How tech support scams operate

how tech support scams operate

How tech support scams operate

Calls from fake Microsoft agents


Usually from India and operating out of boiler rooms, these scammers call people in the U.S, Canada, the UK, and Australia whom they find in the phone directory.

The scam is straightforward: pretend to be calling from Microsoft, gain remote control of the machine, deceive the victim with bogus error reports, and solicit the money.

If you ever receive a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is hang up. Scammers prefer to utilize VoIP technology, so their real numbers and location are protected. Their calls are virtually free, which is why they can do this 24/7.

As per Microsoft:

You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

Toll-Free Numbers (TFN) for fraudulent tech support companies


Most based in India, however, they are also in the U.S, just have a different approach to scamming. These companies promote using big search engines as well as sites with high traffic. People who call them for support and get tricked with similar techniques employed by Indian cold callers.

Another origin for these companies comes from some of their current customers or clients of their parent companies sent to them. The remote specialist upsells the client who only came to activate their software but ends up forking hundreds of dollars on “Windows support.”

Fake pop-ups pretending your computer is infected—reminiscent of FakeAV—are used by scammers to reel in naive victims.

If you choose to call for remote computer support, you need to be very cautious about which company you are going to deal with. Just picking the first ad on a search results page could end quitebadly.

Unfortunately, the company or technician being from the US is not a guarantee for honest service. Various businesses in the US are using dirty tricks to take advantage of people, with the not tech-savvy and elderly as their prime targets.


If you don’t feel comfortable doing this online, brick-and-mortar computer repair shops are a good choice.

Remote access

The ‘technician’ asks to have remote access to your computer and may use remote login software to do so. Note that while those applications are absolutely genuine, it is essential to remember that if you run this kind of software, you are effectively giving a complete stranger total control of your computer.


A method that has been gaining popularity by tech support scammers is to spread malware with the sole purpose of locking the user out of his own computer. We call this type of malware screenlockers and the installers are detected as Rogue.TechSupportScam. They may look like a BSOD (Blue Screen of Death) or a warning that you are using illegal software (asking for a registration key). The malware is offered as part of a bundle or posing as an installer for something else.

The ones that look like a BSOD usually have a telephone number on them that belongs to the scammers outfit. Once you call that number they will tell you a trick to get rid of the BSOD to gain your trust, but of course the trick was built into the program for that reason.

The type asking for a registration number usually has a telephone number as well, but often they come with a few links that will open sites with popular remote assistance/desktop software like TeamViewer, LogMeIn, Ammy Admin, Supremo, and others. In these cases, the scammers will ask you to install that software and give them your access code, so they can “repair” your computer. Selling you overpriced solutions and “service contracts” is the real goal, obviously.

If you are interested in some examples, we have blog posts on the following:

Should you be confronted with one of these screenlockers, do a search on our forums for the displayed telephone number. With any luck, we have already reverse engineered the screenlocker, and you can find a removal guide among the Malware Removal Self-Help Guides for your particular version.

Tricks you should look out for

Once logged into your computer, the remote technician will attempt to trick you by fabricating errors or even viruses on your computer. They like to use the default Windows tools and turn them against you, hoping you’ll get scared and follow up their directions.

Getting help if you have been scammed

Getting scammed is one of the worst feelings to experience. In many ways, you feel like you have been violated and are angry to have let your guard down. Perhaps you are even shocked and scared, and don’t really know what to do now. The following tips will hopefully provide you with some guidance.

If you already let them in

  • Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
  • Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Emsisoft to quickly identify and remove threats.
  • Change all your passwords. (Windows password, email, banking, etc.)

In some cases (i.e., you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:

  • Master password lock out

There are various “hacks” to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utility. It is described in this Ask Ubuntu page.

  • Missing software drivers

First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and downloading the appropriate driver.

  • Missing files

First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.

If you already paid

  • Contact your financial institution/credit card company to reverse the charges and keep an eye out for future unwanted charges.
  • If you gave them personal information such as date of birth, Social Security Number, full address, name, and maiden name, you may want to consult the FTC’s website and report identity theft.

Reporting the scam

File a report

Shut down their remote software account

  • Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support. They can later use the information you provide to block people/companies.
  • LogMeIn: Report abuse

Spread the word

You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although sharing your experience of falling victim to these scams may be embarrassing, educating the public will help someone caught in a similar situation and deter further scam attempts.


While hanging up is the safest thing to do when you get a cold call, some people have gone on a mission to expose those scammers. While we don’t endorse this behavior, if you do have information to share, please let us know and we will update this page with any new relevant details.

Stay Safe!



Leave a Reply