A woman sent us this voice message which she received about her Windows license key. Of course, she didn’t even have any Microsoft products on her computer so knew it was a scam! “Your Microsoft Windows License key has expired in your computer.” You are asked to call 866-978-5387.
We visited a webpage that was hacked and were suddenly hijacked and redirected to this web page being hosted on a server in Turkey (“.tk” is the 2-letter country code for Turkey) telling us we have a virus on our computer and to call their “Help Desk” number: 888-480-6877. That’s help we don’t need! If you read the message in their popup, it’s ridiculous, especially since we were on an Apple computer at the time.
One of our readers contacted us have getting the message you see below in Safari on her Mac. This trick is intended to scare her into calling the phone number 888-649-7615. DO NOT CALL THIS NUMBER! The paragraph at the bottom of the message is a bunch of BS. Our reader was re-directed from a hacked website to the domain “computer-sh44-DOT-stream.” This domain was registered on December 15 using a private proxy service in Panama. The website description is “Google.” Like that’s believable.
Microsoft Takes on Scummy Tech-Support Companies
By Woody Leonhard
In late December 2014, Microsoft filed a lawsuit against a U.S.-based company that’s been accused of massive tech-support fraud.
If you’ve been the victim of a phony “tech support” call — or you know someone who has — it might be payback time.
In what’s probably the first legal action of its kind, Microsoft is suing a tech-support company for trademark infringement, unfair competition, false advertising, and cybersquatting. According to the complaint (PDF), the defendants are the owners of Consumer Focus Services, a Los Angeles–based company that operates under various names such as Omni Tech Support, FixNow, and Techsupport Pro. The complaint also names other companies and describes the fraud as “a web of related entities that perpetrate technical support scams on Microsoft software and device users.”
No doubt you’ve at least heard of scammers purporting to be from Microsoft Tech Support. This type of fraud occurs worldwide and probably rakes in billions of ill-gotten dollars. I warned Windows Secrets readers about these scum in the Feb. 3, 2011, Top Story, “Watch out for ‘Microsoft Tech Support’ scams.” And Fred Langa related a reader’s experience in the Feb. 28, 2013, Top Story, “Security alert: Bogus tech-support phone calls.”
The scams take many forms, but the general outline goes something like this:
A “Microsoft support” person calls and states that your PC reported one or more “infections.” The caller then requests that you let him examine your system remotely. (In a common variation of the scam, you respond to an ad that promises to cure all your computer’s ills.)
If you let the bogus support person into your machine, he’ll soon “discover” dozens of “serious infections” and other “critical problems” that need to be fixed immediately. All you have to do is hand over your credit card to make your system right.
If you’re lucky, the support person will have pretended to fix the “problems” and you’ll only be somewhat poorer for the experience. If you’re a bit less lucky, your PC will be in slightly worse shape than it was. In the worst cases, the bogus support person will leave malware behind, just as a thank-you.
Microsoft Digital Crimes Unit attorney Courtney Gregoire posted a blog and video about these scams. The video states that over “three million [Microsoft] customers, this year alone,” have been stung by tech-support scum. The blog describes the typical MO:
“Many of these technical support companies are able to gain victims’ trust by claiming they work for Microsoft, are a Microsoft Certified Partner, or [are] somehow affiliated with Microsoft. In some instances, once the tech scammer gains remote access to a consumer’s computer, they will use scare tactics — telling the consumer that if they do not pay for support services they will lose all of their files, suffer a computer crash, or risk the leak of personal identifiable information. Pop-up browser windows simulating virus-scanning software have fooled victims into either downloading a fake anti-virus program (at a substantial cost) or an actual virus that will open up whatever information is on the user’s computer to scammers.”
Although tech-support scams have been around for many years, Microsoft’s lawsuit represents a new tactic. Typically, the company would have worked with both law enforcement and the courts, for example, to take down malware servers (and some legitimate servers, as reported in a Tom’s Guide story). But in this case, Microsoft is taking the more direct and immediate action of suing a company providing allegedly bogus MS support. In my opinion, it’s about time — I wish them overwhelming success.
Aiding and abetting bogus tech-support creds?
That Microsoft is trying to stop bogus tech support is obviously a good thing. But some of its own terminology might be contributing to the problem.
During the initial contact with a PC user, using or mentioning “Microsoft” immediately gives the “support” person some legitimacy and credibility. The most nefarious scammers will boldly identify themselves as Microsoft employees. More sophisticated scammers will be a bit more circumspect, drawing a picture and allowing the “customer” to fill in the blanks with their own assumptions. (The scammers will often have websites that help with the illusion of legitimacy.)
Unfortunately, titles such as “technical-support professional” or “tech-support provider” are used by both scammers and genuine support persons. There’s nothing deceptive about these descriptions: there’s no legal definition of a “tech-support professional,” no national accreditation that uses that specific terminology — that I’m aware of.
Adding “Microsoft” to the mix makes things somewhat murkier. For example, the title “Microsoft tech-support professional” is still relatively generic; it could apply to anyone who supports Microsoft products. Heck, most Windows Secrets readers probably feel from time to time like professional tech support for Microsoft. Even “Microsoft employee” can be confusing. There are many contract support techs who work for Microsoft but aren’t, technically, Microsoft employees.
Even though all these descriptions are subject to misinterpretation, there’s another one that I believe is even more problematic — Microsoft Partner Network. It might sound like something vetted and blessed by Microsoft, but it’s actually an association that’s apparently extremely easy to join — a fact that most PC users don’t know and that many scammers use to their advantage. All it took for me to join was a Microsoft ID (say, an outlook.com email address) and about two minutes of my time. (There’s a lengthy MPN agreement, but abiding by it seems to be on the honor system.)
Want to see for yourself? Go to the Microsoft Partner Network homepage and click the Join Now button in the right-hand column. Sign in with any Microsoft account (the site calls it a “Windows Live ID”), fill out the on-screen form, and click the Submit box. You’ll probably be granted immediate membership — as I was (see Figure 1).
My “company” was made a Microsoft Partner Network member immediately, eligible to sell Microsoft Online Services (see Figure 2).
I’m amazed by the number of tech support–scam stories that make no mention of how easily scammers can advertise themselves as Microsoft Partner Network members.
It’s important to note here that being in the Microsoft Partner Network is very different from being a Microsoft Certified Partner, as Brian Krebs explained in his November blog post. But it’s a sure bet only one PC user in a thousand knows the difference; more likely, it’s one in a hundred thousand.
Microsoft’s complaint against Consumer Focus Services claims that the “defendants have utilized the Microsoft trademarks and service marks to enhance their credentials and confuse customers about their affiliation with Microsoft. Defendants then use their enhanced credibility to convince consumers that their personal computers are infected with malware in order to sell them unnecessary technical support and security services to clean their computers.”
But it’s clear that Microsoft itself has — inadvertently — helped the scammers.
The bigger problem — and what to do about it
As Microsoft goes after the big fish in the U.S., I expect that smaller, local tech support–scam operations will pull up stakes and move overseas. Many, for example, already have a presence in India. If Microsoft prevails in its suit against Consumer Focus Services (the company is presumed innocent until proven otherwise), CFS could easily relocate all its operations outside the U.S. Its website describes the company as “A pioneer in India-based offshoring with over a decade of experience in call center outsourcing … [with] multi-location delivery (offshore and onshore) centers in India (Bangalore).”
The U.S. Federal Trade Commission is tasked with prosecuting overseas scammers, but it’s obviously a Herculean task. In an Oct. 3, 2012, post, the FTC announced that it had teamed with organizations in Australia, Canada, and the U.K., cracking down on 14 companies and 17 individuals “mostly based in India” that used cold-call tech-support scams. Two years later, the FTC reported that it had settled with several of the defendants “and has received settlements and judgments totaling more than U.S. $5 million.”
That’s a slap on the wrist, given Microsoft’s claim that scams result in losses of $1.5 billion a year.
Another trend is even more serious. Although Microsoft, the FTC, and other authorities from many different countries have tried for years to crack down on tech-support scams, the problem is getting only worse — especially as the already large, worldwide pool of English-speaking, PC-literate, but poorly paid workers continues to expand.
I assume that regular Windows Secrets readers would never fall for this type of scam. But someone you know probably will. Warn your friends and family. Microsoft’s Gregoire sums up the fight:
“If someone claiming to be from Microsoft tech support, or affiliated with Microsoft, calls you:
- Do not purchase any software or services.
- Ask if there is a fee or subscription associated with the ‘service.’ If there is, hang up.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- Take the caller’s information down and immediately report it to your local authorities.
- Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.”
Everyone who uses a Microsoft product should know that Microsoft never calls to provide technical support — unless you’ve specifically requested a callback and you have a callback number.
Have you been scammed or think you might have a scammer on the phone? A Microsoft page tells you how to report it. For more information on working with Microsoft Tech Support, see Susan Bradley’s April 3, 2013, On Security story, “Working with the real Microsoft Support” (paid content).