Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!
So imagine this: You are minding your business, and you get a phone call. Someone with a fairly heavy accent tells you that he’s calling from Windows, and they’ve detected that your computer is causing errors on the internet, and he would like to help you resolve this problem.
He actually then walks you through accessing a couple of programs on your system that then shows you that indeed there are a bunch of errors being reported. He has a couple of options for you: Either you can pay a certain amount of money, and they will fix the problem for you, or he will ask you to give him remote access to your machine so that he can fix the problem for you.
If you accept either of these two scenarios, you’ve just been scammed. This is an increasingly effective and popular scam that many, many people are falling for, and that we need to make sure everybody is aware of to avoid. It’s actually referred to as the “Tech Support Scam” although in reality there are several different flavors of how this interaction can actually happen.
I’ll review each one of those and give you some steps you can take to not only determine that you’re about to fall victim to a tech support scam but ways to avoid it, and of course, if you happen to find out that you have fallen for one of these scams, I’ll also talk about the next steps you need to take to make sure that your information, your computer is safe.
One of the first questions people ask, of course, is why do the scammers actually even try this? And the answer as it turns out is incredibly simple. It’s all about money. Now, it doesn’t always show up as money directly out of your pocket, although it often does.
If they ask for your credit card number, well, they have your credit number, and now they can start using or abusing your credit card and making false charges. It’s interesting in that typically that’s not what necessarily happens. What often happens is that they will simply charge you a large amount ($150, $200) to fix a problem that in reality you don’t have.
The other thing that happens, and this happens with increasing frequency is that using remote access to, under the guise of helping you or fixing your machine for you, they will instead install malware. In fact, in the worst case, they could install ransomware which would effectively hold your machine ransom and encrypt all your data and make it inaccessible to you or anybody until you, then, pay them an exorbitant ransom to get it all back.
It’s all about money. It always comes back to money. Be it in the form of malware; be it in the form of ransomware; be it in the form of stealing your credit card information, this is all about money.
But regardless of how the contact happens, I want to be very, very clear about something. These people are criminals. They are lying to you. Your machine does not have errors that they found on the internet, for example.
They are simply trying to pressure you in several different ways to give over the information or the access that will allow them to do the malicious things that they have in mind. They lie. Don’t forget that. Among other things, what that means is that there is no cause for you to try to be, say, polite.
They’re criminals. They don’t deserve your politeness. What they deserve is to be hung up on. What they really deserve is to be jailed, but you can, in fact, hang up on them. There’s nothing wrong with that. So, let’s talk for a minute about the three different ways that this scam takes place and what you need to do for each one.
The first and the most common is what we call the “Unsolicited Phone Call”. You may in fact, have heard of it. It’s the scenario that I started with. You get a phone call from someone you weren’t expecting. They typically have a fairly heavy foreign accent and they’re typically trying to convince you to either give them your credit care number or to give them remote access to your machine, so they can do whatever it is they want to do.
They will claim, up and down, that your machine is causing errors on the internet or something like that. They will claim that they are from an official agency, be it Microsoft or Windows or your ISP. In each one of those cases, all of these things are clues that they are not who they say they are.
Clue number one, they called you. The phone call was unexpected; it was not something you expected to have happen. Companies like Microsoft or your ISP or Yahoo or Gmail, they will not call you. Now, unfortunately, it turns out that some of the scammers have actually woven that fact into the dialogue, into the narrative that they use when they try to scam you.
They will tell you, “Microsoft, no we’re not Microsoft; Microsoft will never call you.” Again, that makes it sound like they’re official because that’s what people like me have been telling everybody. Microsoft will never call you. But then they screw it up. Then they give you another huge clue. One example, I’m from Windows.
You know what, there is no Windows. Windows is a program that runs on your machine. It is not an organization; it is not a group of people; it is not somebody or something that’s going to call you. Windows is software on your machine. They got it wrong; that’s a huge clue.
They’ve also been known to say, “I’m calling from your ISP.” Where they literally say, “Your ISP”. That’s a clue. If they’re calling from your ISP, they will tell you the name of the ISP you use, which actually leads into one of the really interesting effects or interesting clues as to how you know this is a scam. The person at the other end of the phone who just called you, without notice, without warning, doesn’t know anything about you.
They have no idea who you are; they have no idea what computer you have; they have no idea who your ISP is; they don’t know your name, in fact there’s a really good chance they have no idea what phone number they just dialed because that was done some robocalling equipment that just keeps dialing random phone numbers until somebody picks up.
Don’t give them information. Make them give you information to prove that they are who they say they are. They will fail. They do not know you; they do not know who they are talking to; all they are doing is following a script to try and separate you from your money.
Then best thing, the single best thing you can do when you get an unsolicited phone call from some random organization, be it Microsoft or Windows or your ISP or something else? Hang up on them. Seriously. Hang up on them. You do not need to be polite. These are scammers who are trying to take your money.
If you are at all concerned, ask someone you trust for help. Is my computer causing errors on the internet? How do I know that my computer isn’t causing errors on the internet? How do I know that this person that just called me isn’t legitimate? People you trust are the people you should be reaching out to if you ever have a question like this.
Never, ever give out information to random people you don’t know who called you first. So that leads us to the second way that this scam has been happening. As I said, the scam has been very successful in unfortunately, very many ways and the scammers know that we’re starting to figure out that these random, unsolicited phone calls are random, unsolicited scam calls.
So they’ve moved on to other techniques. The second technique we’ll talk about is the “Pop-Up”. What you will suddenly get while you’re visiting some random website is a pop-up on your screen that says, “Your computer is infected with malware. This-and-this is the case. Such-and-such are the results and call this number for help.” Don’t call that number.
Never, ever call the number or make the contact that is suggested by a pop-up message on your screen. Don’t. Chances are, in fact there’s a fairly high chance that message is itself a scam and the number that you call will connect you with the same people I was just talking about who are trying to call you to scam out of your money. If you call them, there’s a very good chance they will say, “We can fix that for you. Let me have remote access to your machine. Give me your credit card number. It will only cost you a $100 or $150. Oh, and by the way, I’m going to do some things on your machine with remote access to make sure this doesn’t happen again.” The same scenario plays out. You’ve been scammed.
What they are really doing is taking your money and potentially leaving your computer with malware. If you get a pop-up like that, and they can look very legitimate, the big telltale is “call this number”. Don’t call this number.
But the point is they will never, ever tell you to contact a specific company or a specific person at a specific number. That number when presented is totally a scam. This error message – lies. The people that you would call – lie. Don’t call that number.
So if you get a pop-up like that what should you do? Close your browser. That’s all you need to do. Chances are that message came from a website you’re visiting. The message itself could be booby-trapped in such a way that all of the normal ways that you might close the message or make it go away, could cause bad things to happen. It could cause malware to get installed on your machine and that includes clicking the cancel button could cause something to be downloaded.
Clicking the little “x” on the window itself could cause something to be downloaded. The safest thing to do is to close the browser you’re using be it Internet Explorer, Firefox, Chrome or whatever. The next safest thing to do? Reboot your machine. Shut your machine down. As long as you don’t interact with that message that’s threatening you or suggesting you call a phone number, that’s the thing to do.
Make sure you don’t interact with that message; the best way to make that message go away is to close the browser or to shut down your machine. After you’ve done that and you’ve got your machine back and running, yep, scan for malware. Run an up-to-date scan. It’s possible in case you did click on something that message had. It would be safest to scan for malware right then and there.
Finally, like I said with the other scenario, if you’re at all uncertain, you reach out to someone you trust and ask them for help. Don’t respond to people that are reaching out to you. You be the one to reach out and ask for help. Ask them is my machine compromised? Is there something going on? Should I be concerned? 99 times out of 100, you don’t need to be concerned. As long as that message goes away, as long as you don’t call the phone number on that message, you’re fine. But, you want to be safe. Run malware scans, ask a friend for help if you’re still uncertain.
The third approach that these scammers have taken to is a really, really interesting one and it actually leverages people’s frustration and admittedly desperation at times when they’re facing a problem with Windows or especially with free email services.
First, understand, Microsoft, for the most part, certainly Hotmail, Outlook.com, Yahoo, Gmail, all of these free email services and free other services, they do not offer live technical support. There is no number to call to actually speak to a person to get real help.
Now, the scammers rely on that because what they do is they then place ads that show up in search results when you search for things like “Hotmail help” or “Windows support” or “Gmail support”. You’ll find that the natural search results, the actual search results provided by the search engine will be presumably, legitimate, actual results for Google support, or Hotmail support or whatever and those will take you to legitimate sites. In other words, Google.com, Microsoft.com, Hotmail.com. Outlook.com, the domains and sites that you know and use every day.
But around those search results will be advertisements. These are advertisements that have been paid for by the scammers. They’re paid to show up when you search for terms like, I’ll just say Hotmail support. So what happens is these ads will suggest that you can call a phone number to get help to talk to a real person. Guess what? That real person is probably a scammer.
That real person is not associated with Hotmail or Microsoft or Yahoo or Google or any of these organizations. That person is probably in an overseas call center trying to come up with ways to take your money. They will run you through much of what I’ve already described. I can help you; give me remote access; give me your credit card number; let me – I can solve this problem for a charge.
It’s all about separating you from your money, and possibly it’s all about installing malware on your machine so that they can do more. So the short answer is don’t do that. Remember, in a case like this, even though these are advertisements showing up on a search results page, these are scammers; these are criminals; they lie.
They’re all about separating you from your money. So what should you do? How do you avoid this problem? Well, for one thing, searching for something like Hotmail support, or Outlook support or Windows support is not particularly productive. You’re not going to find out something that you don’t already know. And what is it you already know? If you want support for Windows, you go to Microsoft.com. If you want support for Outlook.com, you go to Outlook.com. If you want support for Yahoo Mail, you go to Yahoo.com.
It’s very simple; no search is required. Now, if you find that you do feel the need to search for help, please understand that there are ads on the search results page and understand how to distinguish those ads from the real search results. The real search results are where you should be paying your attention. The ads especially in situations like this can be particularly distracting and particularly misleading making promises that simply can’t be met.
Regardless how the engagement happens, be it with an unsolicited phone call to you, be it with a pop-up that requests you call a specific number or be it via an advertisement shown in the search results, don’t engage. Just don’t engage these people; don’t call them; don’t engage them on the phone; hang up on them if they call you. It’s really that simple. If you need help, if you find yourself in a situation where you truly have issues with your computer, ask someone you already trust. Even if they then give you a recommendation for someone to call or someone to trust in their stead, that’s fantastic; that’s information; that’s data from a trusted source.
But when you reach out to people that you’ve never heard of before or worse, when people you’ve never heard of before reach out to you, that’s a bad sign. That’s a scenario where you’re very likely to get taken and to have your money taken from you. So, what if it’s too late? What if one of these scenarios or something like it happened to you?
What if you answered the phone; you followed their instructions; you saw all these bogus error messages on your computer; you let them have remote access; you gave them a credit card number. What do you do? Well, it’s actually fairly simple. Step 1, call your credit card company. Make sure that they understand exactly what’s happened. You won’t be the first because this is happening to a lot of people; they will know what to do.
Second, scan your machine for malware. There’s no way to know what they did while they were connected remotely. There isn’t. They could have done quite literally anything. Scan your machine for malware. Make sure you’ve got recent backups always, but at this point, after the fact, what you really want to do is make sure that you are performing extra, complete, full scans on your machine to make sure that they didn’t leave something behind that they weren’t supposed to.
And of course, if your uncertain, shut down your computer, and get help from a trusted source be it a friend, a neighbor, the local techie, a computer users’ group, a seniors’ group, a library, there are lots of different resources out there that can help you understand whether or not you really are at risk for whatever’s happened to your machine or if there’s nothing to by worried about at all.
Finally, if you discover that you have been scammed or even that someone made the attempt to scam you, I do recommend that you report it to your local authorities, to the appropriate authorities. In the United States, the FBI has resources specifically for this particular scenario; the so-called “Tech Support Scam” is very high on their radar. They are using these reports to actually go out and shut down a lot of the people and groups that are doing this. Just this week, before I’m recording this, there’s a report that the FBI along with their counterparts in India actually stopped a similar scam that was actually calling people, cold-calling people much like the Tech Support Scam, and threatening with government tax related issues.
It was all a scam but because of reports, because of the work they were able to do, they were able to actually locate these people and put a stop to this particular network of scammers. That same thing is possible but it does require that we who have been scammed, report the scams; don’t be embarrassed by it.
Like I said, many, many people are falling for this scam, and it’s not something to be embarrassed about. What it is something to do is get educated; understand how this scam happens; learn to identify it and then if you are scammed, or if you know of someone has been scammed, take the extra time, the extra steps to report the scam to the appropriate authorities, so that we stand a better chance of putting these scammers back in their place.
I normally hesitate to ask people to share my videos because I figure the videos themselves will either be share worthy or not, it’s really up to you. In this case, this issue is so incredibly important I am going to take that extra step of asking you to share this video or the page on which this video is hosted with people that you know who, let’s just say, might be vulnerable to this kind of issue or people who have been scammed or groups that may be interested in learning more about this issue. It’s an important one. Millions of dollars are being lost just because people are not aware of this particular scam and how this particular scam happens.
As always, I’d love to hear what you think. Let me know what you think about the approaches, about the solutions, if you’ve had an experience with a tech support scam, leave a comment down below on askleo.com. Here’s the link to see this article on askleo.com. This is where all the comments are moderated and all the comments are read. I’d love to hear what you think. I hope that you haven’t been scammed. I hope that this prevents you from falling for a scammer in the future but in the meantime, as always, have fun, stay safe and don’t forget to back up. I’ll see you again soon.
Was that video interesting? Helpful even? Well then, I could use your help. I’ve got a Patreon project under way. You’ve got an opportunity to contribute and help support askleo.com, to help me do what I do. Help more people, answer more questions, produce more information about technology that hopefully can help you and others use it more effectively and with more confidence. Visit Patreon.com to learn more. Among other things, you get rewards depending on the level of your patronage so check out Patreon.com/askleo to learn more and help contribute to askleo.com. Thanks.