scamIf you’ve received a phone call from “Windows Tech Support” then you are now a “mark”;  the term used by scammers to describe a potential victim.  Their nefarious goal is to download spyware onto your computer and/or charging you for their assistance while they are remotely connected (or, worse still, both).  It’s one of the biggest scams on the web.  It started in 2008 and continues to this day, which means the scam still works.  When they succeed, the benefits are big;  using malware on PCs they have total control of your computer and any valuable information on it.

It can either begin by a cold call (usually from an anonymous phone number) or it could begin with an unsuspecting user searching for commercial technical support via a popular search engine such as Bing or Google.  We received one such call just yesterday, so these scammers are still active.  According to a survey done by Microsoft, 16% of their product users have received such phone calls.  They will refer to other computers as well, such as Apple, Samsung and Google but Windows dominance makes it an easier for the scammers.

Remote desktop software is used to connect to the victim’s computer, and the scammer then uses a variety of confidence tricks that employ various Windows components and utilities (such as the Event Viewer), third-party utilities (such as rogue security software), and reference sites like Wikipedia or summaries written by security companies to make you believe that the computer has issues that need to be fixed, before proceeding for the victim to pay for “support”.  These scams usually target users, such as seniors, who are unfamiliar with the tools used in the process, especially when initiated by cold calls.  If you want to listen to one of the pitches used by these scammers, check out this recording.

If You Receive A Call

You may be one of those really sharp people who is reading this post while also talking to one of these scammers.  Congrats — you are a Web Warrior.   At this point, just hang up and, if you feel so inclined, give them a piece of your mind about their slimy countenance.   If you aren’t sure, then ask for their phone number and say you’ll call back.  They won’t give it to you.  If they give you a phone number make sure it is the same as the one listed on your ISP’s website or your bill, not one that the caller gave you.  Also, don’t be fooled by the caller ID you see on your phone, because scammers can easily spoof company names like “Comcast” or “Microsoft” in their outgoing calls. Don’t be impressed, or scared, by the fact that the caller has your real name, address and phone number. Such information used to be in the phone book; now it’s publicly available online.

In 2013, the FTC settled with three of the alleged scammers — in one instance, imposing a $964,000 judgment, in another just $14,000 — but its investigations, accusations and penalties have done little to stem the tide of calls.

If You Got Fooled by Them

We’re glad that you’ve decided to follow-up and determine whether you’ve been scammed.   The FTC does offer a way to report telephone-based scams, including computer support fraud, on its website. While the FTC does not pursue individual cases, it said it uses these reports to “help us and our law enforcement partners detect patterns of fraud and abuse.”

It’s also time for drastic action on your computer. First, download and install legitimate antivirus software; we recommend that you pay for it, but some of the free stuff is almost as good. Then, run a scan. While the software is installing, change the passwords on the user accounts on your PC. You don’t have passwords on the user accounts? You should, and you should also create a separate administrative account that alone has the power to install, modify or delete software.

If you gave the scammer your credit card number, then you really need to act fast. Call your credit card provider and ask to reverse the charges.  And then check your statements for any other charges you didn’t make, and ask to reverse those, too. You should also contact one of the three credit-reporting agencies — Equifax, Experian or TransUnion — and ask it to place a free 90-day credit alert on your file.  The agency you contact will alert the others. You’ll be notified if someone tries to open an account in your name.

Computers do develop problems and do get infected by malware. But remember that if either happens, it’s up to you to call tech support or to install antivirus software.  Tech support will never call you first.