Does this sound familiar? “Hello, I am calling from Microsoft because we have detected a virus on your computer, we’re here to help you.”
This we’re the old days…
These fake Microsoft Support engineers called random numbers using satellite phones and told their victims they are working for Microsoft and need full remote access to your computer because the computer is infected with a virus.
Yet, times have changed…
Nowadays, Tech support scammers redirect users to deceptive web pages, claiming their PC is infected with a virus and their web browser is locked to prevent the virus from spreading.
Tech Support scammers employ much more sophisticated techniques to deceive users into calling their fake support services.
Microsoft tech support telephone calls
People are aware of the fake Microsoft support engineering scams and hang up the phone because people know the support engineers from Microsoft would never call them.
The PC user should call Microsoft if they have a problem with a virus or anything else related to Microsoft products right?
Because people hang up their phones, this is where cybercriminals came up with new approaches to take advantage of unaware PC users.
In case they did call you, hang up. Just hang up, easy as that and block the telephone number.
Some users did get scammed and did pay money to the scammers.
Call your credit card company as soon as possible and ask for a refund of the money.
Tell them you were a victim of a fake tech support engineer. Cancel any support services you agreed with.
Who are these Microsoft Support Scammers?
Cybercriminals as I would like to call them…
The often poor and hired people behind these Microsoft tech support scams make a lot of money for their owner. Most of them work in large buildings in simple computer setup and speak poor English.
However, they are criminals. These people are scamming other people using deceptive fake web pages and telephone calls claiming the Windows or Mac OS device is blocked or infected with a virus.
Here are some various examples.
It is hard to keep up with the domains these scammers use to trick people.
The tech support scammers don’t even seem to care about the domains anymore, a remarkably large amount of the domains the tech support scammers register do not even look legit, as in this example of a tech support scam.
The URL doesn’t look legit, and they don’t care.
All they want the victim to do is call their telephone number and make money.
Microsoft Tech Support web pages scammers regularly try different messages to convince the victim the browser or the device is infected. Below you can find a few web pages these cyber scammers use.
- Microsoft Support says
- Microsoft Help Desk scam
- Call certified Microsoft technicians
- Microsoft Official Support
- Error Code A268D3
What these tech support scammers frequently do is show some random legit windows error logs and tell the victim the windows error logs are the problem.
After the support scammer has convinced their victim, the tech support engineer offers a tech support service for a month or a year to keep your computer clean from future virus infection.
In the worst case, the tech support scammers install tools to search for login – password credentials and other personal information, this information is known to be solved to advertising service.
Microsoft spyware alert voice scam
What the cybercriminals are trying to do is make sure the victim of their fake Microsoft support scam page calls their telephone number.
So the cybercriminals brought up a new idea. The technique is something ransomware already used in 2014-2015.
The tech support scammers came up with the idea to speak to the victim in the native language using a computer-created voice.
Voice audio could make it more trustfully for the victim. We extracted two examples from a Tech Support Scam web page as an example for our visitors to recognize the voice.
The first one is a computer-generated voice in English and the second audio is a computer-generated voice in French.
Obviously, cybercriminals are shifting their technique to a more deceptive, social engineering like technique to convince the victim to call the fake Microsoft Tech Support telephone number.
The support scammers adjust the output of their fake support scam web pages to the virtual-location and spoken language of their victim.
If the scam page is visited with a Chrome browser, the scam page looks like a chrome error page. The same happens for Firefox and Internet Explorer.
The audio examples indicate the scam web pages also detect the language of their victim and adapt the computer-generated voice for their the victim. This probably results in more telephone calls to their scam number.
The Microsoft tech support scam phone numbers are usually satellite phones.
The cybercriminals change the scam URL and telephone number usually within 24 hours or less. Even the telephone numbers change to a local phone number, based on the victim’s virtual-location (most likely IP-address).
The support scams have become very sophisticated. Beware.
Microsoft Tech Support scammers are adapting their social engineering techniques, which indicates there is more money involved in these scams and people still happen to be deceived by these scams.
What to do if my browser is locked by a Microsoft Tech Support scam popup?
First of all, the victim should close the browser. The Tech Support Scam pop-up often trigger a fullscreen, which makes it difficult to close the pop-up. Follow the steps below to close the full-screen Microsoft tech support popup ad and remove the associated malware from your device.
If the pop-up stays on top with alert's in your browser and it seems impossible to close the warnings you need to perform this optional step. After performing this step, please continue with Malwarebytes to start the actual removal of the adware that is causing the pop-up in the browser.
- Start the Windows Task Manager by using CTRL+ALT+DEL for Windows 7 or CTRL+SHIFT+ESC for Windows 8.
It is also possible to hit the taskbar with a right click and select the Task Manager from the menu.
- Select the browser you are using from the list and right-click on it, selecting End Task. It is also possible to use the End Task button at the bottom of the window.
- The internet browser should be closed now, continue to the next step to start the actual removing process of the malware.
Scan your computer for malware with Malwarebytes
Some tech support scams are triggered by adware or potentially unwanted applications. Malwarebytes detects the adware and eliminates the adware from your computer. Some tech support scams are redirected by suspicious web pages. However, we do recommend to clean your device with Malwarebytes.
Get rid of Malware with Malwarebytes. Malwarebytes is free to use, detect and remove malware from your PC. Detect the latest adware, potentially unwanted programs and other malware with Malwarebytes. Protect your PC with Malwarebytes. Malwarebytes works perfectly in addition to a virusscanner.
Run the Malwarebytes program installation file. Click here for Malwarebytes installation instructions.
Click Scan Now to start examining for malware.
Malwarebytes will start searching for malware, please wait for Malwarebytes to finish the malware scan.
Malwarebytes usually takes between 2 to 5 minutes to complete.
Once the malware scan is performed, Malwarebytes will present the results of the malware scan.
Remove the malware found by Malwarebytes using the Quarantine Selected button.
Wait for Malwarebytes to move all malware to quarantine.
Malwarebytes needs to make a system reboot to finish the malware removal process.
Save and close any working documents or open web pages and click Yes to reboot your PC.
After the system reboot, your PC is clean from malware. Stay protected with Malwarebytes against future threats. Malwarebytes stops adware, potentially unwanted programs, malicious web pages, suspicious downloads, viruses, spyware and ransomware from infecting your machine.
Clean your internet browser with Zemana Cloud scanner
Zemana Anti-Malware is an second opinion anti-malware scanner which uses Cloud technology for malware detection. Zemana is the fastest, smallest and most proactively malware scanner available. Zemana is its best in addition to a primary virus scanner or malware scanner such as Malwarebytes.
Open the Zemana anti-malware setup file.
Install Zemana anti-malware using the default settings, after successful installation Zemana anti-malware will update itself to the latest version.
Select the Scan button to perform a malware scan, wait for the scan to finish, this usually takes a few minutes.
Click the Next button to remove the malware found by Zemana on your computer.
Wait a couple of seconds for Zemana to remove the malware from your PC.
Your PC is successfully cleaned by Zemana. Zemana is an excellent protection for people searching for a lightweight malware detection and removal tool. Zemana is its best in addition to a more comprehensive antivirus or anti-malware security application such as Malwarebytes.
You might find these articles useful