/ Technology

Update: the true cost of the ‘Microsoft support’ scam call

Cartoon of man with phone

Have you been called by bogus Microsoft support scammers? We’ve heard from readers who’ve been conned into paying hundreds after falling victim. We’ve spoken to Microsoft to find out the scale of the scam.

The phone rings and there’s a voice on the line telling you they’re aware you’re having computer problems, but not to worry – they’re with Microsoft, and they’re here to help. It’s a complete lie, and the opening gambit of an all-too-successful scam.

The person on the end of the line has no idea how your PC has been behaving lately. And they’re certainly nothing to do with Microsoft. They’re just after your cash.

These ‘tech support’ scammers will typically ask for remote access to your PC. They may then infect it with malware that could lift credit card details from your computer. Or they could simply charge you through the nose for PC ‘support’ that you never even needed.

Conned out of hundreds

Which? member Walter was conned out of £130 by a company claiming to work with Microsoft. Not only was he convinced to buy a £59 subscription, Walter was forced to pay a further £70 to have his computer fixed by a professional after the cold callers made his computer almost unusable. Action Fraud confirmed Walter was a victim of a scam and after Which? intervened on his behalf, his bank refunded the full £130.

Walter still gets cold calls from time to time, but now he doesn’t hold back:

‘The last time they called, I gave them a piece of my mind. It gave me the chance to inform them about the damage they had done to my computer and the cost of fixing it, which I must say made me feel a bit better.’

Scale of the ‘tech support’ scam

The scale of this scam call, which has been doing the rounds for nearly three years, is staggering. According to figures from Microsoft, one in five people surveyed in the UK had received one of these scam calls since 2010. Of those who have received a call:

  • Over a third said the caller tried to sell them something.
  • Over a fifth were asked to permit the caller remote access rights to their computer.
  • Over a fifth were asked to download some software.
  • And 18% were asked outright for credit card information.

According to Microsoft, half of the victims were aged 55 years or over, and the average amount lost has been a painful £745. Stuart Aston, Microsoft’s chief security advisor, told us:

‘It’s a dreadful crime. It targets vulnerable, often elderly people, and it can cost them a large amount of money. It’s a huge loss for the individual victim, but added up, thousands of successful scams like this can reap a small fortune for the criminals behind them.’

And Aston’s no stranger to the calls himself: ‘Somebody even called me once on my work phone here at Microsoft, claiming they were from the Windows support team.’

What’s Microsoft doing about the scam?

Microsoft’s working alongside international police agencies to tackle the scammers directly, but progress has been difficult. Many of the call centres are based overseas, and they change their names and tactics frequently.

At Which?, we’re campaigning to cut down nuisance calls and texts. However, this scam is more than a nuisance – it’s a criminal issue. Microsoft should continue raising awareness and working with police in order to stamp this scam out once and for all. And if you think you’ve been a victim of one of these tech support scam calls, run a virus scan, alert your bank and contact Action Fraud to report the scam.

Update: 30 June 2017

Four people have been arrested in England on suspicion of fraud. The arrests came after a two year investigation into scam calls from fraudsters pretending to be Microsoft IT support staff.

A collaboration between City of London Police and Microsoft saw the arrest of a man and a woman from Woking in Surrey, and a man and a woman were arrested in South Shields, Tyneside.

While the inquiry found that many calls came from India, the four arrested in the England have been accused of involvement in the scam.

Last year there were 34,504 computer software service fraud reports made to Action Fraud, with attributed losses of £20,698,859.

Computer software service fraud accounts for 12% of all reports to Action Fraud, making it the third most reported fraud type.

Comments
Member

It is good that Microsoft are helping the police and making considerable effort to improve the security of Windows. Had they put in this effort years ago, we might have seen a lot less malware.

The majority of nuisance calls I have received in the past couple of years relate to this scam, and once I had three calls in a single day. Sometimes I have been able to recognise the voice and remember the name of callers. Why anyone should call back when I have called them a scammer defeats me.

Every call I have had has been from a withheld number, so I have not been able to take any action to help stop the scam.

I think we need to publicise the problem on TV, to help prevent more people from becoming victims.

Member
Francis: says:
25 May 2013

I have been called several times from an Indian sounding gentleman and also a lady. They advised the computer was running slow and giving me problems. I asked them to check what was happening with it at the moment – there was a gap then he said it is still running very slow – turn it on and follow my instructions – I told him he was a very clever chap as I did not have a computer – the phone was put down – well – we can tell porkies as well!

Member

You said: “What’s Microsoft doing about the scam?” and “we want to see Microsoft going to every effort to stamp it out.”

Why have Microsoft got to “stamp it out”? They aren’t the police.

To be clear, if a new scam was identified where people were being forced to sign up to a fake Which? subscription for thousands of pounds per year, and national newspapers started saying “Which? should make evey effort to stamp it out”, what exactly could you do to counter those random callers from another country?

Member

Hi Fonetic, you’re right. That wasn’t quite right – we’d like Microsoft to continue raising awareness and working with police in an effort to stamp it out. Rich has tweaked his copy. Thanks.

Member

fonetic

Microsoft may have no legal responsibility to deal with this problem but had they paid more attention to security problems in the past I doubt that malware would have been such an important issue. People are taken in the scammers because computer problems are not uncommon.

Like many others, I also feel that multinational fast food outlets have a responsibility for obesity and other problems caused by their large portions of unhealthy foods.

I am certainly not trying to shift the blame from the consumer, but companies need to think about the damage they can cause to society. It’s called corporate social responsibility.

Member
Caitlin says:
21 May 2013

I quite agree with all that’s been said. It’s a criminal fraud, and the more that Microsoft and others can do to stamp it out the better. Although “wavechange” mentions that the calling number is “withheld” (which I think indicates that a call is from the UK), my experience is that it is usually “unavailable – outside area”. From the accents of callers, I strongly suspect that most of the calls come from outside the UK, which of course makes cracking down on them harder.

Two minor things which can’t stop the scammers, but which might waste their time and therefore give recipients of their calls a bit more satisfaction. When the scammer says that they have identified a fault on your computer, play confused and ask them to tell you which of your several computers has the fault. They obviously can’t give a good answer to this. Another dodge (not open to me, I’m ashamed to say, but which my wife uses and gets some pleasure from) is to answer in another language. If, for example, you answer the phone with “Allo”, this is quite close enough to “Hello” not to annoy genuine callers, and continuing in French should get the scammer off their script – and off the phone!.
.

Member

OK Caitlin – the scammers’ numbers are unavailable, but that means that they are withheld from me and I don’t believe that I can take any useful action.

I like the idea of replying in a foreign language. The French I learned at school might not have been adequate for use in France but it might be ideal for annoying scammers. Je ne sais pas.

Member

I still get a couple of calls every month, am getting really bored of them now. Sometimes I go along with them just to see which method of trying to convince me there’s something wrong with my PCs. They seem to have a little number of methods though.

Surely the UK Government should be talking to the Indian Government as that’s where the calls seem to originate. And yes its a global issue I have friends in the states and Canada or get these calls too.

The sad thing is many people could have issues with their PC and have no way to fix it, so by doing something genuine and not trying to scam people they could actually make money.

Member
Neville says:
21 May 2013

In case it cheers up anyone with this problem…
Warned by me, my daughter had several minutes of interesting conversation with the caller, before explaining that she was puzzled by all this, as her computer was a Mac…conversation ended suddenly!!

Member

Sadly, that does not always work. I asked one of the scammers which of my Macs was affected, since I have a desktop and two laptops. He said it was the desktop machine and directed me to go to a website and download some software. After I called him a scammer and put down the phone, he called back giving the same name and told me I had a problem with my laptop. Maybe some people are victim of clever scammers but the people who call me don’t seem to have two brain cells to rub together.

I suspect that some of the scammers don’t know what a Mac is. I once had a brighter one who I played dumb to for a good ten minutes before revealing that I was a Mac user. He was cross and accused me of wasting his time. It’s the only nuisance call I have ever enjoyed receiving.

Member
Lesley Davies says:
21 May 2013

I’ve received these telephone calls regularly and I explain to the hapless callers that I know what they are up to, that they are rip off merchants and they should be ashamed of themselves. the phone call usually ends quite quickly. My other alternative is to start singing to them, though I think that is a little too cruel

Member
Michael says:
22 May 2013

Just now got a call from them. I have had calls in the past, but of course I know better than to let a caller have access to my computer. It is the hackers that I am afraid of. Anyway, this lady with a super strong accent told me there was a problem and tried to get me to follow her commands. I told her I knew how to fix it myself. She said only they can fix it. I said I know this is a scam to steal from me and she should be ashamed of herself for working at this . She just kept telling me to follow her instructions and this was a genuine call from Microsoft. I played some more asking questions and telling her I know for a fact that it is a scam. I even told her the look it up for herself. Finally after playing with her for 20 minutes, she said you are wasting my time. I said your are a thief and a %#@&^. She hung up and called back in some weird language yelling. I told her this was being recorded and sent to the FBI. She hung up. The caller ID said TOP MARK. I may get carried away a bit, but I can not stand someone taking advantage of people and trying to steal from them.

Member

I receive these calls quite often. When I had more time, I used to wind up these callers, wasting considerable amounts of their time. I managed to keep one of them on the phone for 90 minutes while I wasted his time.

I pretend to be a novice PC user and deliberately make myself sound like a technophobe and rather stupid. I follow their instructions and read out any generic information from my PC (e.g. standard logs from Event Viewer). Every few minutes, I manually make my mobile phone ring, and ask them to hold while I take the call. I mute the scammer while I do this. I let them hold for 5 or 10 minutes, and whenever they ask whether I’m still there, I unmute them and tell them that I am. While they’re on hold, I get on with other things so they don’t waste my own time.

When they ask me to go to a remote access provider such as LogMeIn or GoToMyPC with an access code, I put them on hold again (with another fake incoming call on my mobile) and I phone the support department of the remote access provider. I explain that I’m an experienced IT professional on the receiving end of a scam and I give them the scammer’s access code so they can block his account; they are very grateful. I then go back to the scammer and tell him that his code didn’t work. He then tries another remote access provider and we repeat the whole process again, wasting more of his time and blocking more of his accounts. When I’ve had enough, I tell them that my internet connection no longer works and they must have broken it. Eventually they get bored, particularly after I put them on hold for longer and longer, and then they hang up. One even threatened me with legal action for wasting his valuable time!

Member

Does this mean the scammers can be identified by the ‘log me in’ type code? Perhaps we should all go to the point of receiving the code and then reporting the details to Action Fraud.

Member

It all depends how the scammers pay for their LogMeIn/GoToMyPC account. Rather than using their own credit cards, they no doubt use stolen credit cards and operate via PCs they have already compromised, so even tracing their IP address wouldn’t achieve much. The scammers are probably very hard to trace, so the best we can do is to get their code and immediately report it to the provider of the remote access service so that their user account can be shut down. Reporting it to Action Fraud will have little effect, as the scammers are mostly based in India (according to their strong accents). Also once Action Fraud get round to dealing with it, the scammers will already be using a new user account anyway.

Member
Graham says:
24 May 2013

As a retired IT manager I also have had some fun with these characters. I pretend to be a bit confused and ask how they know my address, they say it is my IP address which I then ask them to explain how that relates to my postal address (I don’t disclose that but they often know the street name) Another good line when they mention windows is to tell them you use Linux, they never seem to realise that is a completely different operating system.

One day if I am bored I might get them to sign on to a virtual pc, I know folk who have done that.

Member
yorkrose26 says:
29 May 2013

Hi,

I once spent a ‘pleasant’ hour or so myself doing exactly the same thing, I am fairly computer savvey so did know that he was talking ‘rubbish’ when he was mentioning that ‘Microsoft’ had caused a virus and it would need the ‘crack (being the operative word) team ‘save the day’. However as I say because I knew what I was doing and was sick and tired of these calls I decided to ‘have a little fun’, (I was bored, sick of these calls and worried that if my dad answered the phone we would really have had trouble (not necessarily PC Savvy), so I acted the ‘dumb female part’ for the best part of 40 minutes, it then came to the ‘I now want to control your PC’ part which I ok’ed (had Norton on so I could control everything anyway), then all of a sudden he wanted not the £40 he initily quoted but on top of that he wanted another £75, and he justfied this by saying that the £40 was for the inital diagnosis chat (£1 per minute cheaper than a premium rate call, so I suppose technically if this was legal and above board someone would probably pay that (check out PC Techguy charges), the £75 was for remote access and diagnosis, I let him continue his spiel and he just casually mentioned that he would be putting some software on the computer to help diagnose, it was this software I wanted, as unbeknown to him at the same time I was talking to him I was ‘text chatting’ to a registered Norton rep, who was very interested in what was going on, any case the software got downloaded (not fully on to my machine Norton (who were Norton) had installed some dummy software), and ‘catch the program in the cloud, to analyse etc.

The upshot of all this was that they managed to trace and track this particular company and close them down, unfortunately though there are always going to be more and more but at I least I liked to think I did help a little and I never got any more from this particular scam (though that could just be coincidence).

Member

I just received another one of these calls from a company claiming to be called “Detechi”. They gave their phone number as 0151 209 0471. I wasted half an hour of their time while I did other things. They phoned back twice subsequently but I didn’t have time to deal with them again.

Member
Graham King says:
1 June 2013

Might be worth reporting the phone number to Ofcom as it seems to be a UK number

Member

I wonder how aware Microsoft is of the scale of this activity. I have had numerous bogus computer-fix calls over the years; I was alomost taken in the first time but checked myself before any harm was done and I have been very wary ever since. I can’t be bothered to waste their time because I expect mine is more valuable so I dismiss them abruptly. However, I have never reported any of these contacts to Microsoft so their figures for scam calls are possibly a under-estimate [although I expect they have done some competent research in order to arrive at their figures]. I agree that we must look to the crime prevention agencies to protect us from these deceptions; they should not be sheltering behind the IT industry and dragging their heels on enforcement across international boundaries. But it is only right that dominant players like Microsoft should exercise more responsibility in developing systems and protocols that will defeat scammers and in issuing serious warnings to all users – they are very quick to pump out more and more inconsequential, and rather juvenile, messages through their web pages and e-mails; they need to be a bit more grown up over the risks to people’s security and privacy. By trading on the informality of the internet, I do feel that some major IT companies have compromised the authority of their stand against exploitation and should now take active, rather than passive, measures to steps to support their customers, especially where they are also the customer’s ISP.

Member
Steve Ellis says:
21 May 2013

I have my own Computer Support Business and I have had these calls on several occasions. On one particular occasion I asked the scammer if he thought I was born yesterday… he actually asked me for my Date of Birth… unbelievable….

Member

One caller that I pulled up over their scam actually accused the British public for being so gullible. “it’s not our fault, you people shouldn’t be so gullible”, “its too easy to get money from you people ” was his comeback.

Maybe every outlet that sells computers should be made to mention this scam to people buying new kit, and that includes apple and linux kit, as it won’t be long before the scammers will be able to con those users ( alhough linux users will probably be the hardest to scam).

I wonder when they’ll move onto “Your smart phone is sending out fake text messages” click here and here to see how infected it is, etc etc

Member
Colin says:
21 May 2013

I too enjoy winding these callers up as no matter what you say they just dont get the message.

In a lot of these countries that are trying to scam you though they are not allowed to terminate the call by the employers. They usually get 3 strikes and then they are out the door.

I am a Microsoft Certified IT technician and even when explaining this to them, they just play dumb and keep asking for me to switch on the PC. I’ve even told them that I do not have any computers at one point to which they asked “what do you have then?” I then told them I had a tractor with SatNav and they finally hung up. The truth is this is not a microsoft issue, the callers could be calling saying they were from apple and try something similar. The problem is people are being talked into buying computers which often they dont need or don’t know anything about and then through lack of knowledge fall for this scam.

The comment about malware isn’t really microsofts fault either as there will always be people trying to break systems or security, the same as there will always be someone who tries to rob a bank microsoft release patches and hotfixes to resolve this when it happens. Obviously it’s good that microsoft are trying to help with this but another option would be for the uk gov to try and raise awareness. They could stick an ad on tv to raise awareness as they do with other issues (think bike! etc).

Anyway enough ranting. These calls are a pain!!!

Member
Jean McDonald says:
21 May 2013

Some time ago I fell for this scam and paid out something like £150. I then went online and discovered it was all a scam so I followed the trail and found the details of what company had taken my money.

They quickly refunded it to me but then I went to the fraud service mentioned in other comments with all the necessary details. I was extremely disappointed as I never heard from them again and felt they had not actually taken any action which is probably proved as these people who phone you are still ripping people off.

I have had 2 or 3 calls since but as soon as they say I have something wrong with my computer I just put the phone down.

Member
Tulip Bicycle says:
21 May 2013

I usually answer the phone with the spanish “Hola”, and if they don’t hang up and start the spiel I tell them I don’t have any form of computer, or that this is the Truro Sexual Health Clinic, or that they have called Microsoft Security Centre – any of which quickly get rid of them.

Member

It might also help if Microsoft stated on their software quite clearly that they will not call the user at any time, unless the user has arranged this with Microsoft. Software updates are performed online according to the options available with the software.

Member

Good idea. Just like banks say that they will not send emails asking for passwords, etc.

Member

I had a call earlier on today, apparently my computer was spamming their server. All I said to her was if you want to keep talking to me don’t lie to me, she hung up.

This scam has been going on a several years now, why can no one actually do something sensible about it. It can’t really be that hard to resolve.

If I ever find out the phone number for 10 Downing street, next call from these scammers I get I’ll ask them to call me back on my another number as I’m expecting an urgent call on this line.

Member
Julius says:
22 May 2013

I’ve received several fake tech repair scam calls and I think they’re obvious. I’d never fall for one like it.

I’ve reported all the calls to http://www.callercenter.com and poster their phone number to let others block them ahead. LOL!

Member

Never say never. Move forward 40 years, think how more sophisticated the scammers are likely to be and decide if a 60 year old is likely to be aware of new scams. My assumption is that you are in your twenties.

Member

What a scary thought that no one will be able to call time on these nuisance phone pests in the next 40 years 🙁

Member

It may not be phone scams but I’m sure criminals will still be trying their luck. I don’t think any of us are immune to being scammed, given the right circumstances and the right scam. I’m naturally suspicious, but I think I also could be caught if the scam was believable and had not heard of it before. For instance, if my computer was playing up and I received a call from Microsoft telling me there was a virus on my computer and they were gong to sort it al out ……I may have gone along with them to the point of paying. My suspicious mind would have led me to ask how much it would cost at the very beginning and that may have prevented me from being scammed.

Member
wev says:
23 May 2013

Could everyone read the thinkjessica.com website, it’s got similar scam stories. It isn’t just computer scams we have to worry about.

Member
hoppingpinkrabbit says:
23 May 2013

I’ve tried a few things with regards to these phone calls which seem to come along in droves and then vanish for a while before starting up again.

Reciting parts of the Bible to them can shut them up. You don’t need to explain to them the meaning behind it, just reciting parts and without stopping.
Similar goes for kids books- now if you ever wanted to experiment with using different ‘voices’, here is your chance! Just don’t make it too interesting- stopping 3/4 of the way through could be an idea.

I’ve told them I work for the MET and also tried to obtain details from them such as their company phone number, letting them know I’d call them right back because I’d need their number in case anything went wrong in the future (uh, like the Police themselves wanting/needing further details:)

Or if I’m not expecting another call, just leaving them hanging- and if I need to use the …(nice way to put this) “bathroom”, all the better! They tend to hang up after the chain flushes…

A whistle is another idea- as soon as you know its them, BLOW!

And finally, asking “why” after each question they ask or even answer always seemed to work to irritate my parents when I was little, can’t help wondering if it would work this time too.

But seriously, there needs to be some sort of an independent group who go after these people because it’s beyond a joke now and people are getting caught out.

Member

Your mention of the Bible makes me think that reciting the Ten Commandments could be appropriate, highlighting the one saying ‘Thou shalt not steal’.

Member
Dave says:
24 May 2013

Also ‘Thou shalt not bear false witness’ and ‘Thou shalt not covet (thy neighbour’s cash)’.

Member
Graham King says:
24 May 2013

What everyone should remember is that we should trust no one that phones up out of the blue and tells us we have a computer problem and then demands money to fix it or remote access to it. Never trust anyone that starts asking for passwords and access. For phishing and scam emails copy the full header, forward the email with the header information pasted in to phishing@cityoflondon.police.uk as they deal with computer fraud for the UK

Member
RogerW says:
24 May 2013

Frankly the scam is so obvious that anyone caught should be ashamed to admit it.