Many home users want to trust that their operating system, like Windows 10 or Windows 11, can pick up on trouble. After all, people across the world trust Windows Defender, the built in antivirus software to Windows, to find viruses and malware. This trust mechanism is used by scammers to bait users into contacting them. This is called a “Tech Support Scam”. Doing so is extremely dangerous and innocent people have lost a lot of money to this scam.
How does the scam start?
It starts with the above photo. Out of no where, the computer seems to be locked with warnings and threats about data loss and risk to the user’s machine. The popup states something close to the following: “Access to this PC has been blocked for security reasons. Do not access or restart this PC. If you overlook this basic warning, you may lose information about this framework. Contact support as soon as possible and a Microsoft expert will guide you through the investigation over the phone. Running this application may put your PC at risk.”
In addition to the warning and threat, there are popups requesting the user call a specific phone number that looks to be Microsoft Support. The idea is to scare the user as much as possible. The fear and risk of data loss is meant to create a state of panic in the victim.
What is actually going on?
Here is how the scam works. The scammers purchase some web space online. In this case, it was some basic hosted space by Amazon. Anyone, literally anyone, can pay to obtain some storage on the Internet these days so it is not hard to do. The scammers then build a website that looks exactly like Windows. Using various techniques, they get users directed to the scam website with a configuration so the website takes over the whole screen. It is meant to look as legit as possible, but it’s just a webpage – not the actual operating system. The webpage has popups built into it to look even more realistic. Here is a better shot, showing the screen as the website it is.
What is the end goal of the scammers?
If a user calls the number on the screen, it directs to a scam center. Usually the centers are located in Southeast Asia or India. From there, the scammer pretends to be Microsoft. These call centers sit around waiting on victims to call in. They will suggest to the victim to install some software so they can help “diagnose” the computer problem.
That software, like the software suite AnyDesk, is suggested so they can remotely control a user’s computer. It gives them full access to control the remote machine, see the screen, etc. Once that takes place, the scammers win. So they will do everything they can to get the victim to provide some sort of remote access to them. They will then proceed to pull passwords, bank information and anything else of value they can use to make or generate money once they have access.
Protecting yourself and your loved ones
Never call a number in a security popup warning, or any other number provided to you if you did not search for it. Microsoft, the real Microsoft, should only be contacted by directly looking up their customer service number from Microsoft.com. Never call a number provided to you. Period.
If you continue seeing the above popup after a computer restart, there could be some adware on your system or other mechanism that is displaying the message. Remember though, just the security popup alone in this case means that the scammers do not have access to your bank or your computer. That is why they need you to call them.
Finally, the Federal Trade Commission offers some additional tips about this scam. From the FTC:
- Never call a number on a security pop-up warning. Pop-ups that tell you to call tech support are always scams.
- Never move or transfer your money to “protect it.” Only a scammer will tell you to do that.
- Never give someone a verification code to log in to your account. Scammers want it to get into your account.
- Call your real bank, broker, or investment advisor if you’re worried. And use a number you know is real.
Conclusion
Unfortunately, this tech support scam has been around some time. Yet, users are still losing money and time to them. Remember, full screen webpages may look like Windows, but it is just an attempt to get access to your machine and your money.