Tech support scams persist with increasingly crafty techniques


Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used by both Microsoft Edge and Internet Explorer to block malicious sites) and Windows Defender Antivirus show that some three million users are subjected to these threats every month.

In addition to being rampant, technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims.

Given the sheer volume of tech support scams and the pace at which they evolve, here at Microsoft we take a holistic approach to this problem. We monitor the threat landscape for patterns and variations in threat behavior. Using intelligence from sensors, we employ machine learning models to deliver cloud-based protection against the latest tech support scams, whether they take the form of web pages with malicious scripts or Trojans that run on computers.

In 2016, the threat of support scam was most felt in the United States, which saw 58% of encounters. United Kingdom, Canada, and Australia follow, with 13%, 11%, and 8% of encounters, respectively. Notably, significant encounters were also registered in France and Spain, where we saw localized technical support scam attacks.

tech-support-scam-countries

Figure 1. Top counties that saw the most number of tech support scam encounters in 2016

(Note: This blog post is the third in the 2016 threat landscape review series. It follows the review of exploit kits and ransomware. The series looks at how major areas in the threat landscape transformed over the past year.)

The evolution of technical support scam malware

Technical support scams are built on the deception that your computer is somehow broken, and you need to contact technical support to fix it. You may then be asked to pay for support. In some cases, the tech support agent may ask you to install other software or malware disguised as support tools on your computer, bringing in more threats that can cause even more damage.

You may come across these threats while browsing dubious websites, most notably those that host illegal copies of media and software, crack applications, or malware. Links or ads on these sites may lead you to tech support scam websites, which display pages that are designed to look like error messages and serve pop-up messages indicating fictitious errors. Some tech support scam threats take the form of executable programs like other malware.

Although tech support scams have been around for many years, in 2016 we saw the threat evolve by  integrating more scare tactics. At the beginning of the year, the landscape was dominated by threat families with simple techniques and social engineering lures. However, more evolved threat families have since taken over.

tech-support-scam-malware-families

Figure 2. Top support scam families based on encounters in 2016

FakeCall and FakeBSOD: The early types that used one pop-up window and simple messages

Tech support scams are known for their use of pop-up windows to advance their pretense. While most of the scams today abuse pop-up windows to the point of locking the browser, the earlier types relied on just pop-up windows and effective social engineering lures.

FakeCall is a family of malicious scripts hosted in tech support scam sites. It may use messages about virus infection or suspicious activities on your computer. The first sign you have been led to a FakeCall tech support scam site is a pop-up message that tries to create an impression that it’s a system pop-up and usually describes a fake problem and contains instruction to contact fake technical support.

tech-support-scam-fakecall-pop-up

Figure 3. A sample pop-up message from FakeCall

If you click OK, the website loads a page giving more details about the supposed problem, and more instructions to call the technical support number. It may spoof security products and list malware that have purportedly been found on your computer. The goal is to convince you to call the support number.

tech-support-scam-fakecall-webpage

Figure 4. Sample FakeCall support scam website, which asks potential victims to call 8554003930

On the other hand, FakeBSOD is a very similar threat but instead pretends to be a system error, like Blue Screen of Death (BSOD), where it got its name.

tech-support-scam-fakebsod

Figure 5. Sample FakeBSOD site that pretends to look like system errors, such as BSOD, and asks to call 18443307888

FakeBSOD sites usually force the browser to go on full-screen mode to simulate the BSOD experience. Just like FakeCall, it also has a pop-up message detailing the fake problem and a number to call fake technical support.

Both FakeCall and FakeBSOD heavily rely on social engineering lures to get you to take action, and don’t have much in terms of technical complexity. Simply closing the browser will work in most cases.

TechBrolo: Support scam malware on steroids

TechBrolo takes on characteristics of both FakeCall and FakeBSOD, but integrates technical enhancements that not only makes the pretense more believable but can also adversely affect your overall computing experience.

For instance, TechBrolo employs the dialogue loop technique. When you visit the TechBrolo site, you get a pop-up message that won’t go away, no matter how many times you click OK. This method effectively locks your browser; you must manually terminate the process via Task Manager in order to close your browser.

tech-support-scam-techbrolo-1

Figure 6. Sample TechBrolo site with dialogue loop and fake support number 18662190211; some tech support scam sites use other phone numbers like 8774747124, 1846514111, 11800941045, 18448096665, 18882414464, 18442413997, 448000903858, 18447672832, 8008021491, 18442839572, 8000465712, 0345404950, 0345791995, 0345404951, 34932200207, 33186265239, 34932200211, 34932200207, 5541708902, 18442090189, 18442432457, 18886054764

Most variants of TechBrolo also play an audio describing the problem, adding a sense of urgency. For example, one recent variant mimics Windows Defender Antivirus, and when the website loads, it plays an audio with the following message:

“Critical alert from Microsoft. Your computer has alerted us that it is infected with a virus and spyware. This virus is sending your credit card details, Facebook login, and personal emails to hackers remotely. Please call us immediately at the toll-free number listed, so that our support engineers can walk you through the removal process over the phone. If you close this page before calling us, we will be forced to disable your computer to prevent further damage to our network. Error #268D3.”  It is important to note that Windows Defender Antivirus does not act this way.

tech-support-scam-techbrolo

Figure 7. Sample TechBrolo site that spoofs Windows Defender Antivirus, plays an audio message, and uses fake support number 0754059588; some tech support scam sites use other phone numbers like 1800874943, 0481681015, 1800954279, 08000465706, 33186265253, 0186265264, 18772114524, 18448161643, 78481267, 1800875382, 1800958212, 1800958217, 08000465254, 08000465706, 08000465024, 8552061675, 8552490763, 33186265266, 611800941045

Recently, we also spotted a TechBrolo variant that uses website elements to spoof the Microsoft support site and fake the pop-up dialogue box. It does this by loading a page that looks like a browser and then going to full screen. If you are not too paying attention, you might think Microsoft is giving you a warning. Microsoft does not deliver warning messages like this via the browser.

tech-support-scam-escape-from-fullscreen-1

Figure 8. One TechBrolo site uses website elements to achieve a browser in a browser effect and asks target victims to call 18443137003

Non-English support scam websites

Consistent with our findings that some of the countries most affected by tech support scam are non-English speaking countries (see Figure 1), we have seen some localized tech support scam malware.

These sites employ a combination of the techniques discussed in this blog, only presented in non-English websites, images, or pop-up messages.

tech-support-scam-french

Figure 9. French tech support scam website that uses fake support number 0186264266

tech-support-scam-spanish

Figure 10. Spanish tech support scam website that uses fake support number 900839260

tech-support-scam-german

Figure 11. German tech support scam website that uses fake support number 08001838114

tech-support-scam-techbrolo-japanese

Figure 12. Japanese tech support scam website that uses fake support number 0345789419

Cusax, Hicurdismos, and Monitnev: Support scam Trojans

Apart from scripts hosted on websites, we have also seen tech support scam malware in the form of executable files. They may be installed on your computer by other malware or downloaded from drive-by sites.

These malware have the same goal as their script counterparts: to get you to call the technical support number. However, the difference is that their malicious behaviors are not limited to the browser.

For instance, Cusax is a tech support scam malware that makes system changes, including registry modifications that ensure it runs every time your computer starts. It then forces a reboot, further reinforcing the scam that there is a problem with your computer.

As soon as your computer boots, it opens a window that asks for your Windows activation key as well as the technical support number.

tech-support-scam-cusax

Figure 13. Cusax uses the lure that you need to enter your activation key and asks to call the number 18772563313

Hicurdismos, on the other hand, displays an image that looks like the BSOD. However, this fake BSOD screen has instructions to call a technical support number, something that the real error doesn’t have.

In order to further its pretense, Hicurdismos hides the mouse cursor, disables Task Manager, and makes sure the fake BSOD image occupies the entire screen and is always on top of other windows.

tech-support-scam-hicurdismos

Figure 14. The fake BSOD screen displayed by Hicurdismos contains the number 18004184202

More recently, Monitnev was discovered to monitor event logs. It then displays fake error notifications every time an application crashes. This can appear more convincing because the pop-up messages are timed with legitimate computing behavior.

Cusax, Hicurdismos, Monitnev and other tech support scam malware can be more complex than scripts. Because they make system changes, they can inflict more damage and can be trickier to remove. However, we’re seeing significantly fewer of these types of tech support scam threats because they are more difficult to distribute than their script counterparts. Despite that, they pose threats that you need protection from.

Protection against tech support scams

Tech support scams take different forms and are known to take on more characteristics over time. Get the protection against the latest tech support scams by upgrading to Windows 10. The Windows 10 Creators Update brings in additional security features and will start rolling out on April 11, 2017. Keeping your computers up-to-date gives you the benefits of the latest features and proactive mitigation from Microsoft.

A majority of these threats, like TechBrolo, FakeCall, and FakeBSOD, are scripts hosted on websites where you are led to by malicious ads on dubious sites. To avoid tech support scam websites, use Microsoft Edge. Enable Windows Defender SmartScreen (also used by Internet Explorer) to block known malicious websites, such as tech support scam websites.

tech-support-scam-microsoft-edge-blocked-twitter

Figure 15. Microsoft Smart Screen blocks techs support scam websites

In addition, Microsoft Edge provides a way to close dialogue loops, which are used by support scam sites to keep on delivering pop-ups even after you close them. At the bottom of pop-up dialogue messages, you have an option to tick the checkbox Don’t let this page create more messages, which will stop the recurring messages.

tech-support-scammicrosoft-edge-protection-against-dialogue-loops

Figure 16. Dialogue loop protection for Microsoft Edge

Enable Windows Defender Antivirus to remove tech support scam Trojans, such as Cusax and Hicurdismos. Windows Defender AV uses cloud-based protection, which helps make sure you are protected from the latest threats.

Tech support scams employ varying social engineering techniques to get you to call the support hotline. Do not call the number in pop-up messages. Microsoft’s error and warning messages never include a phone number.

Some scammers can also contact you directly and claim to be from Microsoft. Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you. Reach out directly to one of our technical support experts at the Microsoft Answer Desk.

For more help, read our page on avoiding technical support scams.

 

Jonathan San Jose, Alden Pornasdoro, Francis Tan Seng
Microsoft Malware Protection Center

 

Note: We have seen the following tech support scam numbers used by scammers. Don’t call or accept calls from these numbers:

0108080698 01183151070 01303610076 01408996 01473378290 01732608058
0176340540 0176340542 0176340548 0182742750 0182888929 0182888930
0184888910 0186262291 0186264761 01993460018 02038682233 02080683410
02081336658 0283109124 0345208161 0345208162 0345782792 0345782795
0345783352 0345783354 0345795849 0345809710 0345894826 0345895026
0345902887 0345902890 0383758479 0383758479 0383758531 0383758532
0694800911 08000465059 08000465727 08000698770 08000698789 08000903238
08000903255 08001811492 08001812377 08001838200 08007245979 0800900047
0805080990 08920190018 0900809423 0911239217 0970736306 0970736345
0970736392 0974591021 0975183178 0975183201 1300596398 18000465706
18002506575 18002538598 18002657653 18003115967 18003801734 18003819788
1800431368 18004396096 18004655495 1800510942 18005306044 18006159085
18006251264 18006360912 18006427306 18006460717 18006853405 18006964076
18007291951 18008131316 18008382529 18009179832 18009464593 1800952984
1800953454 1800954266 1800954357 1800954357 1800954399 1800985028
18009869304 1810292797 18147531577 18442199266 18442607865 18442607876
18442646777 18442667171 18442848623 18442853671 18442871052 18443066131
18443073760 18443077026 18443119589 18443132246 18443137003 18443246235
18443247430 18443263137 18443635005 18443786777 18443786888 18443927021
18443961042 18444100800 18444100806 1844410800 1844410806 18444215044
18444709938 18444772743 18444858148 18444887669 18444990899 18445369249
18445458489 18445542335 18445562898 18445698803 18445851394 18445940202
18445983874 18446088791 18446099930 18446219192 18446379743 18446498047
18446518892 18446538666 18446666856 18446702132 18446884954 18446998351
18447000139 1844700139 18447105111 18447105139 18447178810 18447201023
18447335424 18447383990 18447446789 18447586854 18447604122 18447605091
18447678232 18447789178 18447795008 18447797006 18447833990 18447844666
18447884216 18447911319 18447935488 18447959588 18447959598 18447983802
18448006834 18448028730 18448042259 18448135760 18448160232 1844816232
18448196285 18448289509 18448293685 18448295569 18448315020 18448315994
18448316841 18448413648 18448503475 18448505910 18448541116 18448559343
18448585267 18448698466 18448808540 18448906983 18448908951 18448911033
18448948333 18448950393 1844895393 18552319571 18552468689 18553716333
18553721444 18553722604 18555242270 18555348622 18555503155 18555518444
18556200666 18556898237 18558418777 18558619885 18559374376 18582514120
18662051372 18662092510 18662172113 18662175161 18662178634 18662179719
18662497329 18662782125 18662799569 18662967071 18663124799 18663151003
18663391004 18663515988 18663917379 18666441214 18666581167 18666833337
18666858514 18666867503 18666867503 18667523090 18667533090 18668906653
18772191968 18772193552 18772199556 18772200186 18772201993 18772202054
18772203180 18772206582 18772207397 18772208475 18772208783 18772220860
1877222860 18772270753 18772494133 18772550763 18772642122 18772827003
18773738371 18773829050 18774087275 18775065563 18776402516 18777344250
18777969406 18778185969 18779104314 18882023116 18882208498 18882261622
1888229163 18882343690 18882557636 18882615610 18882755751 18882856970
18882861011 18883015539 18883042555 18883083996 18883095186 18883097042
18883105669 18883238692 18883311603 18883562829 18883604508 18883692088
18883710333 18883805442 18883912444 18883934297 18884137734 18884156951
1888416286 18884311942 18884437281 18884547025 18884656139 18884730011
18884844930 18884958037 18885121929 18885151777 1888516490 18885230696
18885267488 18885604999 18885608943 18885681666 18885691655 18885716880
18886161599 18886356193 18886492014 18886914986 18887243052 18887446599
18887580653 18888072627 18888245331 18888415580 18888447006 18888508578
18888556855 18888908148 18889939979 18889951799 31852086013 3225888838
327196261 3278481033 3375182326 33970735408 33970735408 33970736084
33970736084 33975181600 33975181600 33975182324 33975182326 33975182326
33977557605 3397755765 34932200211 3493220211 4161588867 442032907722
448000465053 448000465053 448000465054 448000465054 44800046553 448000465706
44800465229 44800465706 448006520137 448006524222 448006891673 4589874225
4723965406 498007236206 5541708902 611800431351 611800431352 611800431356
611800431364 611800431365 611800431369 611800431370 611800431370 611800628619
611800780684 611800875389 611800875443 611800941045 611800954289 61180875272
6531637677 6531638569 8000463255 8000885197 8000903238 8000903255
8003618241 8003688157 8004975972 8006964076 8008131316 805080990
8443242962 8444315897 8444315897 8445261405 8552280920 8554046983
8554442788 8556898237 8556996155 8557404835 8558280725 8558802625
8662118374 8662492994 8662795039 8662967071 8663502508 8663839914
8665294576 8665378515 8667117695 8667843641 8668844602 8772490394
8773214359 8773679212 8775279416 8775934297 8882043985 8882198266
8882250777 8882331123 8882447420 8882521520 8882751718 8883048120
8883385128 8883599305 8884061484 8884400654 8884724829 8884734931
8884739840 8885314363 8885685748 8885761517 8885780463 8885873647
8885952212 8886170437 8886176592 8886487844 8886942304 8887415358
8887762580 8888581973 8888582040 8888708049 8889615690 900809423
900838110 911239217 975183201 18002816897 18888145203 8882143542
0858883326 0383758532 0383758531 0383758479 0345795825 8556996156
8554845936 8553341897 18448908837 0345789419 6531631471 1800741658
18552053429 18005867035 8557314577 0974790278 0970736437 18888694393
0768889314 0974790277 413680050 0345894823 08000903247 1 844 6632459
18052038843 18442871056 1844314758 1844372887 18444331244 1844450735
18446104969 18446515157 18447392013 18447584880 18447618172 18447748432
1855245888 18662454827 18663151620 18772195956 18772208628 18883085073
18885145106 1888621834 33977559753 8446632459 8552414822 8552481497
8553644107 8558827403 8775781951 8888039412 0108080698 015136657
0186260180 0186264764 02035149444 0280172666 08000148165 08081644743
18004452620 18444215040 18444896111 1844505786 18446164636 18446632459
18446657222 18447265418 18448078358 18553251775 18557226773 18663333971
18668699348 18772196703 18772205769 18776262710 18884411595 18888182853
33977557923 44800689753 611800431255 8552897530 8553511670 8554846018
8556898196 8663916238 8666794832 8773879795 8777658184 8884108118
0186264269 03457908399 038080505 0406688972 0413680084 08000465277
08000903255 08007234924 0800900047 0800910990 0815880324 18442004074
1844450732 18662145075 18662171114 18664394500 18882054245 18884203996
18884411595 1888593106 18886408577 4578746859 8000465706 8000885197
8000903238 8552282379 8552581446 8552977575 8553587284 8553692331
8554057095 8662513564 8664911929 8665294573 8665531955 8772234910
8773873582 8887229670 8665176557 358753251124 18772198737 8668563548
8662099923 18448617768 8554458994 1800431368 18447793057 08007243871
18886395599 8665282581 8552941129 0186264768 18772196702 1844830777
34932200211 01-76-39-05-48 055-0621-407 0694-808-798 085-208-6012 085-888-3451
1-800-318-4284 1-800-625-1446 1-800-942-1460 1-844-438-289 1-844-446-245 1-844-646-761
1-844-647-2674 1-844-869-7593 1-844-874-3456 1-844-883-9715 1-866-207-1988 1-866-439-4500
1-877-219-5060 1-877-837-9791 1-877-939-3009 1-888-243-9401 1-888-559-4076 1-888-565-3185
1-888-589-7758 32-92-98-10-28 41-61-588-8-94 800-090-3211 855-228-2129 855-252-1791
855-292-3959 855-324-5898 855-332-6165 855-358-6330 855-454-5006 855-692-5017
855-883-8575 866-203-0332 866-245-2927 866-258-2061 866-315-0847 866-350-2509
866-423-9927 866-570-7665 866-664-7153 866-674-4534 866-799-3813 866-799-3818
866-876-0572 888-217-5108 888-242-1512

 

 

 

 

Comments (56)

  1. Carolyn Britton says:

    I think my Windows 10 account has been hijacked. What do I do?

    1. ric says:

      talk to an IT specialist you trust in person

      1. Jack says:

        Same **** happen to me
        Bethany scammed me for $499 & asking for more like begging…

        Beware their number is – 1 844 864 9028.. Located in California & Asian countries…..***

  2. Dawn Iler says:

    1-844-806-4300
    Is a number that called my home. If called back it is a non working number. please check it for the fake calls. I have had one before. “Paul” from windows who said my pc was sending info that it was infected. It certainly was and I lost that computer. I personally have thought it was you as I had emailed the disability desk the day before the call with a complaint/question. I felt forced to upgrade when I couldn’t afford it nor did I want to. I was forced into a new/used pc and I thought I needed to upgrade even though I was very happy with the OS I was running. But you blocked my internet and email. I did have virus protection running but was hacked. everything was hacked, email, printer all files, Everything. I did find it on my pc and right now I don’t recall what I read in it that kinda confirmed my suspicions of it being Microsoft. I can get you the photos of what I found if you want? If I voiced my thoughts about not wanting to change or purchase a new pc something would go wrong with my pc. Almost immediately. Coincident’s do happen I suppose. And another thing, why don’t spell checker give me the correct spelling of coincident?S If it is misspelled already how am I to know which of your suggestions is right when it gives three or more spellings? The plural option was not offered just now.
    Back to Win 10, I hate it. Switching was the worst mistake in my entire life. I can not hi lite and print the hi lited part, I can’t blow up or shrink things to the size I want. I find 10 to be irritating and prevents me from doing things I used to be able to do. I LOST YEARS & YEARS OF EMAILS! IMPORTANT SAVED EMAILS THAT WERE JUST GONE. POOF GONE. I STILL NEED SOME OF THOSE EMAILS. INFO I CAN’T FIND IS IN THEM…. OK I AM DONE

  3. adwbust says:

    Hey MMPC.

    I think Office 2010 Pro Plus is broken on Win10 Pro 1703.
    I set Word to Autorecover every 10 mins and to keep last autosave when file isnt saved.
    Theres no asd file being saved! There are folders named like the files’ names but theyre empty!
    The files being worked on are on a usb storage.
    I have Officetab free edition 9.51 addin.

    All was well with Win10 version 1607 since there are asd files in Recycle bin; asd files are created and they were moved to Recycle bin after 4 (?) days I think.

  4. adwbust says:

    Pls help MMPC. Pls tell the team responsible that Win10 version 1703 update broke Autorecover of Office 2010 Pro Plus x86. I have Win10 Pro x64.

  5. adwbust says:

    Settings, Acer care center and Edge crash after upgrade from 1607 to 1703.

    1703 broke Autorecover of Office 2010. No Asd files are created.

    On one laptop, WD security center always shows 0 files scanned.

    Health report doesnt work on one laptop and sometimes works on another.

    Onedrive pops up when you go to Word 2010 > File > Recents > Recover unsaved.

    File explorer icon pinned in taskbar looks active when you get Low battey pop up (< 10%). Left clicking icon wont open file explorer.

    Bluetooth on one laptop doesnt work since 1607. Probably drivers. But no new drivers available.

    After upgrade to 1703, wallpaper changed to default!

    Check box for "Send info to MS on how I type and write" removed in 1703. Full diagnostic should have tree view so we can uncheck items like typing/writing! MS did this so we have no full choice and control over what's sent!

    But of course 1703 brought positives too. Windows store check for updates, download updates and install updates are more faster and smoother. Same with Windows updates. Perhaps since not much on 1703 yet?

    Please relay to team(s) responsible.

  6. adwbust says:

    WD security center lacks Quarantine, Allowed and Detection present in WD on 1607!

    Will WD on 1703 have ATP for Win10 Home/Pro and PUA detections?

  7. adwbust says:

    I’m disappointed you just remotely turned off MSE (non-functional) on Vista on April 12. You couldve have just continued providing engine/signature updates until support for version 4 branch is discontinued.

    Oh well, I just switched to another AV. Life continues.

  8. adwbust says:

    Let apps run in background enabled. WD security center enabled. Why isnt WD updating on its own when wifi is set as metered then? Background apps keep themselves up to date right?

    April 12 Patch day for Win10 version 1703 still didnt fix broken Autorecover of Office 2010 (tested Word)! Word doesnt create Asd files as intented! Set it to autorecover every 1 min but no Asd files!

    1. msft-mmpc says:

      @adwbust — Thank you so much for providing valuable feedback. We have forwarded your concerns to the right channels.

      For future feedback about any Microsoft product or service, please consider using the Feedback Hub.

      https://www.microsoft.com/en-us/store/p/feedback-hub/9nblggh4r32n

      Using the hub helps ensure that your concerns are forwarded to the correct teams and are tracked properly.

      1. adwbust says:

        Thank you! If I log in on Feedback hub using my MS account, will I be auto logged in to (1) Settings > Accounts and (2) Windows apps on PC? I will report on Feedback hub if log in will only work in-app not OS-wide. I dont want stuff on PC synced to my account and vice-versa.

        I tried on Office 2016 and Word still creates Asd files. Probably an Office 2010 only issue or caused by Office tabs free 9.51 addin, a recent Office 2010 patch or Win10 version 1703 upgrade. Last auto-deleted Asd file in Recycle bin was from March.

        WD security center lacks Scheduled scans, Quarantine, Allowed/Detected logs, Recommended actions for detections, ATP and PUA opt in.

      2. adwbust says:

        When will Office 2016 get native tabbed window support? Adobe Reader DC already added it. Pls tell Office 2016 developers to add it in next update.

  9. adwbust says:

    The sample form still times out! 🙁 I tried to submit a 3,715,193 bytes 7z archive. My upload speed is only 800 kbps. 🙁 I have no access to fiber dsl yet. I have no issue with Avira’s or Bitdefender’s sample form. I think the implementation is at fault. After I browse for sample, start to upload it. Currently, your site will only upload sample when I click Submit button. Not everyone has fast upload speed to keep up with your site’s demands/expectations. 🙁

    I got this:

    The server timed out while waiting for the browser’s request.

    Reference #2.776b473a.1492673644.2c39ccf

  10. adwbust says:

    I removed MSE on Vista since it was deactivated. But I re-enabled WD. So far, WD doesnt seem to detect Software bundlers and Monitor tools (keylogger, spyware) caught by MSE. Those are grey threats so why doesnt WD catch them too?

    1. adwbust says:

      Hacktools arent detected by WD on Vista as well. :/

  11. Mr. J.S. Support Scam A.A. TechBrolo says:

    You need to go back to school and go into big time debt and learn something. Take Windows 8, 8.1 and 10 with you.

  12. Sunny Holmes says:

    This happened to me today. My computer was locked and a number was given to call. It was 844-976-8875. I called and went through their process as it scared me… Showed me all the downloaded hack files..Don’t see this exact number on the list above..

  13. jeff says:

    I received one of these scams to day and they are going to call back tomorrow to see if I can pay for it

  14. Alex says:

    We received a message claiming we had to call Microsoft immediately at 1-844-392-7021. When called, an “East indian accent” individual mentioned they had to get into our computer to fix the problem and requested permission to do so. We indicated we will not allow this and terminated the call. The phone is listed among those used for scams.

  15. Zoe says:

    This has happened to me I turned pc off now I can’t log back on. Any advice plz?

  16. Paul Beatt says:

    you can add 1843 577 2056 to the list. The scammer wanted to show me where the problem was by logging onto my computer and pulling up windows 10 by holding down the Crtl, Fn and windows key. I hung up and he immediately called back and told me that I would see that all of my drivers would be blocked if I did not do as I was told. I will not repeat what I told him to do with his suggestion and then hung up.

  17. Alan James says:

    I believe I was scammed today by an outfit calling themselves Assistance Online Support. This was in response to a warning that appeared on my browser saying that there was suspicious pornographic spyware and had a contact support number. The so called error was 0x80072ee7 which they said was from an external intrusion trying to access my personal details. The names they used are: Eric Lundy, Jason Cox, Toby, and Rachael- all with Indian accents. Rachael told me she was in California. Eric asked me for my debit card details which I naively gave him but fortunately my bank alerted me via text that they put a hold on the transaction. Should it be a scam it is well orchestrated as they even send invoices and gave work id numbers. The support number they provided was 0064 800 005 466 or 0800 005 466. The one called Rachael said she did something to my computers IP Address. I note as I read on my Network settings under connectivity (IPv4/IPv6) connected to the internet/Connected to unknown network

  18. Tigerzateal Irizarry says:

    I keep getting the tech support that pops up and say to call the # and I can’t do anything with my computer so I call and the tell me that my computer has been hacked into and they are take my info, could you please check in to this for me because I know this is fake. Thank you very much

  19. Rob Thorn says:

    Please add this number to the scammers list 6467854580

  20. Rob Thorn says:

    I just told this fake to stop calling me, and that I will not give any information The caller then said I don’t need you to give me any information, I can hack into you bank account any time I want.

  21. kerri says:

    please add 1-800-642-7676 to your list

  22. Reinaldo Mas says:

    Today, I googled “Lowes” to find the store website. When I clicked on the results from Google; Ad Lowes it redirected to hxxp://microsoft1115supportnumber[.]com/main/index[.]html with a scam asking to contact 1-844-699-8351.
    A voice recorded and a fake Microsoft page.
    Don’t fall for it.

    1. Reinaldo Mas says:

      Sorry the redirected website is: hxxp://microsoft115supportnumber[.]com/main/index[.]html

  23. ina bagchus says:

    Finally an answer to the alerts I received. Understand it better. At one time my browser was blocked I thought my computer had crashed. Windows explained it all. Thank you!

  24. Gary says:

    Please add 844-829-5569 to your Do Not Call numbers.
    Thank you

  25. Linda says:

    1888-255-7636 EXT2027 Keven Jacobs Hmmm sounded like an d Indian accent. Scam

  26. Ronda George says:

    Receiving calls from 231-836-7565 claiming to be microsoft support. That my computer has been sending microsoft reports of problems and if I don’t let them fix my computer it be blocked from using microsoft.

  27. DUMP trump says:

    1-800-615-9085 is not real. ~ Do NOT call number. ~ to turn IT Off.. [1) open windows Task Manager – [2) view the “application” tab – [3) mouse on the browser (ie = Internet explorer) – [4) RIGHT click & mouse to “End Task” – [5) DO IT! …end the motherFawker.

  28. Gary Chambers says:

    Just had laptop lockup with an apparent Microsoft webpage and a superimposed message in black box: “Microsoft System Security Alert. Something went wrong with your Windows…”. There was also a a repeating audio (female American voice) warning to call “our” support. I called the number on the underlying webpages was “1-844-311-9589” to see who would be on the other end. An asian female voice answered “Enigma Technical Support” and I hung up to do research on my wife’s Mac; going to the Microsoft web site. I was called back 3 times quickly by “Enigma’s Tech So” at 1-844-305-6555, but they never left a message. I read the site’s description of the technical support scam and found their number listed above in column 3 line 18. Not knowing anything else to do, I did a hard shutdown and then restarted after a minute. A quick scan with a freshly updated Total Defense Anti-Virus was clean.

  29. Willie E Cummings says:

    I received calls from 877-650-4751, 877-335-4612, 844-821-0482 by people using the name Microsoft

  30. Marcia says:

    I received this pop up today 6-16-171-855-828-0725

  31. John says:

    I clicked on a link about an old murder being solved on the MSN home page yesterday? How does that happen ?

  32. Dan McDonald says:

    Are you having someone from California contact me telling me I need to fix my Microsoft account. I’m Worried that this is a scam to get into my computer. If this is not the case, Please let me know. The number calling me is 513-225-5069.
    Thank you

    1. John M Rigby says:

      My wife’s computer has been blocked by a virus (Zeus) and a box instructing us to call Microsoft. I suspect this is a scam but how do I unlock her computer? Restarting it doesn’t help.

  33. Steven Chambers says:

    My computer has been hijacked by an apparently fake Microsoft support company, S M Tech Solutions. The number being used by the “agent” is 909-939-3661. They are demanding payment in iTunes cards to evade taxes in India. They are threatening lawsuits and extraction of funds if I don’t pay. I have already paid $4400 in iTunes cards and will not pay the $9000 they are trying to extort now. I have closed out one credit card and alerted the other. My cell number is 503-580-0570.

  34. Marzig says:

    I have a number for you to add to the scammer list 459-750-7880 caller id was Invalid Number ; was called today 6/16/2017. I was also called yesterday but I am unsure as to which numbers to give you because we get stupid sales calls from other companies wanting to put solar panels and other junk in…and they have goofy numbers too. This really is too much. I think the uptick in calls might be due to kids getting out of school for summer, good opportunity to get the kids to let them have access to our computers. A public announcement would be cool, not everybody seems to be up on the Scammer tactics. Thanks

  35. ric says:

    yes, crafty they’re
    an 8886356193 just got off saying we’re “Online Service Technologies” based in Los Angeles, CA
    when I repeated his name back to him and explaied that his story sounded odd cause there’s no such business listing he replied
    “well here let me give you our website address,” and then disconnected

  36. Robin says:

    Rcvd call from 202-765-1235, kathy (middle east accent) id# RFS3625. Said she was from MS, they were rcving msgs from my comp under attack. Wanted me to give her permission to control comp. I needed to hurry, may be able to save. I asked her for MS # to verify, gave me HER # & id info. I said ok, please hold. I went online to get MS # & called on cell phone. Told to hang up by what i thought MS official support. Come to find out MS Official Support was an ad, a PARTNER of MS, not MS (microsoft.myphonesupport.com), again middle east accent, i had to ask him 3 times point blank, ‘are you MS or a partner?’ and how much would this cost me? Said i didnt need to worry about that right now. Kept telling me to i needed to do this, that. Kept talking over me. I finally had to yell and told him to answer me, finally admitted partner. I hung up again.
    What i don’t understand is why MS is so hard to find to get info in emergency situations like this. Last time i had an emergency i had right # but could not get an answer and that time comp caught in loop. Finally got out of loop, no clue how. Finally got MS online after several tries. Sorta got ‘oh yes that happens, we will make sure ok. We did check together, but wow, after the fact.
    This time, she was still on the phone line, partner told me to hang up, wasnt really interested in her or info she gave. Thats what kind of clued me in not MS. Really felt let down ny MS both times.

  37. John O'Connell says:

    I had a call from someone who said they were from Windows Help desk and that my computer had shown signs of attempted hacking. They convinced me that they were genuine by giving me a unique number of my PC. I paid £299.00 to a company called www[.]Thaipay[.]com and gave them access to my computer where they deleted so called threats. I have since had call form them saying my computer was still at risk and they want to get into it in a session with me. I wonder if you can tell me if they are genuine and attached to you

  38. Ross A. Morgan says:

    Are Techprime (1-800-380-551) an agent of Microsoft. They blocked my computer and said I had various intrusions by scammers which they would remove on behalf of Microsoft. They then sold me Webroot antivirus program. If they are scammers, how do I remove them from Windows 10?

  39. I have been hit by tech scams 3 times

  40. Jack says:

    BIG TIME SCAMMER ***** BETHANY… THEIR TOLL FREE – 1 844 864 9028
    they have tie ups with scammers in India & Asian countries..

    Specialized in scam pop up calls .. Beware of her…

  41. Michael H Frazier Sr says:

    I have a number to add 1-888-389-1410 to contact a Microcsoft System Techician.

  42. YH Geisler says:

    just got hit by version with Error #268D3 and support phone #855 334 1897. The whole thing was suspicious so I looked up # and got your blog – thanks for the info

  43. Caroline says:

    New scammer phone number – 1-855-704-1391

  44. Mike says:

    I recently received a call from 1-800-291-4814, telling me that my Microsoft license is due to
    Expire and I should call back to renew it. I ignored it because I have never had a Microsoft product or license. Therefore, I suspected it to be fishing scam.

  45. Edward Murphy says:

    The Phone Number I was given to contact (I am in the UK) was 0208 0683410 when I received an alert message informing me my computer had been compromised. It informed me to contact the number given immediately and not to try and close down the computer otherwise they would have to delete my account (or something similar). When I tried to close my web page it message kept popping back up and would not let the computer close, so I closed took the battery out to close it. I then re-opened and logged in with no problem and ran Windows Defender full scan and it detected this virus which I then deleted. I then checked it out in Defender and now send my reply to what I experienced.

  46. Melanie Snyder says:

    I got one of these today also. The number I was told to call was 1800-890-8720. He told me I had to pay $199 to get my computer fixed of the virus. I told him I wasn’t paying money to a system that had a virus, he laughed at me. And they also have caller id, cause they called me back when I hung up on them. I am now running a McAfee virus scan.

  47. marie says:

    844-726-5418 Called and scammed my 82 year old mother and now we are having problems cleaning up her computer

Skip to main content