Con artists will use many tricks to steal your money, including contacting you via a fake IT support call.
While the Microsoft tech support scam is nothing new, South Africans still reportedly receive calls from “agents” claiming to be from the company.
The scam usually involves convincing you that they have detected a problem with your computer, and then take you through steps that give them remote access to your machine.
Once they’ve got control of your machine, the scammers use a number of tactics to get money out of you.
This includes infecting your machine with malware that gathers data like usernames and passwords.
What a tech support scam looks like
A number of YouTubers have set up virtual machines and taken these con artists for a ride.
YouTuber Eric Henn decided to have some fun and see if he could get a technician to open files that were not intended for his eyes – as shown below.
The virtual machine is set up to look as though it is infected with malware.
The desktop also contains a folder called “Naked girlfriend” and a spreadsheet called “banking and checking account”
One version of the scam tries to trick you into calling an “agent”. Alternatively, they cold call you.
They ask you to open a run dialog and open the Windows Help browser.
You are asked to use the “jump to URL” feature to navigate to the website of remote desktop software.
In this case, Citrix GotoAssist is used.
Windows prompts you to install the software.
Every time the “tech support agent” tells you to click in the affirmative.
Installing the remote desktop software will also trigger a UAC prompt on Windows Vista and later.
Once installed, Citrix prompts you to accept the remote desktop connection.
Once in your machine, the con artist will run utilities to try and convince you there is something wrong with your computer.
To try and convince the user something is wrong, the scammer runs the “tree” command.
While “tree” is running, they paste a scary-looking string that will appear on the command line when it has finished executing.
The “agent” also shows you a webpage that tells you just how bad your PC’s problem is.
With fear instilled in you, the sales pitch begins.
To the scammer’s credit, in this case, they did open the spreadsheet or the folder of “naked pics”, so Eric Henn did it for them.