Microsoft Tech Support Scams are Alive and Well
The Microsoft tech support scams are on the loose again. In the past week we had five emails from people who were tricked into calling a fake Microsoft number. The fact is that these “Your computer is infected – call this number” popups are simply advertisements superbly disguised (if I can use that phrase with straight face) to look as if they are coming from you PC, means that no security software or popup blockers are going to stop them. And the only security software that can stop you from being tricked into calling the “Microsoft tech support” (or other tech support) number, is…
The software between your ears. Yep. Your common sense. All you need is a little knowledge and your good common sense and you’ll be fine. The worst thing you can do – and the scammers who create this garbage count on you doing – is panic. When you panic, your common sense disappears and the scammer wins.
The Microsoft Tech Support Scam and its variants seem ebb and flow like the tide. Right now it’s high tide. And the scammers are hitting the internet hard with the fake “your computer is infected with **you name the non existent virus/Trojan** or the **your computer has been compromised and your personal information is at risk** popup (ads) that appear, seemingly out of nowhere, when browsing the web.
The one that seems to trick the most people is the one we call the Microsoft Tech Support Popup Scam.
Most all of these fake “Your computer is infected” or “Your computer is compromised” or other dire warnings that pop up out of nowhere, are almost popups ads. They’re not viruses, or Trojans or malware. They’re ads that try to trick you into into calling a phone number for support. They’re scams.
And regardless how many times the scam popups mention Microsoft or show the Microsoft logo, or how many times the ads refer to “Certified Microsoft Technicians” there’s a 100% absolute certainty that they’re scams. Absolutely. Positively. Without a doubt. If you see popup or dialog telling you that terrible things have been detected on your PC and to get rid of them you must call a number. IT IS A SCAM!
We have warned our readers about scams many times, but here we are… we are once again seeing more and more people falling prey to these criminals… and many times they’re being tricked because they see the Microsoft logo or Certified Microsoft Technicians on the fake warning. That convinces them the warning is legitimate and they let down their guard and call the phone number and then allow the crooks access to their PC.
Please remember this!
Microsoft is never going show you a popup warning you that your computer is infected or compromised. Microsoft is never going to show you a popup with a telephone number and urge you to call Microsoft Support to fix or clean your PC. Never. Not today. Not tomorrow. Not ever. NOT EVER! NEVER NEVER NEVER!
For this post, we’ve collected a few of these fake warning popups, and we posted tehm them at the bottom of this article. Keep in mind, these are just a very few of the many variations of scam popups out there… there are hundreds of them. Some have different wording, slightly different colors, some look more realistic than others, but they all have the same mission: To get you to call a number so they “fix” the non-existent virus infections, computer problems or errors.
People who do call will be told that the “technician” needs to connect to their PC so they can run special scans. The scans, of course, are fake and always turn up dozens, sometimes hundreds of infections, errors and problems. Not to worry, they’ll tell the victim… they all can be fixed… for a price. We have heard from people who have been bilked out of hundreds of dollars. One person who wrote us recently, lost $1000 on this kind of scam.
There’s a newer version of the support scam or Microsoft Tech Support Popup Scam, where the victim calls a phone number and the technician runs the fake scan or scans, then tells them what’s wrong (all fake) then tells them they need to buy a couple hundred dollars worth software programs to clean, fix and protect their computer and their privacy. Of course, they’ll want your credit card number – would you actually give your credit card number to a criminal? No, of course not. But because people think they’re dealing with Microsoft, they do give out their credit card numbers and lose hundreds of dollars to scammers.
Please do not fall for these kinds of scams. When you see one of these fake popup alerts or warnings, close all your browser windows. If you should see a warning that your hard drive will be wiped if you close your browser, it’s not true. I you can’t close your browser window(s) the usual way, open Task Manager by pressing the CTRL+SHIFT+ESC keys. In Task Manager, click on the “Processes” tab at the top. In the list of processes, right-click on each instance of your browser you see running and choose “end task”. Note: Google Chrome usually shows a process for every tab open and every Chrome extension running. You’ll need close as many of these as necessary until you see the browser window with the scam in it close. If you can’t still can’t get the windows closed, shut down your computer and restart it.
We want you to be safe. Don’t be tricked by these sophisticated thieves and con artists. Remember what you read here and remember what you saw here. Be wary – not paranoid. Don’t panic. Think. And remember:
Microsoft is never going show you a popup warning you that your computer is infected or compromised. Microsoft is never going to show you a popup with a telephone number and urge you to call Microsoft Support to fix or clean your PC. Never. Not today. Not tomorrow. Not ever.
As promised, here are some screen shots of scam popups. Remember: These are but a few of the hundreds of different scams out there – but most tech support scams use the same basic techniques to get you to all a phone number for help. All the references to Microsoft are just to lure you into to trusting the scammer. Microsoft has nothing to do with any of these scams.
SOME SAMPLES OF WHAT THESE KINDS OF SCAMS LOOK LIKE:
Above: One of the more common tech support scams. Note the dire warnings that your bank account and credit card details are at risk. In this case, they’re not lying. They are very at risk if you fall for this scam. As you can see they add your IP address and the date to make it look official. This scam has been making the rounds for at least two years.
Above… don’t let all the Microsoft logos and “Microsoft Certified Live Technicians” trick you. This is all a fake and it’s not even coming from your computer. Notice at the top of warning it says “Message from webpage”. A dead giveaway that this scam did not come from your PC, but from the Web Plus, if you’re not using Microsoft Security Essentials you should immediately recognize this as a scam.
The scam up closed. Notice “Message from webpage”. That tells you that this popup did not come from your PC, but it’s just a popup ad from web page. Notice they don’t use “Microsoft technicians”, but “Microsoft Certified Live Technicians”. What else would they say, dead technicians? They’re not technicians at all – they’re thieves and miscreants and criminals out to get your money.
Another “Microsoft” alert. It’s not from Micrsoft, it’s not from your PC. It’s just a web page popup ad. Again we have the “Microsoft Certified Live Technicians” back for an encore. It’s just another scam.
Are you getting the idea that there are an endless number of scams out there trying to trick you and steal your money? Don’t let them fool you.
Above: A very real-looking scam pop-up, with the Microsoft logo at the top and Microsoft referenced near the body. Showing your IP address may scare some people, but your IP address is visible to every web site you visit. Want to see? Just go to http://thundercloud.net/start/useragent.htm . Your IP is part of the details your browser always shows automatically. Clicking the “Back to safety” button above, leads to another scam, and calling the number posted would lead you right to the nest of criminals. This is just another scram.
Just another scam with a bit of drama. It’s going to delete your hard drive contents if you close this page. However, if you close the page, the only think that will happen is you’ll be getting away from these miscreants. Notice that this one tells you to call “Microsoft Support Now!” and gives you a toll-free number. But, trust us, if you do call that number, you won’t be talking to Microsoft or even a technician, but you will be talking one and one with a real, live scammer.
See the close up below. See, they’re going to delete your hard drive’s contents if you close this page. However, that will not happen. They’ll just lose a potential victim.
The one below is very common. This warning tells you you’ve got a rootkit Trojan! With the scary name of ROOTKIT_TROJAN_HIJACK.EXE . Wow! They have all the key words that would send shivers down the spine of most users, but not you! You know better, right? And notice the Microsoft references. This one has making the rounds for a long time. The name of the Trojan changes, but not the scam is the same.
One more. This one makes it looks like you computer was scanned and lots of malware and bad stuff is lurking on your PC and you better call and get it off or your PC will explode and your privacy up in cloud of smoke (no pun intended). Notice the Microsoft logo at the bottom and the Microsoft Security Essentials logo at the top. Now, if you’re not using Microsoft Security Essentials, why would you ever be fooled by this. And if you are using Microsoft Security Essentials, you should recognize this as a scam, if or no other reason that the theatrical way they try to get you to call “Tech Support”.
There are hundreds of these kinds of scams out there just waiting to trick you. They may all look slightly different, but they all have the same goal… to get you to scare you and make you believe that your computer is compromised or infected – and scare you into calling a number to get your PC fixed. These are scams no matter how many Microsoft logos you see or how many times they use “Microsoft Certified Technicians”. They want you to call so the can run fake scans, that show you how badly your computer is infected or compromised, and tell you that even though your PC is very badly infected or compromised, don’t you worry – they can fix you right up for a price. DON’T! Do not call these criminals. Do not give your credit card information to them.
If you fallen for a scam like this, call your credit or debit card company and tell them you’ve been scammed. Don’t be embarrassed to admit it. Millions and millions of people are tricked by scams like these every year.
Our mission is to help keep you safe. We hope this helps you recognize a scam if you ever seen one. And don’t forget that the fake Microsoft phone scams are also alive and well… see this related article.
I just one of these 3 days ago. I knew right away it wasn’t for real. I tried to delete it by going to the start button and shutting off the computer. It wouldn’t let me so I just shut off at the tower and then rebooted.
Thanks for the warnings – most of these have been around for some time and I, like you, have been warning my friends about them. There is another one out there that you did not mention that actually had me going for quite some time and that is the purchased Microsoft product download. I had not purchased a Microsoft product for a while so I was not aware of the procedure. Apparently you buy the program (I got it at Best Buy) and then are given a card with your activation number on it. You then go to the site shown on the card , download the program, then activate it with the number on your card. I thought I had followed the instructions carefully since I am extremely cautious regarding this type of thing. Apparently not, when I got to the site and entered my card number I got a big warning notification that there was an error or problem with either the card or my computer and I would have to call the number for technical help to install my new program from Microsoft. Since I had just spent a lot of money for that card with a credit card given to me by my boss, I didn’t want to mess this up. I called the number and spent about 45 minutes with these foreign sounding guys who – well you know what they do. I got so frustrated with them at the end I finally asked “are with Microsoft” to which they finally replied they were not. I had let them on to the computer (which was new). I just hung up, went much more carefully to the site listed on the card, easily installed the program and spent the rest of the afternoon cleaning up that new computer in order to get rid of all the crap they had installed. They kept trying to tell me I could not install the program because the computer was infected, etc. – but it was new so I knew there was a problem. They wanted a great deal of money to fix some obscure problem which did not exist.
So this is yet a different type of scam that you might want to mention. I was totally embarrassed by this incident as I do know better but they almost got me anyway. The way they get you on that one is the statement right on the first screen that says, your new program has been validated and if you click out, you will need to purchase another program. Well this was not my money so I called – big mistake!!!! I had not seen that one before and I thought I had seen everything….
I’ve now gotten several phone calls with a variant of that scam: they say they’re from Microsoft REFUND. I let the answering machine take it–and just laugh when they give their spiel.
I get a call from these people on a regular basis, so I have put together a list of replies to entertain them. When they say that my Windows computer is causing errors, or whatever, I reply with, “My house has 40 windows, can you clean them?” They are really dirty! Or I will say, “That’s really interesting because I have a Mac!” One time I said, “I have your location, I’m sending the police!” It was a whole year before I got another call!!!
I got the following pop-up a couple times: Microsoft Support. Urgent Microsoft Windows Update….Download now….Microsoft Intel. Microsoft 2018….size 1.83kb. From: d5qxpth24y5tv.cloudfront.net. What do you want to do with Microsoft-patch.hta? Open, Save, or Save as.
I assumed this was Spam, so deleted it. Hope I did the right thing.
Microsoft does not have or send any popups with Urgent, Download now. And if you look at this message closer, it’s not from Microsoft at all but from a domain called CLOUDFRONT.NET. And it’s an HTA file which is a script (Visual Basic or JavaScript). Windows distributes Windows updates via Windows Update in a closed system (i.e. does not issue browser-based popups – updates do not depend on a browser to download them). So anything you see while browsing the web that urges you to indicates your Windows OS is infected, or that you need an urgent download or fix is a scam… and not from Microsoft. HTA files are known as the method that most drive-by downloads use to infect computers. You can read more about .HTA attacks here .
You message was not only spam but it was blatant attempt to infect your computer – you did the right thing.
I am getting several scams these days too …..mine are either from Banks or, believe it or not, from Pay-Pal.
Almost got sucked in with the Pay-Pal ones as I do use them from time to time, however, at the moment I do not have an outstanding balance with them so knew it was a fake. Got one yesterday from a local Heating/Air Conditioner Company that we have dealt with for years, saying our account had not yet been paid in full. I knew of course it was fake as here again we have nothing outstanding at the moment, so I phoned them to be on the lookout.
Will they never quit? It’s so annoying & frustrating trying to decide if they really are real or fake….
Please also warn people about phone calls that claim they are supposedly calling from Microsoft with a recording that my Windows 10 is infected and if I do not call they will shut my computer down. Then they leave a number I need to call. I always let the calls go to my answering machine. They are so smart that the phone number (area code) from them is always different. The other night it showed the call came from Root Technology. The one time I did answer the phone and they told me that my computer was infected I told them that was interesting as I did not have a computer. That shut them up.
We have done so many times… for instance read “Microsoft Ain’t Gonna Call You“. I will reference that in the article about online scams too. Thanks!
What I have come across recently (July 2018) is a new phone scam, nothing to do with Microsoft but to do with your own ISP regardless of who they are. I live in Scotland and I answered the phone one day to hear an automated message telling me that this was my ISP calling me to tell me that they would be shutting my internet service down because my account had been hacked from various countries and if I wanted to prevent this I should call a specific number. That is when I put the phone down and started laughing.
Firstly your ISP will never send you an automated message about something so serious as this. If this was real they would be talking to you in person. Secondly your real ISP service provider will be a real person on the other end of the phone and will introduce themselves in person and tell who who they are calling from, i.e. naming your particular ISP, not simply saying ‘We are your Internet Service Provider. If you get a call like this do not panic, it is simply a scam. The best think to do is hang up on them and forget about it.
As usual, as the above article mentions, they expect people to panic when they hear something like this and immediately call the number given. Don’t do it. Ignore it. I am still here and online to prove that it is a scam and nothing bad happens when you do ignore it. I immediately went onto FB and shared it because the more people who know about these scams the less people get hit with them.
No-one is immune to scams and it is up to all us to be careful about what we do online, but I do believe that the more information we share online about scams through sites like this or through social media can go a long way to stopping these scams in their tracks.
The more we share about scams that we have found then the more people who will not be fooled. By all means ignore the scam but post that scam on every social media platform that you are a member of and sites like this so that as many people as possible get to know about it. That is the only way sadly that we have to combat scams.