“Microsoft Tech Support” also known as the “Windows R” Scam and how to avoid it….
Have you ever received a call from someone with a heavy Indian accent from Microsoft saying your computer had errors or viruses? The purpose of these calls is to get an easy $299 (or whatever amount they choose) by scaring you into thinking there’s something really wrong with your computer and that they can fix it for you.
Here’s a report I found online and thought I would share here as it may help some of my own readers avoid this scam….
These telephone based scams have been going on for many years and scammers keep robbing innocent people sadly because their success ratio is still worth their time and effort. It happens that I got ‘the call’ while minding my own business on a regular work day. I immediately recognized what this was all about and decided to play the game to see how far this would go.
The caller’s number did not appear on my phone, a sign that they were using some Voice over IP (VoIP) or such technology that both completely hides their identity and costs them nothing for long distance calls.
This scam is a well-oiled machine which starts off with the alleged Microsoft representative asking you to turn on your computer to perform some checks for errors. They essentially make you open different applications which aren’t typically known by regular users.
Step 1: scare tactics
I was instructed to press the “Windows” and “R” as in Robert keys together to get to the Windows Run dialog box. They then made me type a few more keys to open up Window’s Event Viewer:
Figure 1: Run dialog and command to open Event Viewer
Figure2: Event Viewer showing typical errors
Conveniently, the event viewer will always show some warning or error which the scammer can leverage to instill fear. “You can see it in your own eyes”, she continued before asking me to count how many I could see. While we could have stopped right there, she was intent on pursuing the diagnostic further.
Next stop was Windows Prefetch files:
Figure 3: Windows Prefetch files
The interesting thing about this is that she called those files spyware and viruses so we went from my computer having some errors to being infected. Yet another lie, as those Prefetch files are simply used by Windows to launch programs faster.
Bad things come in threes, as I was now instructed to open the “System Configuration Utility”, also known as msconfig.
Figure 4: Msconfig showing services
She made me focus on the status of each Service and asked me once again to count how many “stopped” ones there were. When I gave her a ball park number, she retorted: “You are just guessing, I want you to count”.
At this point I was ready to beg her to stop and she seemed to think it was enough convincing, that I was ripe enough to move on to the next step. She kindly asked me if I wanted to remediate all these problems and I accepted it. Other than the blatant lies, she had not been too pushy and to her credit gave me the option to decline assistance.
Step 2: the “intervention”
The next part consisted of getting a remote person to fix these “issues” for me. To give them access to my computer I had to download a program called TeamViewer which is totally legitimate software used by many companies and individuals to remote into somebody else’s machine.
Figure 5: TeamViewer, a free program to remote into computers
At this point she asked me for the ID and password before telling me she was going to transfer me to her supervisor. I believe this next person’s role is to process victims and to ensure payment goes through. The man on the phone also had a thick Indian accent and sounded quite professional. He told me a remote technician (which quite likely was also him) was ready to get working on my computer but he could not proceed until I actually instructed him to. I think this might be another technique used to cover themselves, as in I willingly asked them to help me. I felt like asking if I should say “open sesame” but instead I refrained from a cheap joke at their expense and asked what the secret word was. He told me to type “renew my warranty” to the technician.
Figure 6: Once the magic words have been spoken, it all goes downhill..
‘Sean the technician’ was more than eager to help me but the first thing he did was to open my browser to PayPal’s website so that I could pay the required lifetime fee of $299.
Figure 7: A happy scammer, ready to go to work
Figure 8: they want real money!
At that point, I decided to change my mind and no longer wanted to pay so much money for such a ridiculous scam. So instead I entered a wrong Credit Card number to buy some time.
Figure 9: (Un)fortunately, I can’t seem to type my Credit Card number right
After a few other failed attempts I could see the guys were starting to lose patience and then, out of the blue, something very bad happened. Without saying a word, the “remote Microsoft Technician” minimized the PayPal window and took on a mission to destroy all my personal files:
Figure 10: Scammer crosses the line big time, deletes all my pictures, documents, music
I could not believe my eyes. He went on exploring directories in search of other things to remove as fast as he could. When he could not find anything else worthy he could delete, he typed his last message:
Figure 11: They seem upset that I wasted their time
Before completely disappearing he did do one last thing, which was to remove the driver for my ethernet card. This achieved the expected result of completing cutting out my Internet connection.
Figure 12: Cutting me off, the hard way
As this happened, I was still on the line with the “supervisor”, one of the scammer’s identity, to whom I recounted what had just happened. I’m not sure whether it was the language barrier between I (a French man) and him but he solemnly said: “if the technician says something, it must be right. The technician is always correct”. Shortly after, the line was dead.
Unlike many other people (who turn the tables against the scammers by wasting their time) I had entered this phone call with a nice and open state of mind. I wasn’t going to play tricks on them or make fun of them. I just wanted to see for myself how the scam was conducted and learn more about it.
Having seen my fair share of deceptive marketing practices and software over the years, I can say a personal phone call is probably one of the cruelest tricks to play on an innocent victim. It is far too easy to fool someone by showing them “errors” and label them as extremely severe. With a sales clerk in a computer store one day trying to teach me what viruses were and why I so badly needed to purchase an antivirus, this experience ranks high up there in the “you don’t have a clue who you are talking to” category.
While they may legally be walking a fine line with all their sweet talking and magic passphrases, they crossed that line when they deleted documents on my computer and sabotaged the Internet connection. This is destruction of private property plain and simple. At the end of the day, I haven’t really lost any documents since this was a Virtual Machine and not an actual computer. One thing I lost though, was my faith in mankind, not that there was much of it left anyway.
Since these scammers use all sorts of tricks and fake identities, one of the best ways to ruin their business is simply to make it unworthy by spreading the message around so people don’t fall for these scams. Easier said than done because it is touching on things like human nature, social engineering, fear and scare tactics: basically things that have worked for thousands of years. But even if we can make a dent in their profits, let’s do it!
Feel free to share this page with your Facebook friends:
[box] http://www.paulhardingham.com/windows-r-scam[/box]
I’d love to hear your comments below.
Thanks, and I hope that helps you stay safe.
Paul Hardingham.
Comments
28 responses to “The Windows R Scam – how it works and how to avoid it”
Hi Paul i am glad that you managed to avoid that problem .
I have shared this with my friends and followers on Tsu.
Thanks for the update !
Regards
Zoran
Good. Thanks.
Hi Paul i am glad that you managed to avoid that problem .
I have shared this with my friends and followers on Tsu.
Thanks for the update !
Regards
Zoran
Hi Zoran, thanks for sharing with others. Paul.
Had a couple of them calls myself but last lady reckoned she worked for a company called ‘windows’. Don’t think her English was up to scratch compared to the other callers. Explained I don’t have a windows machine but she could not comprehend how I use a pc without windows. Think further training for the lady is required. Pity they don’t get proper jobs in call centres because some are better than the real deal. Scandalous though how they prey on people and steal money for nothing.
Thanks Shiela. Reading the comments here, it just goes to show the scale of this scam.
Hello Paul… Denis Inskip here!
Many thanks for this very valid Scam Info, which I also fell victim to!
I will definitely share this with my FB Friends.
Regards,
Denis Inskip
Hi Denis, so sorry to hear they took you in. Thanks for sharing, obviously the more people who know, the less chance the scammers have of carrying on this awful practice.
I RECEIVED the same message 2 years ago but it was Western Union that they brought up and when i said no to him he took over my laptop and changed my password to log on. i had to pay to get it fixed. He kept on calling asking me to fill in the form. in the end i stopped answering the phone.
I never answer my phone anymore i let the answer machine do it . even after 2 years they are still trying to get me to answer
Wow. Thanks for letting us know.
I get those call regularly every week.I usually tell them that I work for a computer company and that deems to stop them,if not I just tell them to fo.Simple.
Great. I think in reality it’s best to simply hang up – they will soon get the message. No point in giving them the time of day.
Hello Paul Hardingham,
many thanks for the warning!!!!relaxing and enjoyable evening !!!!
You’re welcome. Thanks for commenting and enjoy your evening – I’m glad to hear it.
hi Paul, tks so much for this eye opening information, you will be right,
these and other will make some bad money with this way……
have a nice weekend Herbert
Hi Herbert, hope it’s of use to you and thanks for reading. Paul.
Hi Paul, so pleased to hear you have brought this scam to large scale attention. I have had this call or variations of it at least 20 times. Eventually I put my number on the do not call register. Depending on my mood I would play along for a while (just to frustrate them) or simply hang up. I think the first time I had them call they said they were from ‘Windows’ and their technical support department. I told them ‘Windows’ was an operating system and not a company name, but they continued anyway. Some of the callers are really very well polished and quite polite. They claim there is no obligation and in one or two instances said they were happy to check my computer on my behalf for problems without charge. Fortunately for me I could tell it was some kind of scam up front and never became a victim, but like you, I wanted to learn more about what they would do. I will share this with my 4000+ fb friends and 27k twitter followers and just hope a good percentage of them learn. Thanks Paul for another informative post.
David, thanks for that. I didn’t realise just how big the scale of the problem is – judging by the numerous comments I’ve had on this post (I didn’t mail that many people) this really is a BIG problem. Thanks for sharing on your FB and Twitter feeds.
Thanks Paul, for sharing this will too pass it to friends
Nice Weekend!|Anne
Thanks. It seems this is a MASSIVE fraud, so thanks if you do share it.
I was called Thursday evening (1/29/2015) when we reached the point of payment they wanted me to send payment by Western Union. I said no and they would not take my American Express Card. They kelp giving me the run around until I told them that I would not sent them any money and to get off my computer. I kept telling them to get off my computer. They told me to “SHUT UP!” Finally I pulled the plug on my computer, however, too late. They had changed my password. So, I restored my computer to original and started over. I lost part of my info.
I ,also, lost my pictures which is the only thing that I cannot replace.
Wow. Again, I didn’t realise the scale of this… I didn’t mail that many people and yet I see so many people saying they have had this happen to them! Thanks Bennie for your openness.
Five red flags of fraudulent scams – The scams and fraudulent schemes that come to consumers, via Email,phone calls and the U.S. Postal Service change all the time. It could be a “Grandparent” scheme, an offer to reduce credit card interest rates, the offer to sell a Timeshare, the opportunity to be a Trade Representative, for a foreign country wanting to do business in the United States, or simply the announcement of winning the lottery or prize. The wise approach is to look for commonalities that are included in these schemes. Then, no matter what the approach or offer coming today, you can identify the “Red flags” that mark it as fraudulent.
Red Flag #1: They contacted you; you did not contact them.
The E-mail, phone call, or mailed letter came out of the clear blue. Always check out issues by checking the phone number and the agency or business making the offer and YOU CALL THEM! Do not call the number they provide in an E-mail or letter.
Red Flag #2: They want the issue or offer to remain secret and confidential.
You are to tell no one the offer, prize, or steps you need to follow for the offer to come to fruition.
Red Flag #3: You must act with urgency and immediacy!
This is, quite frankly, an attempt to get you to act before you think things through carefully. While the adrenaline is flowing from your excitement over a windfall, one which isn’t true, they want you to call or send money.
Red Flag #4: “If it sounds too good to e true, it is too good to be true.”
This was true 50 years ago and it is still true today.
Red Flag #5: You will need to wire money or send money using something like a re-loadable money card.
Money that is wired or sent using a money card is, most likely, heading to a crook overseas. Once sent, it is probably gone forever.
I agree with all your points, the only one I would change slightly (but it makes a big difference) is point #4. I would not say “If it sounds too good to be try, it is too good to be true”. I would reword that as “If it sounds to good to be true, it’s probably is too good to be true”. There are some things that have sounded too good to be true in the past e.g. aircraft flight, the internet, antibiotics etc. We just need to make sure they stand up to scrutiny.
Thanks for sharing!
CommentHi Paul … for better or worse, I never
There viever not use ….
It’s ok if you are contacting someone you know, but agreed, if they are contact you our of the blue – NEVER let them have access to your computer.
Hi Paul.
Your friend stuck his head in the lion’s mouth and nearly got it chopped off. Thank you for the warning.
Moral: Only grant access to your computer to someone you know and trust implicitly.
Wow, that was a close call!