A “Calling From Windows Support” Scam

CautionI recently received a call from a really helpful person. I was told my PC had some very serious errors. I had already heard of scammers trying to take advantage of unsuspecting non-technical users… so I played along to see how far the scammer would go.

This is the story of my adventure in the “Calling from Windows Support” Scam.

If you frequently read my blog, you already know me as a technical guy with a passion for mobile devices who loves spreading knowledge about all kinds of gadgets. So, as it turns out, I was spending a quiet evening at home, I was reading a book on my Kindle tablet while my younger son was watching TV, my older son was finishing some homework downstairs with my wife. When a scammer contacted me and tried to pull the rug under my feet.

ScamThe phone rings. Caller ID says “John Kendall”; he was calling me from a number in the 347 calling area. Unfortunately, this area code is located in one of the most populated areas in the Eastern US: New York City; covering the Bronx, Brooklyn, Queens and Staten Island.

Of course, I know nobody named John Kendall and the person who called me did not say that their name was in fact John Kendall. Instead, the only name I heard was David. This David, a guy who I imagine by the tone and heavy accent of his voice as a skinny Pakistani or Indian man, sounded as a person who would have some difficulty with the language but would be able to make himself understood.

I am sorry I cannot tell the difference between accents from India and Pakistan. I wish I could, it might have helped me shed some light as to what the source of this call was and potentially uncover some more facts. I could hear a call center in the background, maybe other “Davids” calling other unsuspecting Windows users?

Throughout this call, a few hints were apparent to me. I believe that anyone who is distrustful enough could pick up on these hints and get as far as I did. This is by no means a great discovery. Anyone like myself, especially if you can’t help but having your scientific skepticism active at all times can get as far (if not farther) than I got myself. Small tells here and there were left for the taking… now I was on a mission to both help everyone who might fall prey to this scam or potentially the authorities if they wanted to pursue this matter.

David said “I am calling from Windows Support”, we are getting some errors from your PC. “Oh, really?” I asked. My computer was turned off it couldn’t be sending out any signal out even more, I know there is no such team at Microsoft who calls out users to help them fix their errors… In real life, this all works in the other direction. When users have problems, they call for support. If Microsoft needs to fix some problem on people’s PC, what they do is build a patch and send it out through Windows Update, the most efficient way to distribute a fix to the most people at once. I thought for a second how to respond without giving away who they were talking with, “Can you tell what those errors are about?”. He replied in a very assertive tone: “Yes sir, can we confirm with your computer? Can you look into your PC?”. Here I thought, he is either reading a script and something will eventually show or he is really trying to control the direction of this conversation. In any case, the challenge was set and I felt very tempted to continue with the game.

I mentioned to David that the computer was turned off and that I didn’t understand how he got the information that my computer was in trouble. He said, “don’t worry sir, it’s all too complicated. Windows does this automatically when you agree to send errors to our offices”.

Oh man! I thought; how can he say this with a straight face? The errors are anonymously sent out to Microsoft! How could he even think this is believable for one second! Never mind, I thought… if he is saying it, it must have worked for him in his last call. Besides, most people are non-technical and may have missed that one bit of information.

While I had just realized that this was absolutely impossible I also thought about the fact that I had not had a Windows error in the last few months. Even more, I already knew why the error had happened when it did happen. It was all related to a bad driver that should have never been there in the first place by the manufacturer. Windows never sends out information unannounced, it first prompts the user; in which case, I am the only user of my PC and I would have known. Then the system asks if the user is willing to send out the error to Microsoft for analysis; in which case, it clarifies that no personal information will be sent out… much less phone and contact information.

David urged me to boot up my PC and check for those errors. He wanted to help me get rid of those pesky system errors in my computer. I wandered, how can he show me those errors? I played along to try to find out as much as I could and gather as much information possible: I took notes, wrote down phone numbers, looked up details online while I was acting as a non-technically savvy user.

He first asked me to go into My Computer, right click and see properties. I have the latest and greatest to date. My PC does not have that option but I remember what it leads to: a quick description of the system, the version and type of PC that is running and what is more important the version of Windows that is installed.

I would like to make a side-note here and say that today 1.5 billion users are actively using any version of Windows. Of those users; about 400 million use Windows XP. That particular version has been in the market for more than 12 years and will soon be no longer supported by Microsoft. This means that there will be no more Windows Updates, security patches or bug fixes for this Windows XP. This is the normal software life cycle, all software is eventually passed by newer and better technologies and unfortunately needs to be replaced. Any future issue detected in Windows XP, will not be fixed, protected or plugged and thus, users will be on their own regardless of what other pundits may say. Since 2001, Microsoft has continued to develop newer versions and technologies and you would benefit from moving on to newer/better operating systems. If a scammer would get a hint that you are using Windows XP, he could use that against you by making you think that they will help you get those problems fixed for you during a call.

Back to my call, I was asked to go into the Control Panel, then select one of the system tools to see into the events that occur behind the scenes in Windows. When he asked me to do this I realized what he was after… this was a really smart guy or he was using a cleverly designed script. He wanted to make me go into the Event Viewer in Windows and take me to the one place where there always are warnings and eventually some conflicts that are listed as errors. To a non-technical user, this may look as a problem. To the trained eye, this is just everyday Windows usage, where conflicts may happen if a device is connected but the drivers don’t exist in the system yet (even though they will be installed shortly). The severity of the error is also listed there, but to a user who is looking at the error icon, they all look pretty much the same. Some error-events listed in the event viewer are legitimately and absolutely significant to troubleshooting a problem, David would be guaranteed to find any error listed in there and make a big fuss about that particular error to gain credibility with the unsuspecting user. In fact he did a big fuss asking me to click on the line where the error was listed and to press the delete key. Past events are not deleted this way, but the argument he used was that this error was serious enough not to be allowed to be deleted!

SocialEngineeringScamAnd so I would need his help.

After he “helped me find the errors”, he asked me to connect into a website to be able to scan and correct all issues with my computer. The website was not Microsoft.com or any of the other Microsoft websites I normally use for programing, design, guidance, standards and fixes for issues that we normally use at work.

The website I was sent to seemed to be a legitimate company that provides support. A third party not associated with Microsoft who had all the right information but none of the credibility. They did have some legitimate phone numbers. They even sported a 1 (877) toll free number. It all seemed legitimate, but the moment my browser finished loading the website, I saw an alert from my security tools that there was a malware software attempting to load automatically into my PC. I have the proper protection on my PC but no one is free from infection from these malware pieces. All it takes is a virus or malware that has not been detected yet and no one has written the prevention code for it. I was lucky enough that the protection I have on my PC is always updated. This is no guarantee of 100% protection but it is the best thing one can do. In my case, the infection never happened and I received the proper warnings. I did not want to get my PC infected, so how could I continue with this game? Play the victim part.

“I don’t know what happened! The website won’t load. Something may be wrong with my PC” I said. Then I added “But of course, you already know this!”. So after I reported to David that the PC was not letting me view any results, he then attempted to take me to a legitimate website that offers a tool for remote access. I was not going to let him take control of my PC and see that I was onto him, but I was leading him to believe that he had me. I bought some time and indicated that I could not install the software and said that I was going to download it again.

I knew that the illusion I was creating could not be sustained for long, and that David would soon see through it because I did not know what his malware was going to do. I did not want him to get remote access into my PC. At this point I decided to start charging forward to see how he would react. I decided that for this I needed to take control of the discussion. I started questioning “this is not going anywhere, I am starting to think that this is not a legitimate call”. So he replied “Don’t worry sir, you can call this number” and he gave me the 1 (877) number that was posted on the website that had the malware. He said “Just call this number any time and I can continue with this call. All you need to do is ask for David”.

Of course this is another big mistake, as any call to Microsoft support gets assigned a specific phone number to call and a number code to dial after the connection is completed so that the specific area of expertise is located (sort of an extension number to an area department before someone will route you to the right tech), even more, you are given a ticket number you need to mention as you are obviously not guaranteed to get the same tech support rep on the line.

I finally thanked David for the information he gave me. I have a feeling he was convinced that I was actually thanking him after having bought into the scam… and that eventually I would fall for it. Instead, I was really thanking him for the information I was able to gather about the scam and for being able to provide me enough material for this article. Thanks to him, I was able to gather information from his phone number, the website that they use, the malware that they use, the domain name registration, the registrar for their website and even the IP address they have been assigned. I was even able to find some forums reporting them as a scammer group that has been using this number for a long time.

Please be very careful out there. It is very easy to fall prey to these scams. I cannot even begin to describe all the types of consequences that these scams could have on your PC, your information, your identity, your finances and your credit history. The malware that would have downloaded to my PC could have been a virus or even ransomware or software that requests a payment before it is removed, only the site where you are supposed to pay may be an even more dangerous place to plug your credit card information! None of these solutions are final and make you dig deeper into the hole you are digging into.

I understand that the information in this article might be used by potential scammers to refine what they are doing and sound more realistic to the unsuspecting user, but the goal here is to put this information out there and be able to prevent the most cases possible. I have purposefully left some details out and changed some facts so that a potential scammer that does not know how it all works doesn’t get it completely right. Please share the link to this article and let everyone you know come here and read this article. The more we spread the word, the better prepared we will all be against these scams.

About Diego Samuilov

Editor in Chief/Founder Diego Samuilov is an executive, consultant, IT strategist and book, e-book and web published author. Diego has worked in Microsoft’s environments since 1990. Since then, he has successfully filled many positions related to the Software Development lifecycle. Having worked as a developer, analyst, technical lead, project lead, auditor and, since 1996 a project manager, manager, director and VP in the Software Development, Server, Desktop and Mobile environments. Diego is very passionate about the software development process, which has played a great part in his skills development. Since the introduction of the first ever PDA (the Apple Newton MessagePad) in 1994 and Windows CE in 1998 he has pioneered and pushed the envelope in the field of mobile software development. He has developed many solutions used in mobile markets, desktop and server environments. He participates in public and private developer community events. He actively collaborates with the community at support forums and blogs. Diego is the author of "Windows Phone for Everyone" available [HERE].