Tech support scams persist with increasingly crafty techniques


(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.)

 

Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used by both Microsoft Edge and Internet Explorer to block malicious sites) and Windows Defender Antivirus show that some three million users are subjected to these threats every month.

In addition to being rampant, technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims.

Given the sheer volume of tech support scams and the pace at which they evolve, here at Microsoft we take a holistic approach to this problem. We monitor the threat landscape for patterns and variations in threat behavior. Using intelligence from sensors, we employ machine learning models to deliver cloud-based protection against the latest tech support scams, whether they take the form of web pages with malicious scripts or Trojans that run on computers.

In 2016, the threat of support scam was most felt in the United States, which saw 58% of encounters. United Kingdom, Canada, and Australia follow, with 13%, 11%, and 8% of encounters, respectively. Notably, significant encounters were also registered in France and Spain, where we saw localized technical support scam attacks.

tech-support-scam-countries

Figure 1. Top counties that saw the most number of tech support scam encounters in 2016

(Note: This blog post is the third in the 2016 threat landscape review series. It follows the review of exploit kits and ransomware. The series looks at how major areas in the threat landscape transformed over the past year. For the latest info on tech support scams, go to our tech support scams FAQ page.)

The evolution of technical support scam malware

Technical support scams are built on the deception that your computer is somehow broken, and you need to contact technical support to fix it. You may then be asked to pay for support. In some cases, the tech support agent may ask you to install other software or malware disguised as support tools on your computer, bringing in more threats that can cause even more damage.

You may come across these threats while browsing dubious websites, most notably those that host illegal copies of media and software, crack applications, or malware. Links or ads on these sites may lead you to tech support scam websites, which display pages that are designed to look like error messages and serve pop-up messages indicating fictitious errors. Some tech support scam threats take the form of executable programs like other malware.

Although tech support scams have been around for many years, in 2016 we saw the threat evolve by  integrating more scare tactics. At the beginning of the year, the landscape was dominated by threat families with simple techniques and social engineering lures. However, more evolved threat families have since taken over.

tech-support-scam-malware-families

Figure 2. Top support scam families based on encounters in 2016

FakeCall and FakeBSOD: The early types that used one pop-up window and simple messages

Tech support scams are known for their use of pop-up windows to advance their pretense. While most of the scams today abuse pop-up windows to the point of locking the browser, the earlier types relied on just pop-up windows and effective social engineering lures.

FakeCall is a family of malicious scripts hosted in tech support scam sites. It may use messages about virus infection or suspicious activities on your computer. The first sign you have been led to a FakeCall tech support scam site is a pop-up message that tries to create an impression that it’s a system pop-up and usually describes a fake problem and contains instruction to contact fake technical support.

tech-support-scam-fakecall-pop-up

Figure 3. A sample pop-up message from FakeCall

If you click OK, the website loads a page giving more details about the supposed problem, and more instructions to call the technical support number. It may spoof security products and list malware that have purportedly been found on your computer. The goal is to convince you to call the support number.

tech-support-scam-fakecall-webpage

Figure 4. Sample FakeCall support scam website, which asks potential victims to call 855-400-3930

On the other hand, FakeBSOD is a very similar threat but instead pretends to be a system error, like Blue Screen of Death (BSOD), where it got its name.

tech-support-scam-fakebsod

Figure 5. Sample FakeBSOD site that pretends to look like system errors, such as BSOD, and asks to call 1-844-330-7888

FakeBSOD sites usually force the browser to go on full-screen mode to simulate the BSOD experience. Just like FakeCall, it also has a pop-up message detailing the fake problem and a number to call fake technical support.

Both FakeCall and FakeBSOD heavily rely on social engineering lures to get you to take action, and don’t have much in terms of technical complexity. Simply closing the browser will work in most cases.

TechBrolo: Support scam malware on steroids

TechBrolo takes on characteristics of both FakeCall and FakeBSOD, but integrates technical enhancements that not only makes the pretense more believable but can also adversely affect your overall computing experience.

For instance, TechBrolo employs the dialogue loop technique. When you visit the TechBrolo site, you get a pop-up message that won’t go away, no matter how many times you click OK. This method effectively locks your browser; you must manually terminate the process via Task Manager in order to close your browser.

tech-support-scam-techbrolo-1

Figure 6. Sample TechBrolo site with dialogue loop and fake support number 1-866-219-0211

Most variants of TechBrolo also play an audio describing the problem, adding a sense of urgency. For example, one recent variant mimics Windows Defender Antivirus, and when the website loads, it plays an audio with the following message:

“Critical alert from Microsoft. Your computer has alerted us that it is infected with a virus and spyware. This virus is sending your credit card details, Facebook login, and personal emails to hackers remotely. Please call us immediately at the toll-free number listed, so that our support engineers can walk you through the removal process over the phone. If you close this page before calling us, we will be forced to disable your computer to prevent further damage to our network. Error #268D3.”  It is important to note that Windows Defender Antivirus does not act this way.

tech-support-scam-techbrolo

Figure 7. Sample TechBrolo site that spoofs Windows Defender Antivirus, plays an audio message, and uses fake support number 07-5405-9588

Recently, we also spotted a TechBrolo variant that uses website elements to spoof the Microsoft support site and fake the pop-up dialogue box. It does this by loading a page that looks like a browser and then going to full screen. If you are not too paying attention, you might think Microsoft is giving you a warning. Microsoft does not deliver warning messages like this via the browser.

tech-support-scam-escape-from-fullscreen-1

Figure 8. One TechBrolo site uses website elements to achieve a browser in a browser effect and asks target victims to call 1-844-313-7003

Non-English support scam websites

Consistent with our findings that some of the countries most affected by tech support scam are non-English speaking countries (see Figure 1), we have seen some localized tech support scam malware.

These sites employ a combination of the techniques discussed in this blog, only presented in non-English websites, images, or pop-up messages.

tech-support-scam-french

Figure 9. French tech support scam website that uses fake support number 01-86-26-42-66

tech-support-scam-spanish

Figure 10. Spanish tech support scam website that uses fake support number 900-839-260

tech-support-scam-german

Figure 11. German tech support scam website that uses fake support number 0-800-183-8114

tech-support-scam-techbrolo-japanese

Figure 12. Japanese tech support scam website that uses fake support number 03-4578-9419

Cusax, Hicurdismos, and Monitnev: Support scam Trojans

Apart from scripts hosted on websites, we have also seen tech support scam malware in the form of executable files. They may be installed on your computer by other malware or downloaded from drive-by sites.

These malware have the same goal as their script counterparts: to get you to call the technical support number. However, the difference is that their malicious behaviors are not limited to the browser.

For instance, Cusax is a tech support scam malware that makes system changes, including registry modifications that ensure it runs every time your computer starts. It then forces a reboot, further reinforcing the scam that there is a problem with your computer.

As soon as your computer boots, it opens a window that asks for your Windows activation key as well as the technical support number.

tech-support-scam-cusax

Figure 13. Cusax uses the lure that you need to enter your activation key and asks to call the number 1-877-256-3313

Hicurdismos, on the other hand, displays an image that looks like the BSOD. However, this fake BSOD screen has instructions to call a technical support number, something that the real error doesn’t have.

In order to further its pretense, Hicurdismos hides the mouse cursor, disables Task Manager, and makes sure the fake BSOD image occupies the entire screen and is always on top of other windows.

tech-support-scam-hicurdismos

Figure 14. The fake BSOD screen displayed by Hicurdismos contains the number 1-800-418-4202

More recently, Monitnev was discovered to monitor event logs. It then displays fake error notifications every time an application crashes. This can appear more convincing because the pop-up messages are timed with legitimate computing behavior.

Cusax, Hicurdismos, Monitnev and other tech support scam malware can be more complex than scripts. Because they make system changes, they can inflict more damage and can be trickier to remove. However, we’re seeing significantly fewer of these types of tech support scam threats because they are more difficult to distribute than their script counterparts. Despite that, they pose threats that you need protection from.

Protection against tech support scams

Tech support scams take different forms and are known to take on more characteristics over time. Get the protection against the latest tech support scams by upgrading to Windows 10. The Windows 10 Creators Update brings in additional security features and will start rolling out on April 11, 2017. Keeping your computers up-to-date gives you the benefits of the latest features and proactive mitigation from Microsoft.

A majority of these threats, like TechBrolo, FakeCall, and FakeBSOD, are scripts hosted on websites where you are led to by malicious ads on dubious sites. To avoid tech support scam websites, use Microsoft Edge. Enable Windows Defender SmartScreen (also used by Internet Explorer) to block known malicious websites, such as tech support scam websites.

tech-support-scam-microsoft-edge-blocked-twitter

Figure 15. Microsoft Smart Screen blocks techs support scam websites

In addition, Microsoft Edge provides a way to close dialogue loops, which are used by support scam sites to keep on delivering pop-ups even after you close them. At the bottom of pop-up dialogue messages, you have an option to tick the checkbox Don’t let this page create more messages, which will stop the recurring messages.

tech-support-scammicrosoft-edge-protection-against-dialogue-loops

Figure 16. Dialogue loop protection for Microsoft Edge

Enable Windows Defender Antivirus to remove tech support scam Trojans, such as Cusax and Hicurdismos. Windows Defender AV uses cloud-based protection, which helps make sure you are protected from the latest threats.

Tech support scams employ varying social engineering techniques to get you to call the support hotline. Do not call the number in pop-up messages. Microsoft’s error and warning messages never include a phone number.

Some scammers can also contact you directly and claim to be from Microsoft. Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you. Reach out directly to one of our technical support experts at the Microsoft Answer Desk.

For more information on techs support scams, go to our tech support scams FAQ page.

 

Jonathan San Jose, Alden Pornasdoro, Francis Tan Seng
Microsoft Malware Protection Center

 

Related blog entries

 

Other details

We have seen the following tech support numbers used by scammers. Don't call or accept calls from these numbers.

For an updated list of tech support scam hotlines, go to our tech support scams FAQ page.

01-08-08-06-98 0118-315-1070 01-303-610-076 01-40-89-96 0147-337-8290 0173-260-8058
01-76-34-05-40 01-76-34-05-42 01-76-34-05-48 01-82-74-27-50 01-82-88-89-29 01-82-88-89-30
01-84-88-89-10 01-86-26-22-91 01-86-26-47-61 0-199-346-0018 0-203-868-2233 0208-068-3410
0208-133-6658 02-831-09124 03-4520-8161 03-4520-8162 03-4578-2792 03-4578-2795
03-4578-3352 03-4578-3354 03-4579-5849 03-4580-9710 03-4589-4826 03-4589-5026
03-4590-2887 03-4590-2890 03-8375-8479 03-83-75-84-79 03-83-75-85-31 03-83-75-85-32
06-9480-0911 0-800-046-5059 0-800-046-5727 0-800-069-8770 0-800-069-8789 0-800-090-3238
0-800-090-3255 0-800-181-1492 0-800-181-2377 0-800-183-8200 0-800-724-5979 0-800-900047
08-05-08-09-90 089-2019-0018 09-00-80-94-23 09-11-23-92-17 09-70-73-63-06 09-70-73-63-45
09-70-73-63-92 09-74-59-10-21 09-75-18-31-78 09-75-18-32-01 1-300-596-398 1-800-046-5706
1-800-250-6575 1-800-253-8598 1-800-265-7653 1-800-311-5967 1-800-380-1734 1-800-381-9788
1-800-431-368 1-800-439-6096 1-800-465-5495 1-800-510-942 1-800-530-6044 1-800-615-9085
1-800-625-1264 1-800-636-0912 1-800-642-7306 1-800-646-0717 1-800-685-3405 1-800-696-4076
1-800-729-1951 1-800-813-1316 1-800-838-2529 1-800-917-9832 1-800-946-4593 1-800-952-984
1-800-953-454 1-800-954-266 1-800-954-357 1-800-954-357 1-800-954-399 1-800-985-028
1-800-986-9304 1-810-292-797 1-814-753-1577 1-844-219-9266 1-844-260-7865 1-844-260-7876
1-844-264-6777 1-844-266-7171 1-844-284-8623 1-844-285-3671 1-844-287-1052 1-844-306-6131
1-844-307-3760 1-844-307-7026 1-844-311-9589 1-844-313-2246 1-844-313-7003 1-844-324-6235
1-844-324-7430 1-844-326-3137 1-844-363-5005 1-844-378-6777 1-844-378-6888 1-844-392-7021
1-844-396-1042 1-844-410-0800 1-844-410-0806 1-844-410-800 1-844-410-806 1-844-421-5044
1-844-470-9938 1-844-477-2743 1-844-485-8148 1-844-488-7669 1-844-499-0899 1-844-536-9249
1-844-545-8489 1-844-554-2335 1-844-556-2898 1-844-569-8803 1-844-585-1394 1-844-594-0202
1-844-598-3874 1-844-608-8791 1-844-609-9930 1-844-621-9192 1-844-637-9743 1-844-649-8047
1-844-651-8892 1-844-653-8666 1-844-666-6856 1-844-670-2132 1-844-688-4954 1-844-699-8351
1-844-700-0139 1-844-700-139 1-844-710-5111 1-844-710-5139 1-844-717-8810 1-844-720-1023
1-844-733-5424 1-844-738-3990 1-844-744-6789 1-844-758-6854 1-844-760-4122 1-844-760-5091
1-844-767-8232 1-844-778-9178 1-844-779-5008 1-844-779-7006 1-844-783-3990 1-844-784-4666
1-844-788-4216 1-844-791-1319 1-844-793-5488 1-844-795-9588 1-844-795-9598 1-844-798-3802
1-8448006834 1-844-802-8730 1-844-804-2259 1-844-813-5760 1-844-816-0232 1-844-816-232
1-844-819-6285 1-844-828-9509 1-844-829-3685 1-844-829-5569 1-844-831-5020 1-844-831-5994
1-844-831-6841 1-844-841-3648 1-844-850-3475 1-844-850-5910 1-844-854-1116 1-844-855-9343
1-844-858-5267 1-844-869-8466 1-844-880-8540 1-844-890-6983 1-844-890-8951 1-844-891-1033
1-844-894-8333 1-844-895-0393 1-844-895-393 1-855-231-9571 1-855-246-8689 1-855-371-6333
1-855-372-1444 1-855-372-2604 1-855-524-2270 1-855-534-8622 1-855-550-3155 1-855-551-8444
1855-620-0666 1-855-689-8237 1-855-841-8777 1-855-861-9885 1-855-937-4376 1-858-251-4120
1-866-205-1372 1-866-209-2510 1-866-217-2113 1-866-217-5161 1-866-217-8634 1-866-217-9719
1-866-249-7329 1-866-278-2125 1-866-279-9569 1-866-296-7071 1-866-312-4799 1-866-315-1003
1-866-339-1004 1-866-351-5988 1-866-391-7379 1-866-644-1214 1-866-658-1167 1-866-683-3337
1-866-685-8514 1866-686-7503 1-866-686-7503 1-866-752-3090 1-866-753-3090 1-866-890-6653
1-877-219-1968 1-877-219-3552 1-877-219-9556 1-877-220-0186 1-877-220-1993 1-877-220-2054
1-877-220-3180 1-877-220-6582 1-877-220-7397 1-877-220-8475 1-877-220-8783 1-877-222-0860
1-877-222-860 1-877-227-0753 1-877-249-4133 1-877-255-0763 1-877-264-2122 1-877-282-7003
1-877-373-8371 1-877-382-9050 1-877-408-7275 1-877-506-5563 1-877-640-2516 1-877-734-4250
1-877-796-9406 1-877-818-5969 1-877-910-4314 1-888-202-3116 1-888-220-8498 1-888-226-1622
1-888-229-163 1-888-234-3690 1-888-255-7636 1-888-261-5610 1-888-275-5751 1-888-285-6970
1-888-286-1011 1-888-301-5539 1-888-304-2555 1-888-308-3996 1-888-309-5186 1-888-309-7042
1-888-310-5669 1-888-323-8692 1-888-331-1603 1-888-356-2829 1-888-360-4508 1-888-369-2088
1-888-371-0333 1-888-380-5442 1-888-391-2444 1-888-393-4297 1-888-413-7734 1-888-415-6951
1-888-416-286 1-888-431-1942 1-888-443-7281 1-888-454-7025 1-888-465-6139 1-888-473-0011
1-888-484-4930 1-888-495-8037 1-888-512-1929 1-888-515-1777 1888-516-490 1-888-523-0696
1-888-526-7488 1-888-560-4999 1-888-560-8943 1-888-568-1666 1-888-569-1655 1-888-571-6880
1-888-616-1599 1-888-635-6193 1-888-649-2014 1-888-691-4986 1-888-724-3052 1-888-744-6599
1-888-758-0653 1-888-807-2627 1-888-824-5331 1-888-841-5580 1-888-844-7006 1-888-850-8578
1-888-855-6855 1-888-890-8148 1-888-993-9979 1-888-995-1799 31-852086013 32-25888838
32-71-96-26-1 32-78481033 33-75182326 33-970735408 33-9-70-73-54-08 33-970736084
33-9-70-73-60-84 33-975-181-600 33-9-75-18-16-00 33-975182324 33-9-751-82326 33-9-75-18-23-26
33-9-77-55-76-05 33-9-77-55-76-5 34-932-20-02-11 34-932-20-2-11 41-61-588-8-67 44-203-290-7722
44-8000-465-053 44-800-046-5053 44-8000-465-054 44-800-046-5054 44-8000-465-53 44-800-046-5706
44-800-465-229 44-800-46-5706 44-800-652-0137 44-800-652-4222 44-800-689-1673 45-89-87-42-25
47-23965406 49-800-723-6206 55-4170-8902 61-1800-431-351 61-1800-431-352 61-1800-431-356
61-1800-431-364 61-1800-431-365 61-1800-431-369 61-1800-431-370 61-1800-431-370 61-1800-628-619
61-1800-780-684 61-1800-875-389 61-1800-875-443 61-1800-941-045 61-1800-954-289 61-180-87-5272
65-31637677 65-31638569 800-046-3255 800-088-5197 800-090-3238 800-090-3255
800-361-8241 800-368-8157 800-497-5972 800-696-4076 800-813-1316 805-080-990
844-324-2962 844-431-5897 844--431-5897 844-526-1405 855-228-0920 855-404-6983
855-444-2788 855-689-8237 855-699-6155 855-740-4835 855-828-0725 855-880-2625
866-211-8374 866-249-2994 866-279-5039 866-296-7071 866-350-2508 866-383-9914
866-529-4576 866-537-8515 866-711-7695 866-784-3641 866-884-4602 877-249-0394
877-321-4359 877-367-9212 877-527-9416 877-593-4297 888-204-3985 888-219-8266
888-225-0777 888-233-1123 888-244-7420 888-252-1520 888-275-1718 888-304-8120
888-338-5128 888-359-9305 888-406-1484 888-440-0654 888-472-4829 888-473-4931
888-473-9840 888-531-4363 888-568-5748 888-576-1517 888-578-0463 888-587-3647
888-595-2212 888-617-0437 888-617-6592 888-648-7844 888-694-2304 888-741-5358
888-776-2580 888-858-1973 888-858-2040 888-870-8049 888-961-5690 900-809-423
900-838-110 911-239-217 975-183-201 1-800-281-6897 1-888-814-5203 888-214-3542
085-888-3326 03-8375-8532 03-8375-8531 03-837-58479 03-4579-5825 855-699-6156
855-484-5936 855-334-1897 1-844-890-8837 03-4578-9419 65-3163-1471 1-800-741-658
1-855-205-3429 1-800-586-7035 855-731-4577 09-747-902-78 09-70-73-64-37 1-888-869-4393
076-888-9314 09-747-902-77 41-3680050 03-4589-4823 0-800-090-3247 1 -844- 663-2459
1-805-203-8843 1-844-287-1056 1-844-314-758 1-844-372-887 1-844-433-1244 1-844-450-735
1-844-610-4969 1-844-651-5157 1-844-739-2013 1-844-758-4880 1-844-761-8172 1-844-774-8432
1-855-245-888 1-866-245-4827 1-866-315-1620 1-877-219-5956 1-877-220-8628 1-888-308-5073
1-888-514-5106 1-888-621-834 33-9-77-55-97-53 844-663-2459 855-241-4822 855-248-1497
855-364-4107 855-882-7403 877-578-1951 888-803-9412 010-8080698 01-513-6657
01-86-26-01-80 01-86-26-47-64 020-3514-9444 02-8017-2666 0-800-014-8165 0-808-164-4743
1-800-445-2620 1-844-421-5040 1-844-489-6111 1-844-505-786 1-844-616-4636 1-844-663-2459
1-844-665-7222 1-844-726-5418 1-844-807-8358 1-855-325-1775 1-855-722-6773 1-866-333-3971
1-866-869-9348 1-877-219-6703 1-877-220-5769 1-877-626-2710 1-888-441-1595 1-888-818-2853
33-9-77-55-79-23 44-800-689-753 61-1800-431-255 855-289-7530 855-351-1670 855-484-6018
855-689-8196 866-391-6238 866-679-4832 877-387-9795 877-765-8184 888-410-8118
01-86-26-42-69 03-4579-08399 03-8080505 0406-688-972 0413-680-084 0800-046-5277
0800-0903-255 0-800-723-4924 0800-900047 08-00-91-09-90 08-15-88-03-24 1-844-200-4074
1-844-450-732 1-866-214-5075 1-866-217-1114 1-866-4394-500 1-888-205-4245 1-888-420-3996
1888-441-1595 1-888-593-106 1-888-640-8577 45-78746859 800-0465-706 800-0885-197
800-0903-238 855-228-2379 855-258-1446 855-297-7575 855-358-7284 855-369-2331
855-405-7095 866-251-3564 866-491-1929 866-529-4573 866-553-1955 877-223-4910
877-387-3582 888-722-9670 866-517-6557 358-753251124 1-877-219-8737 866-856-3548
866-209-9923 1-844-861-7768 855-445-8994 1800-431-368 1-844-779-3057 0-800-724-3871
1-888-639-5599 866-528-2581 855-294-1129 01-86-26-47-68 1-877-219-6702 1-844-830-777
34-932-200-211 01-76-39-05-48 055-0621-407 0694-808-798 085-208-6012 085-888-3451
1-800-318-4284 1-800-625-1446 1-800-942-1460 1-844-438-289 1-844-446-245 1-844-646-761
1-844-647-2674 1-844-869-7593 1-844-874-3456 1-844-883-9715 1-866-207-1988 1-866-439-4500
1-877-219-5060 1-877-837-9791 1-877-939-3009 1-888-243-9401 1-888-559-4076 1-888-565-3185
1-888-589-7758 32-92-98-10-28 41-61-588-8-94 800-090-3211 855-228-2129 855-252-1791
855-292-3959 855-324-5898 855-332-6165 855-358-6330 855-454-5006 855-692-5017
855-883-8575 866-203-0332 866-245-2927 866-258-2061 866-315-0847 866-350-2509
866-423-9927 866-570-7665 866-664-7153 866-674-4534 866-799-3813 866-799-3818
866-876-0572 888-217-5108 888-242-1512 010-8080688 0161-6604-291 01-84-88-70-53
1-800-573-3082 1-800-634-1162 1-800-933-9950 1-844-200-2861 1-844-2155-229 1-844-364-3797
1-844-448-9577 1-844-525-6428 1-844-529-3725 1-844-609-9925 1-844-634-3273 1-844-656-7657
1-844-734-4622 1-844-741-8241 1-844-778-9179 1-844-806-4353 1844-888-6250 1-866-217-5708
1-866-417-3002 1-877-219-5044 1-877-299-5502 1-888-204-7932 1-888-210-9302 1-888-395-5996
208-0683-410 34-932-200-211 34-932-20-35-0 41-44-505-14-7 44-800-46-5036 45-89871945
61-1800-431-437 61-1800431-443 800-795-3272 844-760-4122 855-239-2183 855-282-6042
855-292-3941 855-294-1124 855-500-9865 866-273-6026 866-273-6047 866-291-8725
866-298-7302 866-331-7691 866-421-0581 866-448-1409 866-491-1849 866-745-9585
866-841-9124 1-800-431-367 1-844-215-5229 1-844-307-1823 1-844-441-1440 1-844-538-2676
1-844-652-9239 1-844-678-7861 1-844-791-1072 1-844-831-6839 1-844-850-7794 1-855-687-3444
1-866-216-9450 1-888-309-5755 1-888-547-3398 1-88-8547-3398 1-888-608-2594 1-888-814-3477
855-228-2130 855-404-6986 855-445-9067 855-500-9849 855-731-4558 855-879-8128
866-788-2694 877-201-7936 877-211-2006 877-288-4308 877-495-0163

Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.

 

 

 

Comments (126)

  1. Carolyn Britton says:

    I think my Windows 10 account has been hijacked. What do I do?

    1. ric says:

      talk to an IT specialist you trust in person

      1. Jack says:

        Same **** happen to me
        Bethany scammed me for $499 & asking for more like begging…

        Beware their number is – 1 844 864 9028.. Located in California & Asian countries…..***

  2. Dawn Iler says:

    1-844-806-4300
    Is a number that called my home. If called back it is a non working number. please check it for the fake calls. I have had one before. “Paul” from windows who said my pc was sending info that it was infected. It certainly was and I lost that computer. I personally have thought it was you as I had emailed the disability desk the day before the call with a complaint/question. I felt forced to upgrade when I couldn’t afford it nor did I want to. I was forced into a new/used pc and I thought I needed to upgrade even though I was very happy with the OS I was running. But you blocked my internet and email. I did have virus protection running but was hacked. everything was hacked, email, printer all files, Everything. I did find it on my pc and right now I don’t recall what I read in it that kinda confirmed my suspicions of it being Microsoft. I can get you the photos of what I found if you want? If I voiced my thoughts about not wanting to change or purchase a new pc something would go wrong with my pc. Almost immediately. Coincident’s do happen I suppose. And another thing, why don’t spell checker give me the correct spelling of coincident?S If it is misspelled already how am I to know which of your suggestions is right when it gives three or more spellings? The plural option was not offered just now.
    Back to Win 10, I hate it. Switching was the worst mistake in my entire life. I can not hi lite and print the hi lited part, I can’t blow up or shrink things to the size I want. I find 10 to be irritating and prevents me from doing things I used to be able to do. I LOST YEARS & YEARS OF EMAILS! IMPORTANT SAVED EMAILS THAT WERE JUST GONE. POOF GONE. I STILL NEED SOME OF THOSE EMAILS. INFO I CAN’T FIND IS IN THEM…. OK I AM DONE

    1. rin says:

      Oh honey that really sucks. Exactly that happened to me. My daughters father is an IT expert who runs his own tech support business. Unfortunately we were not speaking at the time. So I ended up settling on a used Mac to give the old Apple a go. Less than 2 weeks later I had swallowed my pride, got in touch with my ex who helped me get my PC running. Be thankful that you didn’t go to a competitor because of this scam, apple is no better at handling the scams in any manner of speaking. EVERY – not just suspect – browser window was suspicious or mailicious and I had to close about 7 windows to for one thing look at a school uniform price list. How is a school website suspicious? I am sorry you were a victim of this scheme, but believe me when someone who also was conned took a different path to end up where you are $850 down the toilet. I cant even use the mac now!!!!

    2. Gypsy says:

      Dawn ller;
      In case you’re still looking, i too went through the loss of all my emails. Every since Windows first came out I had been using Windows Live; hated (still do) Outlook. Every single email I had ever sent or received had a folder and each email was filed.
      In a last ditch attempt, I set up the Outlook mail. I was able to link my previous Live mail account to Outlook and recovered all of my missing folders. I had to synch the live mail to the outlook mail and got it back. I still don’t like the Win 10, but was sure relieved to see those folders.
      You might want to get an MS call or chat going to show yu how to do this. Best of luck.

  3. adwbust says:

    Hey MMPC.

    I think Office 2010 Pro Plus is broken on Win10 Pro 1703.
    I set Word to Autorecover every 10 mins and to keep last autosave when file isnt saved.
    Theres no asd file being saved! There are folders named like the files’ names but theyre empty!
    The files being worked on are on a usb storage.
    I have Officetab free edition 9.51 addin.

    All was well with Win10 version 1607 since there are asd files in Recycle bin; asd files are created and they were moved to Recycle bin after 4 (?) days I think.

  4. adwbust says:

    Pls help MMPC. Pls tell the team responsible that Win10 version 1703 update broke Autorecover of Office 2010 Pro Plus x86. I have Win10 Pro x64.

  5. adwbust says:

    Settings, Acer care center and Edge crash after upgrade from 1607 to 1703.

    1703 broke Autorecover of Office 2010. No Asd files are created.

    On one laptop, WD security center always shows 0 files scanned.

    Health report doesnt work on one laptop and sometimes works on another.

    Onedrive pops up when you go to Word 2010 > File > Recents > Recover unsaved.

    File explorer icon pinned in taskbar looks active when you get Low battey pop up (< 10%). Left clicking icon wont open file explorer.

    Bluetooth on one laptop doesnt work since 1607. Probably drivers. But no new drivers available.

    After upgrade to 1703, wallpaper changed to default!

    Check box for "Send info to MS on how I type and write" removed in 1703. Full diagnostic should have tree view so we can uncheck items like typing/writing! MS did this so we have no full choice and control over what's sent!

    But of course 1703 brought positives too. Windows store check for updates, download updates and install updates are more faster and smoother. Same with Windows updates. Perhaps since not much on 1703 yet?

    Please relay to team(s) responsible.

  6. adwbust says:

    WD security center lacks Quarantine, Allowed and Detection present in WD on 1607!

    Will WD on 1703 have ATP for Win10 Home/Pro and PUA detections?

  7. adwbust says:

    I’m disappointed you just remotely turned off MSE (non-functional) on Vista on April 12. You couldve have just continued providing engine/signature updates until support for version 4 branch is discontinued.

    Oh well, I just switched to another AV. Life continues.

  8. adwbust says:

    Let apps run in background enabled. WD security center enabled. Why isnt WD updating on its own when wifi is set as metered then? Background apps keep themselves up to date right?

    April 12 Patch day for Win10 version 1703 still didnt fix broken Autorecover of Office 2010 (tested Word)! Word doesnt create Asd files as intented! Set it to autorecover every 1 min but no Asd files!

    1. msft-mmpc says:

      @adwbust — Thank you so much for providing valuable feedback. We have forwarded your concerns to the right channels.

      For future feedback about any Microsoft product or service, please consider using the Feedback Hub.

      https://www.microsoft.com/en-us/store/p/feedback-hub/9nblggh4r32n

      Using the hub helps ensure that your concerns are forwarded to the correct teams and are tracked properly.

      1. adwbust says:

        Thank you! If I log in on Feedback hub using my MS account, will I be auto logged in to (1) Settings > Accounts and (2) Windows apps on PC? I will report on Feedback hub if log in will only work in-app not OS-wide. I dont want stuff on PC synced to my account and vice-versa.

        I tried on Office 2016 and Word still creates Asd files. Probably an Office 2010 only issue or caused by Office tabs free 9.51 addin, a recent Office 2010 patch or Win10 version 1703 upgrade. Last auto-deleted Asd file in Recycle bin was from March.

        WD security center lacks Scheduled scans, Quarantine, Allowed/Detected logs, Recommended actions for detections, ATP and PUA opt in.

      2. adwbust says:

        When will Office 2016 get native tabbed window support? Adobe Reader DC already added it. Pls tell Office 2016 developers to add it in next update.

  9. adwbust says:

    The sample form still times out! 🙁 I tried to submit a 3,715,193 bytes 7z archive. My upload speed is only 800 kbps. 🙁 I have no access to fiber dsl yet. I have no issue with Avira’s or Bitdefender’s sample form. I think the implementation is at fault. After I browse for sample, start to upload it. Currently, your site will only upload sample when I click Submit button. Not everyone has fast upload speed to keep up with your site’s demands/expectations. 🙁

    I got this:

    The server timed out while waiting for the browser’s request.

    Reference #2.776b473a.1492673644.2c39ccf

  10. adwbust says:

    I removed MSE on Vista since it was deactivated. But I re-enabled WD. So far, WD doesnt seem to detect Software bundlers and Monitor tools (keylogger, spyware) caught by MSE. Those are grey threats so why doesnt WD catch them too?

    1. adwbust says:

      Hacktools arent detected by WD on Vista as well. :/

  11. Mr. J.S. Support Scam A.A. TechBrolo says:

    You need to go back to school and go into big time debt and learn something. Take Windows 8, 8.1 and 10 with you.

  12. Sunny Holmes says:

    This happened to me today. My computer was locked and a number was given to call. It was 844-976-8875. I called and went through their process as it scared me… Showed me all the downloaded hack files..Don’t see this exact number on the list above..

    1. rin says:

      Don’t be scared, they were showing you their own spyware on your system. Microsoft support must be initiated by the user, and their error messages DO NOT show a phone number. Close the window, if the corner X doesn’t work use task manager. Run a diagnostic tool such as ccleaner to make sure remnants are removed.

  13. jeff says:

    I received one of these scams to day and they are going to call back tomorrow to see if I can pay for it

  14. Alex says:

    We received a message claiming we had to call Microsoft immediately at 1-844-392-7021. When called, an “East indian accent” individual mentioned they had to get into our computer to fix the problem and requested permission to do so. We indicated we will not allow this and terminated the call. The phone is listed among those used for scams.

  15. Zoe says:

    This has happened to me I turned pc off now I can’t log back on. Any advice plz?

  16. Paul Beatt says:

    you can add 1843 577 2056 to the list. The scammer wanted to show me where the problem was by logging onto my computer and pulling up windows 10 by holding down the Crtl, Fn and windows key. I hung up and he immediately called back and told me that I would see that all of my drivers would be blocked if I did not do as I was told. I will not repeat what I told him to do with his suggestion and then hung up.

  17. Alan James says:

    I believe I was scammed today by an outfit calling themselves Assistance Online Support. This was in response to a warning that appeared on my browser saying that there was suspicious pornographic spyware and had a contact support number. The so called error was 0x80072ee7 which they said was from an external intrusion trying to access my personal details. The names they used are: Eric Lundy, Jason Cox, Toby, and Rachael- all with Indian accents. Rachael told me she was in California. Eric asked me for my debit card details which I naively gave him but fortunately my bank alerted me via text that they put a hold on the transaction. Should it be a scam it is well orchestrated as they even send invoices and gave work id numbers. The support number they provided was 0064 800 005 466 or 0800 005 466. The one called Rachael said she did something to my computers IP Address. I note as I read on my Network settings under connectivity (IPv4/IPv6) connected to the internet/Connected to unknown network

  18. Tigerzateal Irizarry says:

    I keep getting the tech support that pops up and say to call the # and I can’t do anything with my computer so I call and the tell me that my computer has been hacked into and they are take my info, could you please check in to this for me because I know this is fake. Thank you very much

  19. Rob Thorn says:

    Please add this number to the scammers list 6467854580

  20. Rob Thorn says:

    I just told this fake to stop calling me, and that I will not give any information The caller then said I don’t need you to give me any information, I can hack into you bank account any time I want.

  21. kerri says:

    please add 1-800-642-7676 to your list

  22. Reinaldo Mas says:

    Today, I googled “Lowes” to find the store website. When I clicked on the results from Google; Ad Lowes it redirected to hxxp://microsoft1115supportnumber[.]com/main/index[.]html with a scam asking to contact 1-844-699-8351.
    A voice recorded and a fake Microsoft page.
    Don’t fall for it.

    1. Reinaldo Mas says:

      Sorry the redirected website is: hxxp://microsoft115supportnumber[.]com/main/index[.]html

      1. rin says:

        Wow , Lowes have stooped to a whole new “low”, (I didn’t look for a pun, its just what I thought) haven’t they? profiting from scams like this. the suburbs around me house about 4. I shop there for the boys. I will check this out and if they are really allowing there site to be manipulated that way then i’ll go to best and less

  23. ina bagchus says:

    Finally an answer to the alerts I received. Understand it better. At one time my browser was blocked I thought my computer had crashed. Windows explained it all. Thank you!

  24. Gary says:

    Please add 844-829-5569 to your Do Not Call numbers.
    Thank you

  25. Linda says:

    1888-255-7636 EXT2027 Keven Jacobs Hmmm sounded like an d Indian accent. Scam

  26. Ronda George says:

    Receiving calls from 231-836-7565 claiming to be microsoft support. That my computer has been sending microsoft reports of problems and if I don’t let them fix my computer it be blocked from using microsoft.

  27. DUMP trump says:

    1-800-615-9085 is not real. ~ Do NOT call number. ~ to turn IT Off.. [1) open windows Task Manager – [2) view the “application” tab – [3) mouse on the browser (ie = Internet explorer) – [4) RIGHT click & mouse to “End Task” – [5) DO IT! …end the motherFawker.

  28. Gary Chambers says:

    Just had laptop lockup with an apparent Microsoft webpage and a superimposed message in black box: “Microsoft System Security Alert. Something went wrong with your Windows…”. There was also a a repeating audio (female American voice) warning to call “our” support. I called the number on the underlying webpages was “1-844-311-9589” to see who would be on the other end. An asian female voice answered “Enigma Technical Support” and I hung up to do research on my wife’s Mac; going to the Microsoft web site. I was called back 3 times quickly by “Enigma’s Tech So” at 1-844-305-6555, but they never left a message. I read the site’s description of the technical support scam and found their number listed above in column 3 line 18. Not knowing anything else to do, I did a hard shutdown and then restarted after a minute. A quick scan with a freshly updated Total Defense Anti-Virus was clean.

  29. Willie E Cummings says:

    I received calls from 877-650-4751, 877-335-4612, 844-821-0482 by people using the name Microsoft

  30. Marcia says:

    I received this pop up today 6-16-171-855-828-0725

  31. John says:

    I clicked on a link about an old murder being solved on the MSN home page yesterday? How does that happen ?

  32. Dan McDonald says:

    Are you having someone from California contact me telling me I need to fix my Microsoft account. I’m Worried that this is a scam to get into my computer. If this is not the case, Please let me know. The number calling me is 513-225-5069.
    Thank you

    1. John M Rigby says:

      My wife’s computer has been blocked by a virus (Zeus) and a box instructing us to call Microsoft. I suspect this is a scam but how do I unlock her computer? Restarting it doesn’t help.

      1. phyllis says:

        I had an incident where my laptop was frozen and a message came up warning that microsoft blocked my computer use, due to a threat. My computer was frozen and I could find NO WAY to turn it off or get rid of the message or even lower the volume! There was a LOUD recorded message with a male voice telling me to call this # immediately 1-888-483-9444. He insisted this co. had a contract with Microsoft to fix these type of issues. He somehow got onto my screen and showed me his co. on line MICROTECH SUPPORT from 1038th Ave. NYC, NEW YORK. He insisted I press the letter R to stop the annoying message and unblock my computer. He then asked me to click on ‘jump to URL’ and type in 17384864 (or 44) where it said ‘support key :’ . He told me he was working with Microsoft and this was completely safe and I must do this to free my computer from threats. As he was working I wrote down things I saw on the screen, like, C/WINDOWS/system32/cmdexe , GotoAssistExpressOpener, download.citixonline.com LogMeIn,Inc. He then told me I had a Zeus Virus Gorgul and told me I had no Microsoft firewall. He told me he could set one up for me. Then he went on Walmart’s website to show me their costs for anti virus ware. Then he tried to quote me prices from his co. That’s when I said Microsoft has a way to tell if the computer has been compromised and if you’re with them, you should be able to run it. At that point he ran the virus check but said it would take 2-3 hours to be complete and was trying to keep me from xing him out and hanging up the phone but I hung up and let the scan continue. He tried sending me a message on his notepad on my screen but I didn’t respond. He also called me three times but caller ID said UNKNOWN. I didn’t pick up. When the scam was completed, there were NO viruses found. I shut down my laptop and havent’t opened it since. I have changed most of my passwords. Since he was able to type and control my screen, has he hacked my computer? He knew my iptrackeronline #. Do I have to have my lap top ‘swept clean’? I am so upset, I don’t know what to do. Does this guy (Indian accent) have access to my computer anytime?

  33. Steven Chambers says:

    My computer has been hijacked by an apparently fake Microsoft support company, S M Tech Solutions. The number being used by the “agent” is 909-939-3661. They are demanding payment in iTunes cards to evade taxes in India. They are threatening lawsuits and extraction of funds if I don’t pay. I have already paid $4400 in iTunes cards and will not pay the $9000 they are trying to extort now. I have closed out one credit card and alerted the other. My cell number is 503-580-0570.

  34. Marzig says:

    I have a number for you to add to the scammer list 459-750-7880 caller id was Invalid Number ; was called today 6/16/2017. I was also called yesterday but I am unsure as to which numbers to give you because we get stupid sales calls from other companies wanting to put solar panels and other junk in…and they have goofy numbers too. This really is too much. I think the uptick in calls might be due to kids getting out of school for summer, good opportunity to get the kids to let them have access to our computers. A public announcement would be cool, not everybody seems to be up on the Scammer tactics. Thanks

  35. ric says:

    yes, crafty they’re
    an 8886356193 just got off saying we’re “Online Service Technologies” based in Los Angeles, CA
    when I repeated his name back to him and explaied that his story sounded odd cause there’s no such business listing he replied
    “well here let me give you our website address,” and then disconnected

  36. Robin says:

    Rcvd call from 202-765-1235, kathy (middle east accent) id# RFS3625. Said she was from MS, they were rcving msgs from my comp under attack. Wanted me to give her permission to control comp. I needed to hurry, may be able to save. I asked her for MS # to verify, gave me HER # & id info. I said ok, please hold. I went online to get MS # & called on cell phone. Told to hang up by what i thought MS official support. Come to find out MS Official Support was an ad, a PARTNER of MS, not MS (microsoft.myphonesupport.com), again middle east accent, i had to ask him 3 times point blank, ‘are you MS or a partner?’ and how much would this cost me? Said i didnt need to worry about that right now. Kept telling me to i needed to do this, that. Kept talking over me. I finally had to yell and told him to answer me, finally admitted partner. I hung up again.
    What i don’t understand is why MS is so hard to find to get info in emergency situations like this. Last time i had an emergency i had right # but could not get an answer and that time comp caught in loop. Finally got out of loop, no clue how. Finally got MS online after several tries. Sorta got ‘oh yes that happens, we will make sure ok. We did check together, but wow, after the fact.
    This time, she was still on the phone line, partner told me to hang up, wasnt really interested in her or info she gave. Thats what kind of clued me in not MS. Really felt let down ny MS both times.

  37. John O'Connell says:

    I had a call from someone who said they were from Windows Help desk and that my computer had shown signs of attempted hacking. They convinced me that they were genuine by giving me a unique number of my PC. I paid £299.00 to a company called www[.]Thaipay[.]com and gave them access to my computer where they deleted so called threats. I have since had call form them saying my computer was still at risk and they want to get into it in a session with me. I wonder if you can tell me if they are genuine and attached to you

    1. rin says:

      I am not from MS, but I can answer you 100% (I’d say 1000 but u cant be more certain than 100%,

      NO NO NO NO NO NO

      they are not genuine and in no way are connected to Microsoft

  38. Ross A. Morgan says:

    Are Techprime (1-800-380-551) an agent of Microsoft. They blocked my computer and said I had various intrusions by scammers which they would remove on behalf of Microsoft. They then sold me Webroot antivirus program. If they are scammers, how do I remove them from Windows 10?

  39. I have been hit by tech scams 3 times

  40. Jack says:

    BIG TIME SCAMMER ***** BETHANY… THEIR TOLL FREE – 1 844 864 9028
    they have tie ups with scammers in India & Asian countries..

    Specialized in scam pop up calls .. Beware of her…

  41. Michael H Frazier Sr says:

    I have a number to add 1-888-389-1410 to contact a Microcsoft System Techician.

  42. YH Geisler says:

    just got hit by version with Error #268D3 and support phone #855 334 1897. The whole thing was suspicious so I looked up # and got your blog – thanks for the info

  43. Caroline says:

    New scammer phone number – 1-855-704-1391

  44. Mike says:

    I recently received a call from 1-800-291-4814, telling me that my Microsoft license is due to
    Expire and I should call back to renew it. I ignored it because I have never had a Microsoft product or license. Therefore, I suspected it to be fishing scam.

  45. Edward Murphy says:

    The Phone Number I was given to contact (I am in the UK) was 0208 0683410 when I received an alert message informing me my computer had been compromised. It informed me to contact the number given immediately and not to try and close down the computer otherwise they would have to delete my account (or something similar). When I tried to close my web page it message kept popping back up and would not let the computer close, so I closed took the battery out to close it. I then re-opened and logged in with no problem and ran Windows Defender full scan and it detected this virus which I then deleted. I then checked it out in Defender and now send my reply to what I experienced.

  46. Melanie Snyder says:

    I got one of these today also. The number I was told to call was 1800-890-8720. He told me I had to pay $199 to get my computer fixed of the virus. I told him I wasn’t paying money to a system that had a virus, he laughed at me. And they also have caller id, cause they called me back when I hung up on them. I am now running a McAfee virus scan.

  47. marie says:

    844-726-5418 Called and scammed my 82 year old mother and now we are having problems cleaning up her computer

  48. Dennis Cozzolino says:

    One of my computers got hit with a MOLE02 file extension ransomware and all my “favorites” were encrypted. I was sent a ransom note etc. Then, another pc I was using just froze up and a voice came on with warnings etc and to call Microsoft. The warning page had Microsoft all over it. The pc wouldn’t work at all and said “Zeus” virus. I called the 877-220-5769 number and they said to call 844-828-7508 to get Windows Live Support and a tech. The company is called Geekz Secure from California. They said there was no need to ever deal with anyone ever again if I need help and to just call them. I sent a nice chunk of change for the “lifetime security” package. They said I didn’t need Avast, McAfee or any of those services and, I think, removed from the computers. Did I get the big wazoo? Please help and shed some light on this. I also let them remotely use the computers to “fix” the problems.

  49. John Browne says:

    Add 844-616-8675

    1. Brendan says:

      Add 01_513_6657

  50. Craig Moffett says:

    Hi, I nearly feel for a “tech support” scam today. A full page screen came up with a warning that I had been infected by a Trojan virus and to contact Microsoft o 080000885062. Unfortunately I did and then (stupid me!) gave them access to my computer. Fortunately when they stated asking for money to install security software I began to get suspicious. Nowhere was Microsoft to be seen now!
    Contact was James Ross on tel 02032 900 622 or TollFree 08081 017 269. Ext was 1005 Email was “support@bxcel.net”

    Hope this may help somone else to be less stupid than I was.

  51. Chris says:

    SO HOW DO I GET RID OF THESE AIR MESSAGES YOUR COMPUTER IS BLOCKED ETC
    WITHOUT GETTING WINDOWS 10

  52. Justin Knodle says:

    APPSOWEBSOLUTIONS INC.
    Given Number: 1-844-461-4625

    Similar to the above. Accidentally wandered onto a misspelling of youtube.com (cannot remember the keystrokes). Internet effectively locked until I followed “Microsoft” suggestions and called for help. Names change, but always preferring simple English names (i.e. John, Tyler, Jordan), same fear tactics used. I ended up paying $399.99, thought it was worrisome but didn’t quite make the connection.

    Then, they called recently, promising a refund. I allowed them to establish remote connection, and while using tools I should have simply used myself, a “third party” took control and attempted to use my credit card info to purchase $300 in Itunes cards, then opened my email to Contacts (to look for new victims, just as likely). I was powerless to stop this, as my control was locked out. The tech then called back and claimed that he had left the computer for that period and was not responsible. I was transferred to a supervisor, who tried to calm me and get me to buy Network Security. He was willing to drop the price, seemingly trying to find the upper limit of what I would pay. I ultimately refused, and they gave me my computer back. If this is actually an honest tech support company, I would be surprised; and their methods are dubious at best. This experience follows the same pattern as the TechBrolo style attack.

    I have since reported all of my credit cards and had them changed, deleted my email account, and attempted to warn any who may have been in my contacts via Facebook. I am posting this in case some study of it may prove useful, and to warn as best I can.

  53. T Smith says:

    received a scam error alert 268D3, critical error , phone this #61 -1800 431 437 . was told to hold windows key &R button . wait for box , type I explore wwwfastsupport. then press ok , enter code no;713606434 press continue.. asked is this a scam , they then hang up … surprise ….

  54. A Green says:

    Scammer from 844 647 8674 on 6/29/2017. PopUp warning was on facebook.

  55. Teddi Rutschman says:

    I contacted support and trusted he would fix a simple mail issue. The dishonest employee then uncheck the box that shows my desktop. At 1:14 PM I then got a call saying there was a problem with my computer and for a fee they would fix it. I believe the trusted (lol) Microsoft employee then gave my information to someone that would then charge me a fee to fix what that dishonest employee had done. I then contacted Apple.

    Here is further information that could be used to investigated the dishonest employee:

    Hi Teddi,
    Thanks for contacting Answer Desk.
    Come back if you need more help. There’s help here too:
    · Microsoft community – To find answers for questions others have asked (yours might be similar), or to ask a new one.
    · Microsoft Support site – For step-by-step instructions and getting started info.
    Have you heard about Microsoft’s newest operating system, Windows 10? Learn more.
    Thanks again for choosing Answer Desk. We’re here when you need us.
    Answer Desk Team
    Please don’t reply to this message. If you need more help, come back to Answer Desk. Your service request is 1390441294 in case you need it.
    Read the Microsoft Answer Desk service agreement.

    I will also be placing this on Bill Gates sites as well as all upper management as well as CEO’s sites.

  56. Travis Hall says:

    I have been receiving calls lately that I have a $200.00 refund due to me because I took out a computer maintance program
    and now the company is going out of business and cannot provide the service. I am told to call 844 438 3387 to request the
    refund. When I call they want me to go on my computer and contact them and then the refund will available. I am leary of this because my computer was hacked a couple months a go when I let a supposed Facebook repair technician into my computer. Is this number an actual Microsoft phone number or is this the start of a scam?

  57. Ernie Siemens says:

    Microsoft Edge is looked up on my computer and can’t be used because the message says that I have a problem and to call phone number 1-866-207-1988 for help and it purports to be from Microsoft. I have shut down and restarted my computer but can’t get rid of it
    and when I check the system says that Defender is up and running as is Microsoft Firewall. So how do I get rid of this? I live in British Columbia, Canada.

  58. Curtis Toovey says:

    Had the online warning come up on my MacBook Pro that contains the Microsoft Suite for Mac. Full screen showing an https/ address for Microsoft, an audible message and an inset window with instructions and a number to call (844) 311-9589. Did a hard kill, restarted and located this site. Thank you for providing such detailed information; I even found the above phone number in your list of known, used contact numbers. This occurred when I was looking for an ankle brace and went to the site: feelgoodproducts.com

  59. Norma says:

    I received an email from Microsoft Office 365 Team with the following information:

    Microsoft account
    Email Will Expire In 48 Hours
    Your Microsoft Email account will expire in 48 hours reactivate by clicking on the reactivation button below.
    Reactivate
    To opt out or change where you receive security notifications, click here.
    Thanks,
    The Microsoft account team
    – This is a mandatory service communication. To set your contact preferences for other communications, click here.
    This message was sent from an unmonitored e-mail address. Please do not reply to this message.
    Privacy | Legal

    – Microsoft Office
    One Microsoft Way
    Redmond, WA
    98052-6399 USA

    I am suspicious of this email. The email address does not follow the ‘regular’ Microsoft office format for email addresses however is close enough to make me question it. I’m also wondering why an email account would expire. Just wanted to bring this to your attention.

  60. Ray Burke says:

    I got a call from a call from “Microsoft support” saying that their server was getting contacting from my “ISP computer” that I was having hacking going on. Their call was from 800-808-0802 and they were licensed from you the main “Microsoft”. They said that the “RUN” cmd then typing netstat which showed ISP 170.0.0.1 listing with my name listed later on the same line. Then I had a listing for my router and network ISPs, which looked normal. I have Norton, Malwarebytes Pro, SuperAntispyware Pro, running and after scanning still had the ISP 170.0.0.1 running, is this a real hacking event? That is what the “Microsoft Support guy was saying, or is it normal?

    1. Ray Burke says:

      Got a cold call from “Windows Mantance Department”, they weren’t from the Microsoft Software Company in Washington. They were saying that my computer was sending out messages to their servers. That hackers were using my computer to get information from my computer for banking, credit cards, etc… He was showing me something on eventvwr that there was INF’s with .PNF files that were bad files. I had to leave so I cut him off, he wanted to call me back tomorrow. I heard that Windows is not that secure, and Windows wants it that way, so they can have control over what we want to look at. I may take the computer into a shop and have it scanned. Lots of the Malware, Anti-Virus, Firewalls don’t lock down everything, Windows won’t let them. WINDOWS let the Malware, Anti-Virus programs lock out the bad guys so they can’t screw with the Operating System. I know that you want to lock out the other Anti-Virus programs and only use programs from the Windows Store in the future, costing us money to use. NO, I want to use the “Windows My Way”, and use the programs of my choosing, lock the Windows back doors. Or Linux Mint maybe a more secure option, if I can use the Windows program on it.
      Later Ray Burke

  61. Becky Morris says:

    Is Safe Click Inc a 3rd-party partner with Microsoft to provide support for my computer (Windows 10). Computer screen popped up on 7/3/17 stating someone was attempting to hack my computer. Computer frozen. Everything looked legitimate but cannot imagine Microsoft needing 3-party partner to monitor/support computers.

  62. Debra Waters says:

    I fell for a pop up scam saying to call 844-666-3517 and paid thru echeck 599.99, I have put a stop on that once I realized it was a scam. My question is this: They put a lot of security type Icons on my deskstop. Should I remove them? They saw my list of passwords and an old deactivated credit card. Should I change all those passwords? My husband has a paypal acct.. Should he change that password?

  63. Graham Urquhart says:

    Last night I was contacted on my landline phone by a well spoken Indian accented man purporting to be from Window’s Technical Head Office in New York (I’m in New Zealand) warning me that Windows was watching my PC activity and noticed the decline in functionality and requested that I open my computer right there and then and he would talk me thru a fix. I just kept asking him questions about why he wanted access to my computer if he already had all the information in front of him etc. He hung up mid sentence as I ranted at his fake and unconvincing pitch.

  64. Tammy Huggett says:

    I went on crome and wanted to go to log into face book, when it switched me to go to facebook, this link poped up with I did something wrong to microsoft and I needed to contact them so they could fix the problem. I went and got my husband and showed him. I thought it was fake so he called the # and the person talked to him a bit. He know it was fake by the way the people were talking. He tried to look at the https.. area but it was covered by the message. The number it wanted you to call was 1-866-217-9773. Thank you

  65. Arlene Drabek says:

    I had big red warning screen that kept repeating my computer would be locked down. My Tech Advise came on and spent 30 min with me ensuring me to buy $199 Of Symantec security as the Norton on my computer was for Windows 8 and did not cover Windows 10 and I was totally infected. They had control of computer for 90 min and put on security system for $199.. said for 3 yrs security but on screen says for 365 days. The number was 1 844 792 4242 . Addy did the job. Had 3 female working on it too. Calling back tomorrow after I use my computer thoroughly at 3 PM.. I think it is scam. They told me Geek squad who put on my Norton has so many complaints…on and on we to. Was told Dell put on Norton for windows 8 and I needed windows 10. Now who is IT person I can trust? think I will stop payment on credit card.

  66. Paul Wills says:

    I was told to contact 1-888-589-7758.

  67. Kathy says:

    Another number to add to the list: 1-844-284-7333.

  68. V Matthes says:

    I keep getting a message in a “Microsoft”window that I need to review and update my security settings for Windows 10. I do not believe this. Is it a scam? Also a pop-up that a JAVA update is available. I do not trust these as I have already been hacked once.

  69. Grace Ogden says:

    toll free=1844-688-4955

    customer id= GTH12877

    microsoft certified network solution expert

    name of company= xpert technologies
    buffalo,ny,14221.
    headquaters=usa,uk,china,mexico,canada.
    international billing merchant

    $149usd = one time fixation.

    Bank Order No=779419250
    Payment Amount=USD149.00

    I fell for this once and they have done this 2 more times, once on July 4 and again today. I almost fell for it again on the 4th and today since I could not exit from the popups they put up I shut down the computer and then restarted. Phone numbers are +1(300)1 which came up on caller ID as United States, 1(888)765-2397, 1(888)765-2391 and 1(888)731-9159.

  70. Attiq says:

    Just received an email threatening to close my account unless I contact them. I know it’s a scam and would like to report it to stop it spreading.

  71. T.Anne says:

    we got computers, but cannot get into a lot of sites,
    and a lot of times it will say *** ‘ FAMILY SAFTEY ” *** ( who the heck is THAT!)monitoring my account!
    I am an adult with grown children, HOWEVER… I did get the computer, given to us, as I also have grand children, …
    CAN you please help and let us know what we are to do ,so we CAN go on the websites, that weare having a time to access, I sometimes laugh, at this, as MOST of what im trying to do is,read articles, .
    signed HELP!!! PLEASE!!!

  72. Deborah Abeles says:

    I was just phoned by someone stating they were from Windows Tech Support. The customer care phone number they gave is 866-282-3193. He said his tech id number was MS73025, name Max Watson. How can I be sure this is a scam? (I refused to do anything he requested.)

  73. Vic Oburg says:

    Microsoft: I have received 2 phone calls, today and yesterday, under the name “Microsoft” 1-800-642-7676, where I suspect a scam. I told them to take my number off their list and don’t call me again, and hung-up My request was surely a waste, as they did call again the next day. I called back and they answered “Microsoft”, which I don’t believe and I hung up. If this is a scam as I suspect, it would be nice if Microsoft could file charges and put them out of business with big fines.

  74. Vera McCallum says:

    is 1-855-357-4747 a real microsoft help desk or is it a scam that is trying to control my computer?

  75. Sylvia Farmer says:

    I have been scammed. What do I do. I was scammed by 1-877-408-7275

  76. fight Ransom says:

    1-844-284-7333, 844-522-5968, 844-305-6555 are extremely malicious scammers who are spreading Ransom viruses and encrypting files with vicious extension Zepto and disabling your computer.

  77. Chicago Bob says:

    Just adding another number to the mix here… 1-644-249-4291 – Some guy named “John” with a thick Indian accent… wanted to gain access to my machine but wouldn’t tell me what commands he wanted to run. It was a fun call for about 2 minutes – but they are very frustrating when you ask them questions.

  78. Pat Gariety says:

    7-23-2017 got one on my Apple Macbook Pro. Says to call 844-454-7212.

  79. Aq says:

    You can add
    18557863898
    And
    18885167415
    To the list scammed me out of 200$ for security

  80. Linda Bahr says:

    This number popped up. 1.833.543.8898. A voice message said this is Microsoft and we have detected a virus on your device if you close this page before calling the number we will be forced to stop your Microsoft account and shut down your device from further use. I called the number and asked if it was Microsoft and the women said we are not but we are tech support and I hung up.

    1. Brenda Bryant says:

      I got the same message tonight that if I did not call the number shown, my computer would be shut down because the virus it was infected with was infecting the network. I called the number and asked if she was with Microsoft and she said it was a Microsoft partner called virus erase. I followed the instructions she gave me until I realized it was giving her access to my computer and I disconnected her. I will definitely take my computer to a trusted IT person tomorrow to have it checked.

  81. Lynn Ferguson says:

    Received the following voice mail. Did NOT call them back!

    Voicemail from (844) 293-7063
    “Three this is an emergency call from Windows Microsoft your Windows license key has been expired all services are suspended on your computer to renew call our toll free number 1-844-293-7063.”

  82. David Jones says:

    We have been calls from 952-440-2443 saying they are from Microsoft and want to upgrade the programs on my computer. this sounds bogus to my wife and me. Is this a scam

  83. Connie Andrews says:

    I think I may have been a victim. Windows popped up with one of those messages and I couldn’t get rid of it or close my comp. So I called 1-800-627-1616. I see similar stories below.. I was connected to VK Technologies and a man named Luke Cage/Jim. He sounded legitimate and being a senior citizen I was nervous. To make a long story short I authorized a payment of 249.99 for 1 yrs service. I was sent paperwork but this was done 7-31-17 but check hasn’t cleared my bank. I was afraid to stop payment for fear they’d disable mycomputer. Help I have several numbers and the pay partner is Trade National and their number is 1-888-582-0039 and 1-800-844-3517. I was given a customer id number of 0S13623.

  84. Cathal O Neill says:

    Watch out for ph number 44-8081644512.software support scamers..took me for 300bucks..claim to be V Tech support for microsoft..had to dump my laptop and change my credit card..very slick..tried to get me again today

  85. N . Robbins says:

    just had a call from 1-323-545-6855 which I assume was bogus.

  86. Colette Thompson says:

    Received message that pc had RDN/TrojanWorm!0055BBC3810643 infection call Microsoft tech support to fix at 877-639-2235. Called but hung up when foreigner answered. Checked box to get out of recurring loop. Have mcafee antivirus and it says pc is secure. Is there more to protect pc that needs to be done?

  87. Jeannie Mallory says:

    Same thing, notice popped up on my laptop with this #855 649 8772. Guy was from India, I could hardly understand him. He wanted me to buy Windows Defender for $199 or my laptop would stop working. I laughed and told him I would take it back where I purchased it and have their techs take a look at it. He wasn’t happy with that at all…lol

  88. Bill says:

    Please add 888-694-2261. I actually, not sure why I did, called and allowed access to my computer and “Gevin” ( Eastern Indian accent) walked me through the issues of everything being turned off. When he started pitching Tech service and extra encryption and asking for money is when it didn’t feel right. I told him “No” and he got upset, he said “I was wasting my time and his time”. He hung up and I restarted my computer to scan for a virus. I hope this didn’t give him the chance to gather my information. Scanned with web-root no virus found and currently scanning with Window defender.
    Will and IP change be detected? Can a Tech at Best buy fix this issue of being hijacked?

  89. Amy says:

    I don’t answer calls from any phone lines which i don’t recognize if they talk in difference accent ill tell them my devices are ok then hang up on them .

  90. mark says:

    is the phone number 1-877-535-8366 an authentic service # for malware intrusion? I got a red screen warning that if I didn’t call the number my personal banking and password information would be compromised and damage to my computer might occur and I would be locked out. I called the number but was suspicious from the start. the operator didn’t say where I was calling or who she was. I asked her and it was a security company who wanted remote access to my computer. I hung up before getting additional information.

  91. Tom Dowd says:

    I received a robo call saying we had a security breach and to call 855-658-3883 so they could access my computer to correct this problem. August 10, 2017

  92. Jay Witmoyer says:

    Today I was searching the web for a recipe and suddenly my computer locked up and a female voice repeated the message that appeared on my screen. She said my IP address had been used without my consent to access sites know to conduct fraudulent activity and that my computer was blocked to protect me. It gave me (844)656-1695 to call. The message continued to tell me not to turn of the computer or I would lose data and release personal information including credit card info. I called the number and a male with a foreign accent told me I had to access a secure server to correct the problem and wanted my sign on info and password. I refused and he said that he couldn’t help me. I hung up. He called back 3 times trying to intimadate me into giving hime the info. I finally turned of the phone. I had to remove the battery from the PC to shut down. I rebooted ran virus software and all looks ok.

  93. Celia Morgan says:

    I have filled out two reports and the original number I contacted was (888)660-1755 (didn’t find on list). The second number given to me by the tech scammers is on the list, (855)633-5666.

  94. Renee says:

    Is geeklive247 one of the scammers or are they contracted by Microsoft?

  95. Sandy says:

    I was downloading music today and there was a warning that there were trojans infecting my computer and to call 1-855-489-8111. I shut down my computer and restarted it then ran my Webroot Security and it was fine. I called the number out of curiosity and they told me to go to microsoft.site and gave me a key number. I said my internet was down and I could not do it and he started yelling that internet’s don’t go down and I was lying (How Rude!). The site did look official. I can see how people get scammed.

  96. Pam Whitlock says:

    So I feel for one of these. Just wanted to report an experience from yesterday afternoon. I was on HP help page (having problems with my printer) The Chat option came up, then a live talk option. I took the live talk option. Little did I know, I was not talking to HP, rather a man from Jinigram Support. He spent about 3 hours, including a hard sell for security software…he said I had none. Thought maybe I had neglected to have it installed when I purchased the new laptop. Then, while I was watching him install the new security software, I watched as he deleted McAfee. I had assumed the company was contracted by HP as support. Evidently, I was wrong. So today, of course, there was again no connection. Found a new HP help page and within 5 minutes had the communication restored. He even had his “supervisor” call me to verify eveything was fine and sent me a “summary” of what they had done. Beware, they go by English names, but when the chat comes up, it’s a different one. Learned my lesson. Number associated with this group are 800-669 9307. Bob and Jack are not who they claim.

  97. April Hopkins says:

    A voice message claiming to be Microsoft support emanated from my Lenovo with Windows 10 yesterday. Telling me my computer was in danger and to call them and to not turn off my machine. Apps and programs stopped responding, including my WD backup and the Windows Shutdown. I turned the machine off manually and now it won’t start properly. First there is a text message that an Automatic Repair was running, but that disappeared and the screen went blank. Microsoft updates had downloaded at the start of my session, Windows Defender is installed. The day before, I downloaded and ran a Canon printer patch. Where do I take get help?

  98. John S says:

    I’ve seen some of this fake support warnings. Lot of users don’t seem to understand how to get out of that screen. Many times task manager or even a forced shut down is the only options.

    1. April Hopkins says:

      I did a manual shut down and now the computer won’t boot. MS support downloaded a bootable program onto a second laptop and then a flash drive. However my computer wasn’t able to read the bootable program.

  99. joellen Simmons says:

    Got a blocking security message that said I had a virus error 33578 called zeus virus and to call 1-877 224-2480 but managed to finally get hold of tech support. My case number 1395223403 named Frank who told me the window is a scam. It had the official windows website on the screen and I could not get out of it without closing down. It was quite scary. AM glad I did not cal the support number on the scam page.

  100. David says:

    Red screen with a warning message of a Trojan trying to access my computer, told me to call Microsoft AT 1-866-809-9055.

  101. R & D SERVICES says:

    BEWARE 801-515-0803 CLAIMS TO BE MICROSOFT AS WELL AS 202-9856-9402

  102. Brian Schill says:

    I got a Fake Call popup telling me to call 1-855-264-1673. I did not find it on the above list. It would be more helpful if the numbers were grouped by exchange then the following groups of digits. I am fairly confident it was a scam because I see MS never puts phone #s on its notices/warnings. Also their threats did not come true. I would like to confirm this, and also chat with someone about preventive measures such as Windows Defender and MS Edge, and whether McAfee can run on the same computer as Defender. Thank you.

  103. Kevin Mooney says:

    I called the following no. 844-568-2495 after my screen froze and was advised that my computer was infected with a virus. No. was for MTE Solutions (third party support provider for Microsoft). Cleaned up 2 computers (running better than ever). MTE website 800 # matches one I called. Traded calls back and forth for about three hours. Is this legit? No propblems with computers since this happened.

  104. Yun Joo Kim says:

    I scheduled on for fake Mcrosoft their phone number is 1-877-221-2910
    The Microsoft warning sign comes in suddenly and they warning if I turn off the computer, I couldn’t use it again and meme a phone call to service. They talk to me first, it look free but suddenly they changed the word, to buying a protection plan.

    1. Yun Joo Kim says:

      Scheduled–scammed *

  105. christine says:

    Received pop up that my McFee wasn’t operating properly…contacted number provided…they took over my computer wanted money for installation of McFee…I told them I would think about it, I hung up…then they called back 15 minutes later and said I was punked. Be ware of foreign speaking techs with English names…scammmmmmmmmmmm!!!!

  106. C R says:

    Yesterday I received a Message in my Apple Mac book Air; it said my computer had been infected with a malware attachment and to call to “Tech support” at 1(855) 321-5690 and let them know my computer had an error labeled HT201155, which I did because my computer was giving me a voice message and I could not stop it. The person at Tech support seemed very professional y knowledgeable and had a prompt tech answer to every question, i was about to fall for it and buy the “lifetime transferable protection” for my computer and protect my info. for $400, but they wanted me to pay withPay Pal or Apple iTune cards, so i decided to tell them no and I closed all the windows they opened up in my Mac (which by now didn’t have the voice message) and turn off my Mac for the night. this morning my computer seems to be doing just fine but Im taking it to Apple to get it checked out and get arid of any spy website. Hope this information helps

Skip to main content