This is a current popular scam that unfortunately snags a lot of unsuspecting computer users. It’s the Fake Tech Support scam.
You get a call from someone claiming to be with “Microsoft” or from “Windows” and they tell you that your computer has been reporting some problems and viruses, so they need to just log in and check it for you. The reality is that they are probably calling from an internet cafe like the one pictured above, just trying to “reel in” their next victim.
Of course, the end goal for the “tech” is to get the victim to pull out their credit card and pay for this “service”. They will find all kinds of viruses and infections on the computer (that aren’t really there) in order to instill fear in the mind of the owner, and unfortunately a lot of people fall for it.
Recently I found one of these scam companies and contacted them, posing as a customer whose computer was running too slowly (probably the most common complaint any tech hears). I was told I would get a call back in about 10 minutes, and that is what happened.
I was ready for that call – I recorded the audio of the call, as well as what was happening on my computer screen when I allowed the scammer to log in.
One thing to keep in mind, as you hear the “tech” talk about all the infections in my computer – this was a computer that is completely clean. There were no infections in it whatsoever.
Here are some things to notice in the video:
:10 – He identifies himself as being from the Technical Department from Windows Service Center from Microtech (lots of official-sounding names, signifying nothing).
:44 – He tells me my computer has infections before he even connects to it.
1:46 – For some reason he wanted to show me the Wikipedia entry for “Koobface”, the virus he claimed was infecting my computer. Apparently this was supposed to be proof of some sort.
2:05 – This is where he wants to show me the infected files. So he clicks Start – Run and then does a search for inf infection. All this does is bring up files and folders that contain either of those terms. This is a clever misdirect because it is a totally meaningless search. Lots of files will match that search. For example, any file that has the word “information” will come up as a match, because it contains “inf”. So of course lots of files and folders come up when he does this.
When the search results came up, here is how he described them:
“These are the files and folders with the help of which your Windows 7 works and runs. If one of the files has been highly corrupted, then on a chain basis all the files will be corrupted. And for that reason the computer might can stop working. Or it might can crash at any point of time.”
At this point, I’m wondering – if all my Windows files are corrupted, how is the computer running right now?
3:05 – He says he will try to open one of the files, and if Windows cannot open the file then that means it is corrupted. This is another clever ruse. The file he tries to open is “acpi.PNF”. This is a Windows system file (that’s why it is in the Windows folder). It is not meant to be opened and viewed because there is no program associated with the .PNF extension. In other words, if the file was “acpi.doc”, the computer knows that all .DOC files get opened with Word. For a file that ends with .PNF, there is no program to open it. So of course it doesn’t open, and he points to that as “proof” that the file is corrupted.
4:05 – I asked him what is the difference between a “virus” and an “infection”. His response:
“A virus is a very common thing. It always pops up right in front of your desktop screen stating that you have a virus in your computer. Now the online infections are always in a hidden format, corrupting your system, which you know your computer might suddenly stop working or suddenly might crash. And this cannot be defended by any kind of antivirus in your computer, like Norton, AVG, McAfee, or CyberDefender, whatever you use. They cannot go ahead and protect you and save your computer.”
The guy was a smooth talker, but his words were utter nonsense.
4:50 – Now he will try to open that same file, but he will force it to open in Notepad (Windows plain text editor). Since the file is not designed to be opened or viewed, what shows on the screen looks like random gibberish:
I of course, playing the unknowing newbie, expressed shock at that. He told me these were “the infections that are on each and every file on my computer in a hidden format”. It really was laughable what he was asking me to believe. Unfortunately, a lot of people do fall for it.
6:10 – For his final proof that my computer is fully infected, he claims he is about to do a “Windows internal scan”. This is another move that I have to give him a little bit of credit for – it’s pretty clever.
He types Run – then CMD and Enter. This brings up what is called the Command Prompt. It is just something that looks like the old DOS windows on older machines. He says this is where he will do the “scan”. On HIS computer (which I cannot see), he has a large text file which he COPIES (to his clipboard). Then on MY screen, he quickly does a right-click and PASTE – so that large text file starts scrolling up the screen. It does look like a scan, but it is nothing more than just the text he pasted.
When the “scan” is done, guess what – the text all turned RED. I guess that was to make it look infected, and it really did look scary! Of course, if you look near the bottom of the window, there is a command: “color c“. Whenever that command is entered at a command prompt, it turns the text red. Obviously not something the average person would know, so the scammer doesn’t even care that it is sitting right there in front of me in plain sight.
The last line of that window stated that my system damage was 80%, and that my “security warranty” had expired. Apparently this was how all those nasty infections invaded my poor computer. Funny thing is, “security warranty” is just a vague mumbo-jumbo term and there really is no such thing that needs to be “renewed” in Windows. But that is what he wants me to buy.
11:15 – Finally he goes for the close. He quotes me the pricing for renewing this imaginary security license:
For 2 years: $299
For 3 years: $374
For my lifetime: $549 (Note: this is not the lifetime of the computer. It is for the rest of MY life. And this covers any computer I might buy in the future, and any other computer in my house. Any computer problems will be repaired at no cost. Obviously he wants to make the most expensive option also appear to be the best value. But this proposal is about as far-fetched as anything he has told me so far.)
14:00 – The call came to an end in a way that you would never guess. You just have to listen to it.
These guys obviously have things down to a science with this scam. There is one big factor that makes this scam different from a lot of other ones. With most online scams, at some point the victim figures out that he’s been scammed, then there’s no way to get the money back because you usually pay cash or Western Union which is never recoverable. In this case, you pay with a credit card. So wouldn’t you think the scammers would have a problem with their victims complaining and contesting the charge when they find out they got scammed? But it’s not a problem for them for this one reason: the victim never realizes he was scammed. He pays his money, the scammer “fixes” the computer and does another fake scan, and this time the text all comes up white instead of red. So that must mean it got fixed! So since the victim doesn’t know any better, he thinks he just bought something of value, and does not complain. Gotta hand it to these guys, they have figured out a way to part people from their money.
Have you had a call like this? How was it different? I would love to hear what your experience was.