Tech Support Phone Scams Surge – Krebs on Security

The bogus tech support boiler rooms must be working overtime lately. I’ve recently been inundated with horror stories from readers who reported being harassed by unsolicited phone calls from people with Indian accents posing as Microsoft employees and pushing dodgy PC security services.

Tech Support Phone Scams Surge – Krebs on SecurityThese telemarketing scams are nothing new, of course, but they seem to come and go in waves, and right now it’s definitely high tide.  One reader’s story in particular really creeped me out. “Ron” wrote in to say his friend’s young daughter was the latest target.

“A friend called me to tell me that someone called his house, and using some ruse, convinced his 11 year-old daughter to ‘type in some numbers’ into the Run window,” Ron wrote. “When he got home, he turned the computer off, and we assume that it’s compromised and will need to be reformatted.”

Ron said that not long after that incident, he received a similar call. The woman on the phone told him that she was “the authorized security monitoring service for Microsoft Windows,” and that they had detected that his computer was infected with malware, which naturally he needed to have removed.

“The phone number was a Georgia area code, but I’m pretty sure she was from somewhere in India or Pakistan, based on the delay,  her accent and use of English — she said her name was Nancy,” Ron said. “She was also calling me at 7:30 am.”


Wednesday evening, I heard from “J.C.,” an information security officer from a community bank in Maine. J.C. said he’d just been contacted by two customers who called after being snookered by these scams.

“The scammers said they were from Microsoft and had been shadowing the customers’ computer, and saw they had a virus on their PCs, and would they please open a command prompt and download something,” said J.C., who spoke on the condition that I not print his full name or that of his employer.

J.C. said both customers had been bamboozled by a company in India called NIAS E Business Solutions, to the tune of $199. J.C. said the bank blocked the transactions and canceled the customers’ debit cards. But that didn’t stop NIAS from trying to put through the charges two more times. The first time for a lesser amount of $99. When that failed, the NIAS tried to put through a $120 charge via Western Union!

J.C. and the Maine bank are still trying to figure out another curious aspect of this scam: J.C. said that prior to attempting the charges, NIAS signed up the customer for MasterCard’s SecureCode, a security service offered by MasterCard intended to provide added protection against card fraud for customers shopping online.

“The customer had never registered with SecureCode, and the bizarre thing was that the person who made the call from this NIAS company registered it with SecureCode, almost as if to try to make the transaction seem more legitimate,” J.C. said.


J.C. said it appears as though these call services are targeting the elderly and people who may have computers but little expertise about how to secure them. KrebsOnSecurity reader and security professional Sam Sharp is fairly convinced of that as well: He wrote in this week to tell me about a similar scam that targeted his mom. Sharp wrote:

Tech Support Phone Scams Surge – Krebs on Security

A remote admin tool used by the scammers who targeted Sharp’s mom.

“My mom is 86 and lives in Florida with so many other seniors.  She is a nice old lady.  Last year I upgraded her PC to Windows 7 and removed admin access for her account. I manage her PC from Minnesota using Logmein.  Keeping it patched and help her create her monthly invoices in Word.  She works a few hours several days a week driving other seniors to appointments and visiting them to make sure they are eating and taking their medications.  On Tuesday Mom received an unsolicited phone call from someone who actually got her to go to her computer, visit a website and download a program to her PC.  I am not sure what the scam was about but the software appears to be a remote access program called AAMMY.”

The tech support people said they needed the admin password to install their diagnostic and cleanup tools, so Sharp’s mom called and left a message with him, asking for the password so she could relay it to the people who had called her (the number that called her was 888-458-9001).

“I recorded the voice message that my mom left because it is amazing to hear how convinced she was that this was legitimate,” Sharp said. “I had to be very delicate in explaining to her that this was a scam, and it actually took some effort to get her to realize that people do this kind of [stuff].”

For its part, Microsoft recently published a notice to its Safety & Security Center page warning customers about these fraudulent tech support scams from call centers claiming to represent Microsoft. The company stressed that neither Microsoft nor its partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. Ironically, Microsoft itself offers a fair amount of free tech and security support, by phone, email and online chat — but the customer has to initiate the process.

Deja un comentario