Watch tech support scammers at work, live

How do scammers posing as tech support dupe customers in to installing malware? Take a look.

It's almost too easy to be hoodwinked into scams produced by the increasingly sophisticated tactics of hackers, but how does the process actually work?


Scams come in a variety of ways. In the beginning, emailed messages told you your ticket for the Spanish lottery was a winner, your help was needed transferring millions of dollars from accounts in Africa, or a long-lost uncle was willing to give you a percentage of your inheritance -- as long as you paid the transfer fees and handed over your account details first, of course. Now, scammers appeal to you through loans, fake bank-based emails and tech support scams.

One such tech support scam has been documented by Jerome Segura, Senior Security Researcher at Malwarebytes. The security expert recorded a case where a support scam, a.k.a. the Microsoft/Windows support technician call, invented non-existent problems over the phone with a consumer and tried to exhort money as a result.

These scams are not purely PC-based, unsurprising as many consumers are moving towards smartphones and tablets. Scammers find their victims by both cold-calling and advertising online, often creating multiple identities and paying for sponsored placement adverts to appear legitimate.

After calling, the technician told Segura that he would not be able to directly connect to the phone, and the user had to plug the device in to the PC first, before downloading remote login software so they could connect to the PC.

Screen Shot 2014-01-14 at 09.56.13

After logging in and rifling through the phone, the technician gave up on finding anything of use, and instead went to a traditional way to lure victims: pop-ups. If you're going to scam someone, Windows is much easier to use as a platform than Android or iOS.

"Alright Sir. Just let me know one thing Sir. So when you are doing work on your mobile phone or on your computer ok, do you receive any kinds of pop ups for operation {inaudible} like Adobe Flash Player, or anything like Java as well as on your mobile phone?

You get a pop up right? And you always connect your mobile phone with your wifi right?

So the thing is there are some kind of infection over here, so that’s why the infections transfer from your network to your phone ok?"

It's not difficult to see where this is going. After asking the user to complete a search, the 'technician' says:

"There is one file which is installed in your computer as well as in your mobile phone and that is a very bad file. The name of that file is rundll ok? r-u-n-d-l-l number 32 dot exe alright?"

Rundll32.exe is a standard Windows file, and certainly won't be found on an Android device. However, the technician pressed on, saying that "this file is specially designed to jeopardize your banking information." Cue panic for those without much technological understanding. In this case, in order to dupe the consumer, the scammer removed the 'infection' then simulated a 're-infection' by restoring them quickly from the Recycle Bin (Ctrl+Z).

By doing so, the 'technician' is able to persuade the customer they need continual support to keep infections at bay -- and so comes the bill for a year of 'support' for a mere $299.


Scammers profit from the human condition. A lack of understanding about modern devices, panic over fake infections and the possibility of losing private data are all areas ripe for exploitation. However, these new campaigns also come with fresh risks: by connecting scammer to your devices, you are giving them unfettered access to the data stored on them.