CompuClever Blog

Tech Support Fraud

by

Have you ever played that “Whac-A-Mole” game?  It’s the one where moles pop up out of a hole and you bonk them on the head and down they go.  It doesn’t matter how many you bop on the head – they keep popping up.  That’s pretty much how it is with fraudulent phone call scams.  There have been some fines handed out to companies and individuals engaged in these scam activities, but they still keep popping up again and again.  If you have ever had one of these phone calls you would agree – the callers are convincing. 

We’re going to start off with a description of how this scam works followed by legal action taken against the scammers, and recent activity.  Following this we will offer advice in terms of what to do when getting called and what to do if you or someone you know has already had a call and been the victim of technical support fraud.

Description

A tech support scam involves a variety of “confidence tricks” that include part-truths, outright lies, and some aggressive sales pitches.  It typically involves someone calling you on the phone and posing as a computer support technician, quite often, from a well-known and reputable company.  For example, Microsoft’s name gets thrown in during the early going of the phone call.  Other times they pose as support technicians from security companies like Symantec or McAfee or from computer manufacturers such as Dell.  The next part of the call moves quickly, most likely to avoid you asking anything about their credentials. They begin to dupe you into believing your computer is infected by taking you on a wild goose chase on your PC.

Fundamentally, this is where many people who have not heard of this kind of scam will succumb as they feel that someone, that is technically capable of offering assistance, is here to improve their computer functioning in some manner.  Quite often what the caller will do is to guide you through opening up folders to a location on your computer where you can view a Windows log of errors.  Suffice it to say, all Windows operating systems record errors that are harmless and can be considered low-level errors that are not particularly harmful.

Now the sale pitch begins and the caller instructs you to download software or to allow them to remotely access the PC.  The con artists will charge for their “help” and have you pay them for useless software.  Often the software is not only worthless, it may include malicious software designed to steal online account information and passwords.

An Example

To see a video  example of a tech support scam in action we suggest checking out a video created by a  senior security technician, Jerome Segura, who gets a call and not only plays along with the scam but records it in action.[1] If you want a written description of a call that was stopped short in its tracks… read on.

What They Get

First, let’s take a look at what you get out of this exchange.   While you may think you get a better performing PC and some peace of mind, what is more likely is you haven’t gained much of anything or you have put yourself at risk.  It’s quite often the case that the software they downloaded to your computer is typically something that can be downloaded for free or they have created it but it does not remove malicious software at all.  In fact, there is a potential that the software is malicious.  It may be designed to provide remote access to your computer at any time and provide the scammers with the means to gain access to your personal and financial information.

No matter what the payoff is – the goal is to make money from the transaction in some manner.   So who is the target and for how much?

…tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand, and the United Kingdom, were conned by bogus technical support operations–largely based in India–into paying between $49 and $450 for fake services.[2]

Refund scams:  Another scam involves having paid for tech support services and getting a call about a refund.  In this scam the goal is to get your personal financial information, like your credit card or bank account number.  Sometimes it will be several months after the purchase before you get a call asking if you are pleased with the service.  When you state you are not, they offer you a refund.  Alternatively, the caller may start by saying that the company is going out of business and is providing refunds for warranties and other services.  No matter how it starts out, eventually you are asked for a bank or credit card account number or you are asked to create a Western Union account.  They might even offer to assist you by remotely accessing your computer to help you fill out the necessary forms.   Instead of putting money in your account, they withdraw funds.

Taking Action – FTC

The Federal Trade Commission, or FTC, is an independent US agency that works for consumers.  Its mission is consumer protection; to prevent fraudulent, deceptive, and unfair business practices.  The FTC also provides information to help spot, stop, and avoid fraudulent acts.  To this end the FTC has launched a major international crackdown on tech support scams.

At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets.  “The FTC has been aggressive – and successful – in its pursuit of tech support scams,” said FTC Chairman Jon Leibowitz. [3]

The FTC chairman at the time went on to say that “tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem.”  In May 2013, fines were handed out to three of the alleged perpetrators.

Recent activity

To be clear – this scam goes back several years but it picked up speed around 2010 and continues to go strong despite FTC efforts to the contrary.  In fact, in 2011 Microsoft warned Windows users to be on guard and were instrumental in having the FTC file charges against the six scam operators mentioned above.  Despite the fines that were imparted, the scam persists and more operators are working the same scam.

More than a year after the U.S. Federal Trade Commission (FTC) heralded a major crackdown on fraudsters posing as Microsoft technical support personnel, consumers continue to receive calls from scammers.[4]

What are the Odds? You may ask: What are the chances that I will get one of these calls?  During the writing of this article this author had received a call with a phone display of: “Colorado 303-442-9287″ It wasn’t the first time receiving a fraudulent call and while wanting to “play along” like what Jerome Segura did in the example above, a different approach was taken.  The call went like something this:

Scam Caller (with a foreign accent): “Hello my name is ——— ———- and I’m calling from Microsoft Windows about a problem with your computer.  Are you near your computer?” 

Author: “Can I get your name and contact information… your phone number?”

<pause>

Author: “You know… it’s a coincidence that you are calling.  I am writing an article about tech support fraud.  And, I know this is a tech support fraud call.”

<no response>

Author: “What you are doing is unethical.  I know that this is a scam and it is unethical.”

Caller: “We sell software to remove malware.”

Author: “I work for companies that sell legitimate software and what you are doing is tricking people into buying software.  It’s unethical.”

<another pause>

Author: “Are you still there?”

Caller: “Yeah.”

Author: “For seniors and for people that do not know better… they are tricked into buying software and it is unethical and in some cases illegal.”

Caller: “Yeah.”

Author: “I have to go” <I was in the process of putting my one year old to bed> “I hope that you can find a better job and I wish you luck in doing so.”

Caller: “OK”

How to Spot the Scam:  In this case, the call display number seemed to be legitimate.  But, it is important that you do not rely on caller ID alone to authenticate a caller as criminals can spoof caller ID numbers.  That is to say, they may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.  This explains why it sounds as though English is their second language.

Also, it is very rare for Microsoft and most legitimate businesses to make unsolicited phone calls.  In a statement provided by Microsoft they clearly state[5]:

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. 

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer…  These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

One of the best ways to detect that this is a scam call is how quickly they proceed.  Within the first minutes of the call they will instruct you to your computer and either provide directions or they will ask to control your PC remotely.

What to do…

To fight back, many people try to tie up the callers on the phone for as long as possible or even provide them with fake credit card numbers.  We would not recommend stirring the hornet’s nest.  We have heard payback stories such as having telemarketing phone calls re-directed to your phone number.  It’s far better to be prepared and to defend your ground.

1)    When getting a call:

  1. Who is it? This is the first defense against this scam attack.  According to the law, telemarketers must tell you it’s a sales call, the name of the seller and what they’re selling before they make their sales pitch.  If you don’t hear this information, say “no thanks,” and get off the phone.
  2. When are they calling? According to the law telemarketers can only call between 8 am and 9 pm.
  3. What’s the rush? Telemarketers and scam artists work with momentum.  There is no hurry on your part.  If you are dealing with a legitimate business they will give you time and can provide written information about an offer before asking you to commit to a purchase.
  4. Is it free? Make sure there are no costs.  Often they could be offering something for free but you have to pay for other costs such as support or services.   Some of these scams will go as far as instructing you to pay in order to redeem a prize or gift.
  5. Do I give out my billing information? In some cases the caller will be asking you to confirm the billing information they have on file for you.  Do NOT give out your billing information or your credit card information!  Don’t even confirm that the information they have is correct or they can claim that you approved of the charge.

To Prevent Getting These Calls:  Tell the caller you do NOT want them to call you again.  You can also enter your phone number on the FTC Do Not Call registry (https://donotcall.gov/).  If they call back, they’re breaking the law and you can register a complaint on the same site.

2)    Already had a scam call:

  1. Malware? If you feel that someone has downloaded software that is malicious, you need to take action to identify and delete the software using a legitimate security solution.  Get started by going here: http://www.consumer.ftc.gov/articles/0011-malware
  2. Passwords? If you gave out any passwords to your PC login system or for online banking – change these passwords immediately.
  3. Credit Card? If you used your credit card to pay for software, services, or for any shipping charges – call your credit card company and reverse the charges.  Check your statement or have the credit card provider check for any charges you did not make and ask to have those reversed as well.
  4. Identity Theft? This involves having your personal information stolen and used without your permission.  “It’s a serious crime that can wreak havoc with your finances, credit history, and reputation.”  Go to this site for more:  http://www.consumer.ftc.gov/features/feature-0014-identity-theft

File a Complaint:  The FTC offers a complaint assistance site here: https://www.ftccomplaintassistant.gov/#crnt&panel1-1

More “Do Not” Tips:
Here are some basic tips to help in all sales transactions where you feel pressured to pay – even if there is a free gift involved. 

  • Do not give into pressure – you do not have to make a decision right away.  Pretend you have a “phone-a-friend” lifeline and call a family member.  Or, ask the caller to email or send you mail about the details of the sale. You can also research offers (with the US consumer list[6] or the BBB[7]) before you agree to send money.
  • Do not give out your credit card, banking information, or social security number.  Do not even confirm any of this information if they have it and are asking for confirmation.
  • Do not send cash by money transfer, messenger, or overnight mail.  If you use cash or a money transfer you can lose your right to dispute fraudulent charges and the money will be gone.  Credit card companies offer some means of defense through a dispute process.

Who Can You Trust

There are companies that work hard to build an ongoing relationship with their clientele.  We at CompuClever count ourselves among these reputable businesses.  We recommend that you check out more about the companies you deal with by going to their “About Us” page on their website.  With CompuClever we accentuate the role of our support and service team for paid customers and we benefit from dealing with issues that come up on your PC system.  Take it from us when we say:

Our knowledgeable and friendly Support team is devoted to provide the utmost excellence in customer service. Simply put, we pride ourselves in serving your computing needs and bringing enjoyment to PC computing.

We hope this article has helped gain some insight and offered you some effective defense against these kinds of scams.  We will continue to investigate story lines like these that affect each of us on a daily basis and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com


[1]http://www.wired.co.uk/news/archive/2013-04/11/malwarebytes
[2]http://www.informationweek.com/security/risk-management/ftc-disconnects-tech-support-telemarketing-scams/d/d-id/1106662
[3]http://www.ftc.gov/news-events/press-releases/2012/10/ftc-halts-massive-tech-support-scams
[4]http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers
[5]http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
[6]http://www.usa.gov/directory/stateconsumer/index.shtml
[7]https://www.bbb.org/