Something smelled phishey about that browser popup warning me that my computer has been hacked and telling me to phone Microsoft Support to have it fixed:
The IP address in the dialog box was not the address of my laptop, and if an important piece of information like that is faked then maybe the Microsoft toll-free phone number listed in the dialog was also faked. So I opened Task Manager and killed my web browser. When I restarted my browser a dreaded blue-screen-of-death (BSOD) appeared with the above dialog displayed over it. That also clued me in that something was fishy because a BSOD screen can never have a dialog superimposed over it since Windows isn’t running at that point.
It turned out I was another one of millions of PC users who has succumbed to a fake tech support scam. Microsoft’s Digital Crimes Unit has a YouTube video worth viewing that warns users about such scams. Fortunately, I quickly found this forum thread on Neowin that describes how to fix the fake BSOD and popup that kept appearing when I opened my browser.
Dealing with fake tech support scams
Fake tech support scams like this can be a drain of time and energy for helpdesk of your organization. The best way to prevent them is by user education. “The way we have encountered the screens are through articles on reputable sites,” says a colleague named Merlin who works in the IT department for a county office in New Jersey. “Someone will go to read an article that is linked to another site and there it is. We have instructed all users to turn off the machine immediately and call us.” Training users to respond forcefully like this ensure that phishing attempts quickly fail and the possibility of malware infection is minimized.
Of course, even well-trained end users sometimes slip up. Merlin continues: “As of yet we had only one person fall for it, but the funny thing was they told the user to call the helpdesk. When I arrived they already had a CMD box open and was typing. I immediately shut it down disconnected the machine from the network and ran some scans on her machine and the server she was attached to. I did not find anything but reimaged the machine anyway.”
It’s not just end users who can fall for such scams, however. “Teaching users how to recognize the challenge is the trick,” says Don, an IT consultant who works in Delaware. “Even tech people can fall for them. I got a call from a customer that one of their developers got one (from a music site in Europe). He even called the 800 number and had the scammer remoting into his machine before someone got smart and pulled the plug.”
Remote access often seems to be a channel exploited by such fake tech support scammers. For example, a support tech named Susan from Minnesota shared the following story with me: “I had a friend call us on behalf of another friend. Not only did she get a similar prompt, but was silly enough to call the number and gave them remote access to her machine! Silly woman, of course, had no idea what she was doing! Afterward, she called my friend and told her about it. My friend told her to do nothing more, so she called us. In the process of us talking about what to do, the silly woman called them again! We had to explain to her that Microsoft doesn’t help anyone without first having them call into a robotic answering system, sitting on hold for about two hours, and giving them a credit card for a $250 charge before they will even say hello. Silly woman ended up having to call her husband who came home from work and placed a call with tech support for their computer’s manufacturer for about three hours trying to put the computer back to factory shape. Not sure she learned her lesson, though.”
If your PC is unmanaged (e.g. your home computer) or for some reason you aren’t able to contact your helpdesk, killing your browser and rebooting your computer may not be enough. “I’d recommend a System Restore when you accidentally click on a bad browser link,” says another colleague named Mark, who owns a company in San Diego that provides custom software and IT services for small businesses. “Besides your home page, you don’t know what else it might have changed on your system or what has been downloaded and installed.” After doing this you should also run a full scan for malware using your antimalware program, or preferably using an offline malware scanner like Windows Defender Offline.
Further steps you should perform
At this point, it’s wise to review what happened, that is, how you fell for the scam. Taking a minute to do this will help reinforce the training you received as an end user by your organization’s human resources department so that you will be less likely to fall for similar scams in the future. Make sure you also report the incident to your HR department even though the helpdesk has fixed the problem you were experiencing on your computer. And it’s also a good idea also to report the scam you fell prey to by using the technical support scam page on the Microsoft website. This will help Microsoft put a stop to the scam by assisting them with the information they can share with law enforcement agencies as they investigate such scams.
Finally, if it’s Friday afternoon and you’re ready to uncork for the weekend, you might decide to call the toll-free number displayed in the scam dialog (if there is one) and have a bit of fun. A fellow IT pro named Phil from the UK related to me how he was hit once with a similar scam and decided to have some fun at the expense of the scammers: “I similarly had the same issue, with a mistyped URL and had the fake BSOD appear. On this occasion, I thought I would phone the number as it was toll-free and try and wind them up. I recorded the conversation and then decided to make it into a YouTube video.”
Featured image: Shutterstock