, as you hear the “tech” talk about all the infections in my computer – this was a computer that is completely clean.  There were no infections in it whatsoever.

Here are some things to notice in the video:

:10 – He identifies himself as being from the Technical Department from Windows Service Center from Microtech (lots of official-sounding names, signifying nothing).

:44 – He tells me my computer has infections before he even connects to it.

1:46 – For some reason he wanted to show me the Wikipedia entry for “Koobface”, the virus he claimed was infecting my computer.  Apparently this was supposed to be proof of some sort.

2:05 – This is where he wants to show me the infected files.  So he clicks Start – Run and then does a search for inf infection.  All this does is bring up files and folders that contain either of those terms.  This is a clever misdirect because it is a totally meaningless search.  Lots of files will match that search.  For example, any file that has the word “information” will come up as a match, because it contains “inf”.  So of course lots of files and folders come up when he does this.

When the search results came up, here is how he described them:

“These are the files and folders with the help of which your Windows 7 works and runs.  If one of the files has been highly corrupted, then on a chain basis all the files will be corrupted.  And for that reason the computer might can stop working.  Or it might can crash at any point of time.”

At this point, I’m wondering – if all my Windows files are corrupted, how is the computer running right now?

3:05 – He says he will try to open one of the files, and if Windows cannot open the file then that means it is corrupted.  This is another clever ruse.  The file he tries to open is “acpi.PNF”.  This is a Windows system file (that’s why it is in the Windows folder).  It is not meant to be opened and viewed because there is no program associated with the .PNF extension.  In other words, if the file was “acpi.doc”, the computer knows that all .DOC files get opened with Word.  For a file that ends with .PNF, there is no program to open it.  So of course it doesn’t open, and he points to that as “proof” that the file is corrupted.

4:05 – I asked him what is the difference between a “virus” and an “infection”.  His response:

“A virus is a very common thing.  It always pops up right in front of your desktop screen stating that you have a virus in your computer.  Now the online infections are always in a hidden format, corrupting your system, which you know your computer might suddenly stop working or suddenly might crash.  And this cannot be defended by any kind of antivirus in your computer, like Norton, AVG, McAfee, or CyberDefender, whatever you use. They cannot go ahead and protect you and save your computer.”

The guy was a smooth talker, but his words were utter nonsense.

4:50 – Now he will try to open that same file, but he will force it to open in Notepad (Windows plain text editor).  Since the file is not designed to be opened or viewed, what shows on the screen looks like random gibberish:

tech support scammer

I of course, playing the unknowing newbie, expressed shock at that.  He told me these were “the infections that are on each and every file on my computer in a hidden format”.  It really was laughable what he was asking me to believe.  Unfortunately, a lot of people do fall for it.

6:10 – For his final proof that my computer is fully infected, he claims he is about to do a “Windows internal scan”.  This is another move that I have to give him a little bit of credit for – it’s pretty clever.

He types Run – then CMD and Enter.  This brings up what is called the Command Prompt.  It is just something that looks like the old DOS windows on older machines.  He says this is where he will do the “scan”.  On HIS computer (which I cannot see), he has a large text file which he COPIES (to his clipboard).  Then on MY screen, he quickly does a right-click and PASTE – so that large text file starts scrolling up the screen.  It does look like a scan, but it is nothing more than just the text he pasted.

When the “scan” is done, guess what – the text all turned RED.  I guess that was to make it look infected, and it really did look scary!  Of course, if you look near the bottom of the window, there is a command: “color c“.  Whenever that command is entered at a command prompt, it turns the text red.  Obviously not something the average person would know, so the scammer doesn’t even care that it is sitting right there in front of me in plain sight.

tech support scammer

The last line of that window stated that my system damage was 80%, and that my “security warranty” had expired.  Apparently this was how all those nasty infections invaded my poor computer.  Funny thing is, “security warranty” is just a vague mumbo-jumbo term and there really is no such thing that needs to be “renewed” in Windows.  But that is what he wants me to buy.

11:15 – Finally he goes for the close.  He quotes me the pricing for renewing this imaginary security license:

For 2 years: $299

For 3 years: $374

For my lifetime: $549 (Note: this is not the lifetime of the computer.  It is for the rest of MY life.  And this covers any computer I might buy in the future, and any other computer in my house.  Any computer problems will be repaired at no cost.  Obviously he wants to make the most expensive option also appear to be the best value.  But this proposal is about as far-fetched as anything he has told me so far.)

14:00 – The call came to an end in a way that you would never guess.  You just have to listen to it.

These guys obviously have things down to a science with this scam.  There is one big factor that makes this scam different from a lot of other ones.  With most online scams, at some point the victim figures out that he’s been scammed, then there’s no way to get the money back because you usually pay cash or Western Union which is never recoverable.  In this case, you pay with a credit card.  So wouldn’t you think the scammers would have a problem with their victims complaining and contesting the charge when they find out they got scammed?  But it’s not a problem for them for this one reason: the victim never realizes he was scammed.  He pays his money, the scammer “fixes” the computer and does another fake scan, and this time the text all comes up white instead of red.  So that must mean it got fixed!  So since the victim doesn’t know any better, he thinks he just bought something of value, and does not complain.  Gotta hand it to these guys, they have figured out a way to part people from their money.

Have you had a call like this?  How was it different?  I would love to hear what your experience was.

listen to my podcast in iTunes

Share this post

17 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

April 1st, 2013


I received a very similar call about 6 months ago.

I let him do his thing and as he was talking I was asking him to speak up I couldn’t hear him. Eventually he was literally yelling. Then I got him to hold while I had to go to the bathroom.

Then I started snoring and snorting trying to wake myself up. And then moved into the senile act. And started talking my dog had died.

This guy was so patient because I kept him on the phone for about 30 minutes. and he was giving me sympathy while still trying to sell me. When I told him I had to go get my wallet he would have to call me back to give me 30 minutes or so to compose myself.

30 minutes on the dot he called and I went into the senile and deaf act. Then I “broke down” after 10 minutes he said he would call back and he did. Another 5 minutes of me being senile, deaf, crying and snorting he hung up and never called back.

This guy was so sure he had landed a big fish with me, but I beat him at his own game. I know this is some serious business, but if you listen carefully while the guy is talking you can hear “boiler room voices” (other people) talking in the background.

Thanks for putting this reminder out there.


Scott Johnson
April 1st, 2013

That’s great Ken!

Charlotte Henderson
April 1st, 2013

Scott, I received one of these calls (actually, two) about three months ago. First of all, I had been having no problems with my computer and hadn’t called anyone for help. So, I immediately asked him why he was calling me. He gave me some story. . . meanwhile I’m thinking this is a scammer. I told him that there was no way I was going to let him get into my computer. He quickly told me he could give me my Service ID number. And I told him I didn’t care if he had such a number and that I felt the longer I was on the phone with him the more rick I was at. I said I’m going to hang up now. And I did. I unplugged my whole power strip and phone (DSL) line.

I don’t know anything about how all the words and photos squeeze through all those wires onto my screen, but I figured if nothing was connected he couldn’t bust into it. It made me feel better, at least. He called back in about two hours – by this time I was all reconnected and I just said, No thank you and hung up.

I emailed all my friends about the incident. I will also forward them this story of yours.


Scott Johnson
April 1st, 2013

Well done Charlotte, way to play it safe!

jay scattergood
April 1st, 2013

that’s really funny! Great scam.

April 1st, 2013

Scott, that was quite clever and very interesting!

I received a “similar” type of call about a year or so ago, introducing himself much as this guy did; however, although I knew it was a scam, I didn’t have the savvy to
take it as far as you did! I did tell him that my computer was not infected and had no problems, and politely forced the call to end! I hope he feels very frustrated that he didn’t get a “sale” out of you…and that, in effect, he was that one that was scammed!


Scott Johnson
April 1st, 2013

I have to admit Maurice, it was kind of fun to scam the scammer!

April 1st, 2013

Is the sound of “Grandma’s” ashes braking a computer generated sound? That’s a great one! Loved it!

Scott Johnson
April 1st, 2013

Nope, that was an actual sound I created here in my home office. I was thinking about having a contest to see if anyone can guess what it was.

Sandy Mesmer
April 1st, 2013

Very Funny — but also very good to know.

Vee Foote
April 2nd, 2013

I am cracking up with laughter. First of all, you have a lot more patience with these non-English speaking people than I do. But, the finale was just great. Loved it!! Thank you for making my day.

John W
April 2nd, 2013

I got one of these calls and when it got to enter the cc info I told him I didn’t have the money, he said just fill out the cc info if it doesn’t go threw, no problem. I didn”t feel like giving him my cc info so I tried to disconnect the remote interface and I guess his computer was much faster than mine and before I could do anything to stop him he took control of my computer and deleted everything on my desktop. Good thing I had Carbonite. He thought he actually hurt me. I was waiting for them to call me back and try it again so I could waste their time disconnect the router and tell them to thank whoever did that to me. They never called back.

Scott Johnson
April 2nd, 2013

Yes, they can be malicious John. That’s why I didn’t want to use my own personal computer for this experiment.

Steve Bristol
April 2nd, 2013

Academy award for you on that call Scott, you were really reeling that guy into thinking he had another poor computer dummie:)

I really appreciate each and every one of your tips every Monday, as they are all very helpful.

Thanks again,

Steve Bristol

Charlie Pernice
April 2nd, 2013


Greetings from Newcastle. You missed all the snow.

Fred Tieman
April 3rd, 2013

Is there a way you could have reverse infected his system with a whopper of a “infection” as sort of justice?

Scott Johnson
April 3rd, 2013

Fred – maybe, but that’s not what I would do – I think the best revenge is making people more aware of these scams so that fewer people fall for it.