Aug 07 2016

An Introduction to Tech Support Scams

Over the past 25 years, no item on the tech sphere has become as ubiquitous as the personal computer. Be it a Windows based machine, a Mac, or in the rare case of the tech savvy user, a Linux machine, virtually everyone owns at least one traditional machine. Sadly, much like smart phones and tablets, people don’t have any clue how they work, and don’t even want to learn in many cases. When things break, which they inevitably do, they don’t know how to fix them themselves and thus they seek outside help.

This is where things go bad. Naturally, the average person will do a search on Google for support. Sure, you can find plenty of online help this way, but you are just as likely to run into a tech support scam.

What is a tech support scam, you ask?

Well, the simple answer would be just exactly what it sounds like, but that doesn’t tell you anything, does it? To get the idea across, it would be better to explain what they do.

Online tech support can't help you with this one...

Online tech support can’t help you with this one…

Please note that these particular examples are based on them accessing a Windows machine. It should also be mentioned that in most cases, but not always, these scams are based out call centers located in India – those you speak with will say certain odd phrases, and of course, very thick accents. While there are legitimate companies based in India, and have a strong love of technology, especially Microsoft based systems, there are also many many scam companies running there. It’s a reason to be cautious, but not a reason to immediately end the call.

Since many common computer issues are software related, and usually require just some basic tools to clean up, these tasks can be done remotely. What the tech support scammer does is have you go to a website and download a remote support tool and gain remote control of your machine that way. Simple.

It goes worth noting that someone wanting to support you this way is not uncommon – I’ve done it personally before to help people, including even my best friend. Remote connections are not the key sign of a scam.

Your first sign that things are amiss with this support group will be in what they show you once they are connected. Any normal tech support will work with you to understand exactly what the issue is. Instead, on average, a tech support scammer will go one of a  few options to demonstrate to you how damaged your machine is:

1: They will go into Event Viewer and tell you that every error or warning is an indication of something horrible happening to the computer, usually caused by an “infection” of some unknown kind. Event Viewer tends to be a very detailed listing of every little abnormality that happens with your machine – most warnings are harmless, and Event Viewer is best used by tech support to look for key events and time associated with them for diagnosing specific problems.

A typical Event Viewer listing for applications. No major issues here!

A typical Event Viewer listing for applications. No major issues here!

2: They will go into the msconfig utility and show you “stopped services” which, once again, are not working due to “infections.” Services generally only run when needed, and as such them being stopped is completely normal. Only when they should be running and are not is there an issue. Think of it like your car – you don’t have it running when you aren’t driving it, do you? I would think not under most cases.

This is completely normal.

This is completely normal.

3: The biggest one of all, they will open a command window, and run a command like DIR, or TREE, and while the command is displaying the contents of your hard drive, which they claim is a scan, they will literally type in the command window “VIRUS DETECTED… COMPUTER DAMAGE 80%” or something similar, literally lying to you via text. What is funny to note is often they will press return after this, which causes windows to try to execute the nonsense command – you can often see an error after this happens.

4: Also in a command prompt window, they will run the “NETSTAT” command, which lists all network connections on the machine. It lists them as “Local” and “Foreign” IP Addresses, which, due to the terms used, are mentioned by the scammer to be people from some other nation, usually Russia, “hacking into your PC as we speak”! This of course is a lie, an the terms simply refer to the nature of the connection from the machines point of view.

Identical to what they would do, they type up a message while the impressive looking TREE command is executing. Note that if you try to run this "message" it pops up with an error.

Identical to what they would do, they type up a message while the impressive looking TREE command is executing. Note that if you try to run this “message” it pops up with an error.

Whatever method, or combination they use, they will inevitably claim the machine is on its last leg, an that your “software warranty has expired” or something similar. They will also often claim that you have either an “infection in your network” (but not your main computer) or that you are infected with a particular virus, either KOOBFACE or ZEUS. In the past they used to claim csrss32, a standard windows service, as a virus, due to the way a particular website listed it, but since that website has changed it’s article on the virus, and begun to mention scammers using it as a lie, they have moved away from listing this as the problem.

Regardless, by this time they either have you hanging up on them, or convinced.that your machine is doomed. Any anti-virus or anti-malware you have they will claim is no good, doesn’t work, or doesn’t detect the kind of “infection” you have. It’s insane.

That’s when they ask you to pay to “fix” these issues that they lied to you about. It’s quite hilarious, they want you to type in critical banking information, credit card details, and other facts, all on a system and network that they just spent upwards of an hour convincing you was completely compromised. Why in the hell would you put the information into such a damaged system?

In fact, another element to this I find hilarious is that in some cases, they will cold-call you, claiming they are from Microsoft, and that your machine is sending them errors and alerts.

Now, in this case, or in the previous case about the system scan detecting these issues.. if the computer can detect the error, why can’t it just go on and fix it? It’s a stupid proposition, the machine knows what’s going on, but magically can’t repair itself? Yeah, sure buddy. Keep lying to me.

Ah, I could go on and on about the details, the nuances, and more, of the typical tech support scam. In fact, I intend to. I’m going to start another weekly article series called “Scammer Sunday” where I share, you guess it, tech support scam content for you to enjoy.

For now, here’s a link or two to check out. Enjoy.

Permanent link to this article:


  1. That’s why I always try to fix stuff myself because I don’t trust what some people say, it helped that I used to know someone that was basically an IT expert so he fixed anything too difficult for me. Something you didn’t mention in the article was all the driver ‘fixers’ that scammers want you to download all the time.

    1. Oh, I didn’t forget- they actually play a role in this as well. It’s just a matter of getting to them, since, as I said, there is so much more to cover than this article would do best to go into. Soon, very soon, I’ll cover it all.

Leave a Reply

%d bloggers like this: