“Hi, I’m calling you from Windows Technical Support!”

If you work in IT, or even if you just know computers and the Internet, chances are this line is something you’ve heard before. It’s the opening line from a scam operation that has been underway for many years, mostly out of India, and has managed to get a lot of money from thousands of unsuspecting computer users all around the world. It plays on some very basic fears and uncertainties, and it’s surprisingly effective. Even people whom we would consider smart and intelligent have fallen victim to this type of call.

But why are these scam calls so effective, and how do we spot them? And, more importantly, how can you prepare your parents, friends and family, so that if and when they do receive this call, they can quickly identify it as a scam, and they can know why they shouldn’t trust what these people say? Because often times, it’s not enough to just say “Don’t talk to strangers”, you have to be able to explain to them how these people are trying to scam them. So let’s go through the scam to see how it works, and what we can do about it.

The scam

The basic idea behind this type of call is very simple. These companies are based in foreign countries and pay an army of low salary workers to call random people in the US, Europe, and everywhere else in the developed world. Their goal is to hit someone with a Windows based computer, and by calling a random number in the west, chances are they will hit a potential target. Then, the script they use is aimed at scaring those people into believing what they say, and then fork over cash.

But the way they do it is pretty clever, because they use the person’s own computer as part of the scam, by misleading them, and scaring them into compliance. It’s been shown that even people who are aware of phone based scams, and who start off in a skeptical mindset when the call is initiated, can still be tricked into giving them money, because of how effective their technique is. This is why telling your friends to be weary of tech support calls isn’t enough, especially if those people aren’t computer savvy, which is why it may be a good idea to explain to them exactly what they would see when they receive such a call, and what it all means.

The way the script goes is usually the same. First, the caller tries to convince you that they are some type of authorized support person. This could be a “Windows Technician” or someone from “Microsoft Windows Support”. The key is to include the word Windows, one of the few computer terms that everyone seems to know. Of course, the first clue that this is a scam is the fact that Microsoft doesn’t call you without you having called them before, and that no support technician will contact you about potential problems about your home system, since no one outside your house should have access to your computer in the first place.

Unfortunately, this isn’t a very good argument for most people, because they are so used to having support technicians at work who do have access to their systems, and after seeing so many scary hacking related news bulletins in mainstream media, most people would have no trouble believing someone who tells them that their home computer, the one they bought themselves, is actually communicating with some support firm in another country, one that they never even heard of.

After convincing you that he or she is indeed a support technician calling to help out, the scammer will painstakingly make you follow a series of steps, all of which are designed to show you that your computer is filled with malware. They basically make you open the Event Viewer, something that comes with every version of Windows, and show you the application log. There, to the victim’s shock, the display is filled with scary messages, including errors, critical events, and so on.

This is the main argument behind most of these scams, and the final nail in the coffin to convince non-savvy computer users that their computer is about to choke down under a pile of malware. If someone makes it all the way to this step in the script, then chances are they will be eager for the mysterious caller to give them a solution. This, of course, comes in the form of a useless piece of software that the scammer sells to the victim, sometimes even a monthly payment, and the shady business made yet another customer.


How to deal with it

Obviously, the best ultimate outcome for this type of shady business is to shut them down, so that they can’t do this to other people. Unfortunately, that’s really hard to do, because these companies can spring up out of nowhere in a matter of days. Just this month the US government was announcing massive lawsuits against some of these very scammers, but like in many other cases, the criminals can restart their operations much faster than the law can close them down. So instead, it’s up to us, IT pros and other savvy Internet users, to make sure these scammers don’t get our families and friends, by educating them. First, we have to understand what the scammers are doing, and then be able to explain why it’s not what it appears to be.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

The main point of this scam is to scare the target user, by showing them the Event Viewer. The purpose of the Event Viewer is to log everything happening inside of a system. This is a tool that server administrators use all the time, and even support technicians, but normal computer users don’t even know about. Because a computer is such a complex piece of electronics, and modern software is so complex, any normal computer is bound to have situations come up where an error, a warning, or even a critical situation may happen, without the end user ever even noticing. That’s because Windows, like all modern operating systems, is very good at handling errors and recovering from them. If you load the Event Viewer on your own system, you can look through these logs and see the types of errors they are. Usually, they are drivers that haven’t initialized correctly, or applications that didn’t uninstall completely. They are basically events that should not have occurred, but often don’t impact the overall system too much.

First, it’s important not to lie to ourselves. It’s not normal to see so many error messages anywhere on a computer. In an ideal world, these logs would have nothing but information notices, with no error, and no warning. But we don’t live in a perfect world. Ask yourself, and the person whom you’re trying to convince, how many times they’ve downloaded something, installed a piece of software, or deleted a file. Even if everything seemed to go well on the surface, things may be left behind the scenes, and that’s where errors come from. But the reason their system didn’t alert them is because it’s something they recovered from. So you shouldn’t be scared into thinking your computer is having major troubles simply because the Event Viewer detected some errors.

But it’s also important not to minimize the importance of the malware threat. People are constantly reminded how important updates are, that everyone should be running antivirus software, and so on. So the right way to convince someone not to fall for these types of scams isn’t to make light of the potential threat, but instead show them how they can be secure for free, without ever paying a dime. You can download the free Microsoft Security Essential program, or any of the other free security solutions. The important thing to remember is that those scammers all want the exact same thing, money. So people should always wait before forking away cash, even if they are unsure whether their computer is infected or not, and instead look for free solutions, because in almost every case there’s free alternatives.

Other similar scams

Understanding the Event Viewer, the fact that every system has errors, and that they aren’t an indication that the computer is infected or having critical problems, is the key to defeating this kind of phone based scam. But there are other scams out there which use similar, but slightly different arguments, which people also need to look out for. It’s really too bad that this type of education has to be done on non-techie users, but at the end of the day, it’s important to remind ourselves just how much of our daily lives are spent in front of a computer, and how dependent we’ve become on them.

One very popular online scam is the fake antivirus. This is a popup you may have come across if you go to some of the more shady sites, or simply happened to visit a web site that happened to have been hacked.


The basic idea behind this scam is the same, the goal is to scare the user in thinking his or her computer is filled with malware, and to fork over cash in order to protect them. Of course, the results shown on the screen are complete lies, but the display looks very genuine. A non-techie user would not know the difference. Here, you can’t really claim that those messages aren’t malware notices, so people need other information to detect these scams.

The first thing to tell others is to pay attention to which security software is installed on their system. Whether they use Symantec, Microsoft, or AVG, they each have their own unique looks and feel. It’s important that everyone takes the time to look over the various dialogs that their security solutions can show them, and remember what they look like. That way, if some generic “Antivirus 2010″ window pops up, they will know right away that it’s a scam. Also, be weary of anything that looks out of the ordinary. If a scan suddenly appears on your computer when it usually shouldn’t be happening, then maybe that’s not what it appears to be.

In the end, all of these scams and money grabbing attempts are pretty easy to spot for us geeks, but the problem is that the people behind these attacks aren’t concerned about us. They go after the much greater quantity of non-geeks, people who are otherwise intelligent but simply do not understand computers as well as we do, and it’s up to us to educate them, to show them why something isn’t what it claims to be, and how to stay safe without giving out money to shady businesses who don’t deserve it.