Skip navigation

Don't get caught out by phone scams

Most people are wise to so-called phishing scams, usually in the form of emails pretending to be from a reputable place such as a bank asking you to click a link to 'secure your account' or similar. Said link is usually a clone of the real site so that users feel comfortable entering in their confidential data. Of course, it all gets sent to scammers who go and use your details to commit fraud. Lovely.

It's not a new thing at all, but people are doing this over the phone too. A popular one that recently caught out a family member is that someone will call, ask for the householder by name, and proceed to tell them they are from Microsoft or 'Windows Support'. They may have the householder's email and/or home address (from where I have no idea; they may be using the local phone book or have the details sold onto them from other sources) and will gain the trust of the user by confirming these with them, proceeding then to tell the user their computer is infected by viruses and this must be fixed now or they will be fined/their computer will crash/other similar threats. Sounds like a classic scam, but due to the user being named it can catch people out - especially if they're computer illiterate.

The scam generally continues with some or all of the following:

  1. The user is instructed to go to their computer, go to the Run command/Windows+R (which brings up the Run box) and type in "eventvwr" and/or some form of "prefetch unwanted"

  2. The scammers tell the user that the entries listed in the resulting window are viruses and these must be cleaned.

    This is of course not true - "eventvwr" brings up the Windows Event Viewer and entries listed within this are events logged by Windows. Scammers may go further with this one and say that any items with a yellow warning triangle or red cross are malicious items, but they aren't - they're errors logged by Windows which for the most part are harmless. They are definitely not viruses.

    The "prefetch unwanted" command brings up the Windows prefetch cache, which is just that - a cache of programs which enables Windows to open them more quickly. Deleting these files won't remove a virus nor will it damage your computer.

  3. After insisting that the files found are dangerous, the scammers will offer to 'fix' them and will ask for payment to do this. They might take users to a website or they will ask for card numbers over the phone. Common websites users are sent to include some variant of the words "tech support" in the URL.

  4. What follows is an attempt to connect to the computer remotely. How this is done differs slightly per scam but in general they will direct users to a web page via the Run command and/or will ask them to install a program such as TeamViewer or LogMeIn. Installing those particular programs (the ones mentioned, that is - other programs may be more malicious) is not dangerous in itself - it's the part where the user hands over control that is, and the scammers will do this by asking the user to enter a code into the website or program. Control is then given over to the scammers - they can then see and use the computer as if it was their own.

  5. Once the card payment has gone through (for far more than the user paid for, in most cases), the scammers will set about 'fixing' the computer, which generally involves downloading and installing lots of software onto the machine and possibly deleting anything they think is a virus (note: this could be anything - personal documents, essential Windows files, etc). They might tell users to leave the machine for a bit and during that time they'll snoop into their personal files - or they'll do it right in front of the user and claim it's part of the fixing process. It isn't - they're just looking for information they can steal.

  6. Once all the software is installed, the user is told their computer is fixed and the call is ended. The installed software is, in most cases, harmless; it's just junk that doesn't do anything (or perhaps does do something, but not what it advertises - it may pop up a load of ads or redirect your browser to a dodgy search page, for example). However, some scammers have installed software which opens a backdoor to the computer and leaves it in their complete control and can use this to do far more damage. Rootkits and keyloggers can get installed and the computer can end up a so-called 'zombie' acting as part of a botnet.

Wonderful, eh?

Fixing all this once the user discovers they've been conned depends on quite how bad the damage is to the computer. Personally I'd recommend a full reformat - you never know what nasty little things were done during the 'fixing' process and what that seemingly harmless software might leave behind. It might still be 'calling home' in the background, sending personal details back to the scammers. Not really a nice thought. It also goes without saying that you should cancel all cards given out to these fraudsters and contact your bank telling them what happened. It's unlikely you'll get the money back, as you willingly gave the details out, but you should still contact them. Watch out for an increase in junk mail, email spam and/or similar phone scams as your details get passed around - don't fall for them again. If you can, get a credit check done to make sure no one is fraudulently using your details.

However, the best advice is not to be scammed in the first place. When random people call you up out of the blue, treat them as if they'd emailed you - would you blindingly trust any email that says it's from a certain sender? You shouldn't trust people on the phone that claim as such either. If they pretend to be from a reputable company, ask their name and ask for a reference number for the call, then call the company's main advertised number (NOT the number the person on the phone tells you to call, even if they say it's their private extension or similar) and quote the details. No such person/reference? You know that call wasn't genuine.

Think about it: would a major computer company such as Microsoft really care about individuals with viruses? And furthermore, if they did care, would they really task themselves with dealing with it? No, they wouldn't - they're a huge company with far better things to do. It's common sense; you cannot know a person is who they say they are even if you met them face to face, so how can you possibly know over the internet/phone? You can't, so don't give them the privilege of having your personal data. You don't know what they'll use it for - ID theft, selling it on, stealing from your bank account ... You name it.

Oh, and don't save things on your computer that will delight such fraudsters when they find them either - bank details in a Word document? Not a good idea. Really.

Please note: this post is now over 1 decade old.

Older posts are archived for historical reasons and also for those who may find their contents useful. Facts, links or opinions within this article are likely to have changed; the article itself may also no longer represent my own views on the subject. Please bear this in mind when reading these posts.

Comments (2)

  1. Oh my, I hadn't heard of this one yet. It's crazy what people will do for to get money. O_o

    I use TeamViewer myself for my computers and some of the ones I work on for other people and I love it but yeah, in the wrong hands it's bad. There's an option from the remote machine that is logging in to disable remote input. In other words, disallow any mouse or keyboard interaction from the computer that's being controlled. You'd have to disconnect it from the internet or force the power off to stop that person.

    Hopefully most people will be smart enough to stop these scammers from taking over their machine and finances. Thanks for sharing, Amelie, it's important to educate people about this stuff!

    valerie's Gravatar valerie on

  2. Men, people can be crazy bastards.
    I had never heard of phone frauds like this until now, but I'll be sure to pay attention and spread the voice.
    Thanks for sharing; it's important to let people know about these things, so that they may prepare themselves.

    Lucien's Gravatar Lucien on

Previous entry: Facebook knows all about you... Even if you don't know about it. | Next entry: Using one drive to backup Mac and PC