More than 100 Indian police swarmed 16 tech support scam call centers in Gurgaon and Noida last week, arresting 39 people for allegedly impersonating legitimate support reps for companies including Microsoft, Apple, Google, Dell and HP.
The day after the raids, which were carried out on Tuesday and Wednesday, Microsoft said that it has received over 7,000 victim reports from customers in more than 15 countries who’ve been ripped off by the call centers.
This is the second of two recent, big raids on Indian tech support scammers. In October, after Microsoft filed complaints about customers falling for pop-up messages that lied about their systems being infected with malware, Indian police raided 10 illegal call centers and arrested 24 alleged scammers.
In that second raid, law enforcement seized a wealth of evidence, including the call scripts, live chats, voice call recordings and customer records used to run the scams.
Typosquatting and malvertising
There are a few ways that people can fall prey to these swindlers, who get to people via both phone calls and pop-up windows. Last year, researchers at Stony Brook University rigged up a robot to automatically crawl the web searching for tech support scammers and to figure out where they lurk, how they monetize the scam, what software tools they use to pull it off, and what social engineering ploys they use to weasel money out of victims.
They found that users often get exposed to these scams via malvertising that’s found on domain squatting pages: the pages that take advantage of typos we make when typing popular domain names. For example, a scammer company will register a typosquatting domain such as twwitter.com.
Studies have shown that visitors who stumble into the typosquatting pages often get redirected to pages laced with malware, while a certain percentage get shuffled over to tech support scam pages.
Once there, a visitor is bombarded with messages saying their operating system is infected with malware. Typically, the site is festooned with logos and trademarks from well-known software and security companies or user interfaces.
A popular gambit has been to present users with a page that mimics the Windows blue screen of death.
The frequency of fake blue screens of death has over the years turned “Microsoft” into a red-alert word. According to Microsoft’s recently released global survey, three out of five Windows users had encountered a tech support scam in the previous year. That reflects a five-point drop since 2016, which is good, but it’s not great, Microsoft said: the scams are still going strong, targeting all ages and all geographies.
As the list of impersonated companies from the recent raid shows, you’re not immune if you don’t use Windows: scammers have branched out so they can prey on a broader audience, pretending to be aligned with Apple or other big-name tech companies.
Like a fly in a web
Beyond spooking visitors with their bogus alerts, tech support pages will wrap them up in intrusive JavaScript so they can’t navigate away. For example, they’ll constantly show alert boxes that ask the intended prey to call the tech support number. Other techniques include messing with a user’s attempt to close the browser tab or navigate away from the site by hooking into the onunload event.
Feeling stuck like a fly in a web, a naive user will call what’s often a toll-free number for “help” with the “malware infection”. The person on the other end of the line will instruct the caller to download remote desktop to allow the remote “technician” to connect to their machine. That gives the crook complete control over the victim’s computer. At that point, perfectly innocent system messages will be interpreted as dire indications of infection.
Microsoft has found that its victimized customers typically get charged between $150 and $499 for the unnecessary tech support they supposedly need to get unstuck from the fictitious web. To add insult to injury, besides being gouged for fake tech support, once the victims have opened up their systems to remote access, they’re left vulnerable to malware or other types of attacks.
Microsoft has been fighting these scams since 2014, when it dragged multiple US companies into court. That’s also when it began to collect customer complaints about the scams via its Report a technical support scam portal.
What to do
Microsoft passed on these key ways to save yourself from getting scammed and having to use that portal:
- Be wary of any unsolicited phone call or pop-up message on your device.
- Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication it has with you must be initiated by you.
- Don’t call the phone number in a pop-up window on your device, and be cautious about clicking on notifications asking you to scan your computer or download software. Many scammers try to fool you into thinking their notifications are legitimate.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- If skeptical, take the person’s information down and immediately report it to your local authorities.
Jim Gersetich
It may be worth pointing out that no amount of safe computing practices will keep our (tech supports) customer from seeing these, because they sometimes show up as fake ads on legitimate web sites. So, we have to get our customers to know not to click anything in these pop-ups.
And it wouldn’t hurt to cement our processes so we never do it (like Microsoft’s statement), and help our customers understand that message. We should always use verifiable methods of contact.
John C
Ironically the website that has been the source of the greatest number of these fake error messages, in my experience, is MSN.com. Operators of legitimate websites need to tell the companies that serve up ads that they will not be permitted to advertise on their site unless they screen the ads for malicious content. In many cases, the advertising server operators would simply say, “If you don’t want revenue from our ads that’s fine with us.” but a company like Microsoft might have enough clout to force compliance.
Christina Lahammer
I was scammed in June 2019. They sounded like they from India. They hacked in to my son’s cumpter and stole me from us. And his cumpter doesn’t work any more. I saved the voice mail the sent me and the emails. It’s been really hard for me because I can’t afford to pay that money back. I feel so dumb for falling for it. I just don’t know what I should do. I reported it. But it seems like no one really cares.
David Woodroof
Why so few arrests ? – 16 tech support scam call centers arresting only 39 people
Mahhn
If you can pay the PreFine ?,,,,,
In some countries – including India, bribes are as common as – tipping after a meal in the US. But usually done to initiate business rather than at the end. It’s not seen often as corruption, as much as a normal business expense.
Mike
Why it took so long? We have these calls every day at households in The Netherlands.
Alan
I’ve gotten those calls on a number of occasions. In most cases, it begins with “I’m so and so from Microsoft, and we’ve noticed that your computer is downloading malicious files from the Internet.” (As if Microsoft is monitoring everyone’s downloads…LOL!) I’ve found that their script prepares them for the usual responses. Example: “My computer is not even on!” with the rather aggressive response being “Sir – I did not SAY that your computer is on right now.”
Instead my response now is: “I know, I know. I’m downloading those files on purpose.” Silence. Most hang up right away. If they ask why, I say that I’m testing anti-malware. They don’t how to respond – after all, you’re agreeing with their lie. Maybe you ARE downloading malicious files on purpose – they don’t really know. One guy tried to say that I would make my computer worthless – “might as well throw it out the window”. I just said, “Oh no, this is a test computer. I’ll just reformat the hard drive when I’m done. I do it all the time.” Click.
Ann chapman
I recently had a email in my spam.saying thank u for yr order of $3,000.00 of computers. So me calls and lets them in my computer not knowing who it was. My husband takes control of the computer shuts it off.luckly my customers works on computer nothing was wrong with it. So beware of emails as well.
Paul Ducklin
Big tip: if you are suspicious, don’t call back using information in the email (if the crooks have copied someone’s brand they will not copy that company’s phone number).
Use data you already have – genuine invoices, previous correspondence, printed brochuers, and so on – to figure out how to get in touch. If all you have is contact data in an email sent by, and on a website provided by, the very people you are unusure of, then don’t trust it. If you aren’t sure of the company, why believe anything they say now?
M.Lionetti
Now what? I fell for it, they got control of my laptop and when I told them I wasn’t paying the $299 (ransom), the guy got nasty and now I’m locked out of my HP. Who can fix this? Where can I go? The microsoft site just says to not fall for these scams but not what to do.
Vickie Weber
I have been getting up to 5 calls a day supposedly from microsoft wanting to change my product key and ISP address. I don’t fall for these scams so I don’t answer the phone. They even spoofed my phone number to look like it was coming from my phone number.
Louise Whiteford
I have received numerous telephone calls from foreign sounding voices that want to refund money to me. As the amount of the refund for my computer is more than it is worth and I do not remember purchasing any insurance I decline. Yesterday that were pulling a scam with Alpemix.exe to try to get into my computer. I called AOL and their technical support told me that Microsoft does not call. They called themselves Microsoft Technical Support or Microsoft Refunding. It is obvious that they have a very large telephone service group. I have had about twenty phone calls.
Nick P
what refund scammers will do is make you go to your online bank page and have you look at the page while they “refund” you. What’s actually happening is: the scammer is using coding to edit your checking or savings accounts amounts to make it look like they are refunding you. Please be careful. The best thing is to have your bank account page up on two screens so that while they are messing with one, you can see if they are stealing or refunding your money on the other. They only have access to the one device so this is a double secure way to catch them.
Anonymous
When the Microsoft scammer calls place your phone next to a noisy vacuum and deafen them.
Jason A Jackson
I have had several encounters with microsoft overseas support [India and the Philippines] with great success. These were calls in which I imitated. When they call back later for follow up or a continuance they verify with the 11 digit case number.
Princepal kaur
I have a complaint to register. A scam is running from India with the Us/Canada and Uk customers. money is being looted from people on daily basis.
Microsoft kindly contact me on my given email id I wanna give you this information to stop scam with people.