The Anatomy of Tech-Support Scams
A cyber-security expert details the anatomy of tech support scams and provides suggestions for how to avoid them—and what to do if scammed.
Fake tech support scammers use mainly two methods that do not resemble ransomware to entice users to call them: Web browser pop-ups and disruptive applications.
Browser pop-ups are the most common hooks because they are easy to deploy. Many surface when a user mistypes the name of a Website. The user may close the pop-up, but it is scripted to re-open.
To get rid of a scam browser pop-up, open the task manager (using Ctrl+alt delete, or typing taskmgr) and close the browser.
Programs are harder for scammers to deploy because they must be downloaded and executed, but they are harder to close because some try to disable the task manager and block input.
For small pop-up windows, open the task manager and find the offending program, which usually stands out. To remove full-screen windows, retrieve the password by calling the scam phone number. Restarting may get rid of the full-screen pop-up, but some install themselves to start up, so boot into safe mode and remove the program.
When you call a scam number, scammers: Ask what the error is on your screen, Describe one of several problems your computer allegedly has, Give you a password to close the full-screen window, if one exists.
Next they ask you to download and install Teamviewer, an app for remote control/access software, and give them the connection information. (Teamviewer has added a pop-up warning to users about scams.) They instruct you to allow the connection and may switch to another remote support application.
The scammer will use one of several different windows to show viruses or other issues. An easy method is to open Windows Event Viewer and show critical events, like unexpected power loss or task scheduler issues, but they will not alert you to malware.
Windows 7’s Support Ended in January 2015. Scammers use a sham demonstration to scare users into needlessly purchasing a new, fake Windows key.
Scammers offer free antivirus software, or install it using an illegal key. Sometimes they try to add legitimacy and magic with command prompt windows and scrolling text. These fake windows are very low effort and typically consist of contents on the hard drive. Window listing files hog hard drive time and substantially slow program installation.
Most scammers require payment before the “repair.” Those that offer repair first and pay later threaten to “take legal action” if the caller does not pay. Some scams use the reputable squareup.com to collect payments.
If the scammers “repair” your computer before demanding payment, they password-protect the Teamviewer settings, to keep control of your computer, so you will not be able to easily disable it from running during startup. SOLUTION: disconnect the computer from the Internet and uninstall Teamviewer. If that doesn’t work, disable the Teamviewer service and end its processes. Afterwards, uninstall Teamviewer.