The Anatomy of Tech-Support Scams

The Anatomy of Tech-Support Scams

The Anatomy of Tech-Support ScamsThe Anatomy of Tech-Support Scams

A cyber-security expert details the anatomy of tech support scams and provides suggestions for how to avoid them—and what to do if scammed.

The HooksThe Hooks

Fake tech support scammers use mainly two methods that do not resemble ransomware to entice users to call them: Web browser pop-ups and disruptive applications.

Browser Pop-UpsBrowser Pop-Ups

Browser pop-ups are the most common hooks because they are easy to deploy. Many surface when a user mistypes the name of a Website. The user may close the pop-up, but it is scripted to re-open.

Browser Pop-ups SolutionBrowser Pop-ups Solution

To get rid of a scam browser pop-up, open the task manager (using Ctrl+alt delete, or typing taskmgr) and close the browser.


Programs are harder for scammers to deploy because they must be downloaded and executed, but they are harder to close because some try to disable the task manager and block input.

Small Pop-up Programs SolutionSmall Pop-up Programs Solution

For small pop-up windows, open the task manager and find the offending program, which usually stands out. To remove full-screen windows, retrieve the password by calling the scam phone number. Restarting may get rid of the full-screen pop-up, but some install themselves to start up, so boot into safe mode and remove the program.

The DiagnosisThe Diagnosis

When you call a scam number, scammers: Ask what the error is on your screen, Describe one of several problems your computer allegedly has, Give you a password to close the full-screen window, if one exists.

The Diagnosis ContinuedThe Diagnosis Continued

Next they ask you to download and install Teamviewer, an app for remote control/access software, and give them the connection information. (Teamviewer has added a pop-up warning to users about scams.) They instruct you to allow the connection and may switch to another remote support application.

Showing ‘Viruses’Showing ‘Viruses’

The scammer will use one of several different windows to show viruses or other issues. An easy method is to open Windows Event Viewer and show critical events, like unexpected power loss or task scheduler issues, but they will not alert you to malware.

The ‘Fix’: Claiming Windows Is Not ActivatedThe ‘Fix’: Claiming Windows Is Not Activated

Windows 7’s Support Ended in January 2015. Scammers use a sham demonstration to scare users into needlessly purchasing a new, fake Windows key.

The ‘Fix’: Removing VirusesThe ‘Fix’: Removing Viruses

Scammers offer free antivirus software, or install it using an illegal key. Sometimes they try to add legitimacy and magic with command prompt windows and scrolling text. These fake windows are very low effort and typically consist of contents on the hard drive. Window listing files hog hard drive time and substantially slow program installation.


Most scammers require payment before the “repair.” Those that offer repair first and pay later threaten to “take legal action” if the caller does not pay. Some scams use the reputable to collect payments.

Holding HostageHolding Hostage

If the scammers “repair” your computer before demanding payment, they password-protect the Teamviewer settings, to keep control of your computer, so you will not be able to easily disable it from running during startup. SOLUTION: disconnect the computer from the Internet and uninstall Teamviewer. If that doesn’t work, disable the Teamviewer service and end its processes. Afterwards, uninstall Teamviewer.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles