Don’t Fall for This Scary “Critical Alert from Microsoft” Scam that just Happened to Me

Here’s how I dealt with it, screenshots and all. And now you can have some fun at their expense, literally.

The first time I got this was over a year ago. I just now got it again. So it must be more common than I thought. It was super-scary the first time – fear is what they prey on. This time around, I took screenshots to document it.

You’re looking at a website, perhaps some news site – I was on Caixin Global to read about a bond default by a Chinese company — when suddenly an authoritative, insistent male voice of the type to be expected at a crisis center in the US hammered on me with dire warnings about my computer, while a new browser window popped up that looked like a Microsoft Windows screen with three dialogue boxes (click to enlarge):

The combination of that voice and the page with warnings and dialogue boxes are designed to rattle your nerves and make you do stupid things. In the above screenshot, note the URL in the address bar: It has zero connection to Microsoft. This is a dead-giveaway the page is a filthy scam perpetrated by slimy scum. It’s designed to put you into panic mode.

While you’re trying to read all this, the authoritative, insistent voice keeps hammering on you on endless auto-repeat:

“Critical alert from Microsoft. Your computer has alerted us that it is infected with a virus and spyware. This virus is sending your credit details, Facebook log, and personal emails to hackers remotely. Please call us immediately at the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close the page before calling us, we will be forced to disable your computer to prevent further damage to our network.”

While being hammered over and over again on auto-repeat, you’re trying to figure out how to shut up the voice, and what the screen says with its dialogue boxes. Two of them request your username and password. One shows a warning about the dire things about to happen to your computer. And in huge font: “Call Support Team : 1-877-359-5840.”

The URL in the address bar comes with a long tag that contains all kinds of data and code, including my location (San Francisco), my IP address, and at the very end the toll-free number used on the above page. The phone number is in this format (I added the bold for clarity): p_num=1%20877%20359%205840

I pasted this URL into Edge for a different view à la Microsoft. And sure enough, this is what pops up (click to enlarge):

But for crying out loud, DO NOT fill in ANYTHING.

And this is what it looks like in Chrome (click to enlarge):

I do not recommend that you try this, but you can try it (make sure your firewall is on and your antivirus software is updated). You can copy and paste this URL (I took off the long tag)…

https://d3fth1zzlipf2c.cloudfront.net/assests/eng_ff_auth.html

…into your browser’s address bar, and the scary page will pop up, and then you get to listen to that fear-mongering voice, unless auto-play is turned off in your browser. Because I clipped the long tag that includes the phone number, the page you get shows a blank instead of the phone number.

Then you may have trouble closing the window. This is a scam after all. So here’s a tip that worked for me. To close the window and to shut that guy up, you might have to disconnect your computer from the internet and then close the dialogue boxes and the window — otherwise the page might just reload. And clean the cache of your browser afterwards.

In Firefox, the two dialogue boxes that requested “user name” and “password” issue a strong warning, which I underlined in red: “WARNING: Your password will not be sent to the website you are currently visiting!” Neither of the URLs in the dialogue boxes — winsupportteam.club and win-help.online – is a Microsoft site (click to enlarge):

What these two dialogue boxes are saying is that there is a scam in progress, and you’re being targeted.

But in Microsoft Edge, the warning is less clear, and in somewhat garbled form, which I underlined in red: “The server reports that it is from Microsoft has detected suspicious activity from your IP address..”

In all three browsers, you get the same box that screams”:

** YOUR COMPUTER HAS BEEN BLOCKED.**

Here is a closeup of that box. In rough non-Microsoft English – for example, “Information Following are stolen” – it lists all the scary stuff that will befall you unless you call “immediately”:

So what happens when you call this toll-free number?

Kind of like what you’d expect when you call Microsoft tech support: You’re put on hold. A soothing voice says nicely in good American English: “Thank you for calling support. All our service representatives are busy helping other customers…” Etc. This is followed by soothing music while you hold just long enough to where you think this might be real. Then the slimy fraudster comes on line.

When this happened to me the first time, I got a male voice with so-so English and a thick Asian accent. This time, I got a woman with an Asian accent that was hard to understand.

This is where they try to rope you in.

She asked for my name and phone number. I gave her fakes. Then she said: “I need to connect to your computer with our secure server so that I can check what the problem is.” She told me to press the Windows icon key plus the “r” key. This opens a search box at the bottom left of the screen:

She told me to enter into this search box the following phrase, spelling it out carefully and having me repeat it back to her: iexplore www.support.me

This is the exact same procedure the guy over a year ago walked me through. They haven’t changed a thing.

You can google this: scams iexplore www.support.me

I googled it the first time over a year ago, and it brought up a whole bunch of results. I goggled it just now for the second time, and there are a whole bunch of recent results. In other words, these fraudsters just don’t give up.

Note that I’m doing this on a Windows 10 machine, and Internet Explorer (IE) is not installed. I have three browsers open (Firefox, Edge, Chrome), but the page that opened up was an IE setup screen that I clicked away, and then it opened this page in IE – and this is where you get in trouble (click to enlarge):

If you click, you’re cooked.

Note the scammer’s URL: logmeinrescue.com. This is not a Microsoft site. They give you a six-digit code to fill in and then they’ll ask you to click on “Download” which will then download the malware, and you’re cooked.

So this is where I hung up on them. I just didn’t have the gumption to find out what would have happened next if I had clicked, just to report on it.

Anyone can call their toll-free number 1-877-359-5840, and it’s free for the caller. But it’s not toll-free for them. They’re using this number to commit fraud, and they’re paying someone for this toll-free number. So anyone can call them and have some fun with these slimy fraudsters at their expense, and if 10,000 people call them over the next 24 hours before they disconnect the number, maybe they’ll get the message and a juicy phone bill.

Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.



  109 comments for “Don’t Fall for This Scary “Critical Alert from Microsoft” Scam that just Happened to Me

  1. ewmayer says:

    URL-not-matching-alleged-site is the so-far-bulletproof-for-me way I suss out phish-mails … just hover my cursor over the “click here” link and see what URL shows up. This is on a laptop, mind you – don’t know if most smartphone browsers support the hover-over-link trick.

    I recently got a call from some outfit running a phone version of this scam … some Indian-accented voice (with a supervisor audibly whispering coaching tips in the background) said “Hello, this is Windows tech support…”, to which I replied “I don’t own a Windows computer” and hung up.

  2. Redradar says:

    Like you, Wolf, we had the same thing happen to us in the past, and then again a couple of days ago. We muted the speakers (because the repetitive audio warning was so loud and nerve-rattling) and ran a Malwarebytes program scan on the infected computer. However, it didn’t detect any viruses, and the warnings and browser screen lockup continued.

    We followed this with a System Restore to the most recent Windows restore point which was a couple of days earlier. That resolved the problem for us — FYI.

  3. Maximus Minimus says:

    Disable Javascript, Java and pop-ups in your browser that you use for casual unprotected browsing, and only enable them in the browser that you use to log in to your bank account and emails. Goes without saying, you should never use one browser for everything.

  4. KFritz says:

    The following info is for Windows 7. If you have 8 or 10, DON’T use this as a guide. If you have XP, good luck!

    Using Chrome, trap sites are easily dealt with. Close the offending tab, and it disappears. If it’s the only open tab, open another before closing the trap site tab, and the browser won’t close.

    This is NOT the case for Firefox. But you needn’t turn off your computer. Open the Resource Monitor. It usually opens to the CPU tab. If not, click on that tab. The top panel on the left will read “Processes.” Close any process labeled “Firefox,” by right clicking it, then left clicking “End process.” There may be more than one “Firefox” process running. Keep ending them until the browser window closes.

    Even the Firefox procedure didn’t work for…get ready…Tor–which evidently has processes not labeled “Tor” in the Resource Monitor.

    As sleazy and this scam is, at least its URL comes up clean with a “Virus Total” submission.

  5. BradK says:

    All your base are belong to us

    Another dead giveaway is the grammatical and mixed case errors in the “alert” text, obvious signs that this was written by someone with a less than perfect grasp of the English language. Not that you’ll find many Americans working at Microsoft these days, but that’s a different matter.

  6. Lt says:

    Poorly formed sentences with grammatical or spelling errors are always a dead give away.

    • Bobby says:

      Hmm, starting a sentence with the word “of”, “Of your computer” or captilizing common words in the middle of sentences. Many recent ones I have seen are slowing trying to improve their gammar, they are getting better for sure! This one I didn’t notice any obvious spelling mistakes. Anyone with bad grammar may get tricked easily, which is 1/3rd of the population.

    • Mike G says:

      “You computer are infected.”

      Uh, no.

      • a citizen says:

        “All you computers are belong to us!”

        Seriously, Task Manager –> Kill Process. Thus endeth the lesson.

    • JohnnySacks says:

      Grammar is always, thankfully, a mess and a dead giveaway on these attempts. Saved me once upon a time when I was stupidly looking for a rental condo out west on a couple sites. For some reason – kill me – I went on craigslist and looked around there. Almost ready to commit and the slightest grammar mistake caught me eye and woke me up out of my naive delusion. What’s worse is how susceptible the elderly are to it, my mom gave her credit card to one of them and I had to have her disable it immediately.

      This behavior done via anything to do with the postal system is a serious federal offense.

  7. Jas says:

    Funny thing just happened to me! I had changed my password (I do often) a few weeks ago, went on a vacation and had powered my Google Chromebook down when flying, several times. When I came home and turned on my chromebook this time, I got a pop-up message, “You changed your password 18 days ago” please enter password. I was hesitant and logged in and the next screen asked me to enter my old password, which I felt was strange. Then I check my emails and your your post, Wolf! Now I’m feeling paranoid.. I wish things could be easier and not have to try to figure out what is real and what is a scam!

    • Crysangle says:

      If you replying here Mr. with posting your account detail and passwordiness , I will be check for you if they are real or scamminged .

  8. Patrick says:

    Before switching to FireFox, I was repeatedly surprised by how many web scripts IE allowed to EXECUTE on my PC without any prompt what-so-ever. MS browsers are complete crap IMO.

    • fajensen says:

      Heh – Microsoft BING! is colluding with the scammers!!

      Setting up a Windows 10 virtual machine in my daughter’s Linux PC lead to some internet question on how to install VmWare tools due to a VmWare bug causing the menus to be invisible.

      Since only BING! is setup for Edge, I lazily just used this crap-tastic search engine rather than typing “google.com”. Lo & Behold, the first 6-7 “promoted” links were all scams and malware, old classics like “snap.do” and “memory optimiser” were right there.

      On another tangential rant, I think we are now losing technological abilities at an alarming rate – all of the VmWare installers were truly “blasts from the dinosaur age” with that shitty option of doing a “default (really: partial)” or even “custom” install that Office 2000 or so used, probably with the “bite me right on the ass later” too when using the “default” and then missing something and then not having the Install CD-rom ….. rendered in blurred GIF, not matched to the screen resolution.

      Missing fonts causing menus to be invisible in the installed product … Come On … If it’s borked right on the g.d. display … For Sure no Q & A was done on anything important and invisible. Chancers everywhere!

  9. IdahoPotato says:

    I get warning emails from “Microsoft” and all the computers in my house are Macs.

  10. judy says:

    I got several of these last year. The worst one was a non-stop blasting horn witih a msg to call this number to help fix my problem. So I shut my system down, cold booted, and everything is fine. Every time I got one of these scams, I followed this procedure and have had no problems thus far.

  11. nick kelly says:

    Happened to me a few months ago. I’ve mostly kept quiet out of embarrassment but ya they are good at the BS.

    Here’s what I do now (they tried again once)

    Disconnect power and remove battery. Even though your screen seems stuck on their crap this loses them. At least its worked for me.

    PS: Every pawn shop as a cleaner program so they can sell it. They’ll charge you about 25 $ for the same thing Staples charges a hundred or so.

    • alex in san jose AKA digital Detroit says:

      Those “Fix Laptop” places too … I think it’s a franchise … my local one is very cool. Gave me $29 for laptop I got out of a dumpster (keyboard was messed up) and they have a TON of video game controllers, wall warts, software, etc. The place is a real geek candy store. I’m sure they’d charge $25 or even less, to run a quick cleaner.

      (Hell for $24 I’ll Google on Google for the Google on how to do it…)

  12. Bobber says:

    You’d think Microsoft would be all over this. They are dragging Microsoft’s name through the mud. Microsoft has a presence in every major country, so you’d think they’d have some authority to legally go after these scammers.

    • alex in san jose AKA digital Detroit says:

      There are actually people who do go after scammers, as a hobby.

      For a fun read, look up “Anus laptop scam” no it’s not as bad as that sounds, in short, a guy had an ASUS laptop for sale, and a Nigerian scammer tried the old “pay them a huge check and have ’em send back the change” scam. Well, it built and built, the guy had them on the phone, etc and at one point they called ASUS, anus. The guy just rolled with it, making it even more hilarious. It literally gets to the point where threats are flying and the scammers are sending the guy photos of everyone in his village (grannies not excepted!) holding machetes and so on, threatening to “get him”.

  13. Lenard says:

    The more advanced (complicated) the technology becomes, the worse (better) this crap is going to get. In the old days, it was easy to spot fake bullion smuggled here from overseas. Now they’ve gotten so good at making counterfeit coins that even the professionals sometimes can’t tell the difference without using some very expensive equipment. Take it from an old IT guy (now retired), when driving on the Internet, you can never be too careful.

    • alex in san jose AKA digital Detroit says:

      Actually, there have been rumors of bullion with a thick layer of gold wrapped around tungsten, which were rather hard to tell from the real thing.

      • Frederick says:

        I read about that alleged gold plated Tungsten I read somewhere that the US tried unsuccessfully to ship a bunch of it to the Chinese only to have it rejected and returned Evidently they are experts at spotting knockoffs

  14. Old dog says:

    Wolf, I commend you for your common sense and for alerting your readers.

    During the Windows XP era, I was a systems developer at a computer company in the Bay Area. I spent two years reading security logs, planting honey traps and tracing the steps of hackers we managed to lure in. The hackers’ lack of imagination was amply compensated by their boldness. Some of them knew what they were doing. Most of them didn’t.

    The security landscape has improved a lot since. Windows 10 is very robust. If one keeps his AV up-to-date and doesn’t do stupid stuff, there isn’t much a hacker can do. Compilers (x86, x64 and ARM) are smarter nowadays and append intelligence in the code to prevent classic tricks such as buffer overruns.

    It seems to me that the majority of scumbags nowadays have to resort to social engineering to do their deeds, like the one described in this article. The good news is that with a bit of attention and common sense one can protect himself effectively.

    My wife doesn’t know anything about computers but has followed my instructions religiously; all of them plain common sense. In 30 years she has never had a problem. I, on the other hand, have had a couple of scares by being complacent and not following my own rules. For example, I didn’t check the green lock in the browser’s address bar when accessing my bank and almost got duped into entering my credentials. Constant vigilance!

    I highly recommend anyone who is interested in security and science/technology in general to subscribe to Ars Technica .com. Their level of competence is extraordinary. They are always one of the first sites to alert users about exploits, such as the recent Spectre and Meltdown flaws in the x86 and ARM processors.

    Anyway, thanks for alerting us. I’ll definitely will give those scumbags a call.

    • Enquiring Mind says:

      In addition to Ars Technica, readers should look at the following:

      BleepingComputer.com

      Komando.com (more general articles about computers, phones and such)

      Also check for browser updates routinely, using the Firefox About, Opera About, etc.

  15. Memento mori says:

    There was this crazy guy who traced his computer scamers all the way to India, funny story but cant find the original podcast on kpbs radio.
    https://arstechnica.com/tech-policy/2017/07/how-the-reply-all-podcast-tracked-down-a-man-behind-a-tech-support-scam/?comments=1

    • Memento mori says:

      here is the podcast to listen to if stuck i n the traffic, very entertaining

  16. Linus says:

    There is absolutely no reason to use Windows for most common taks. Windows software architecture makes it almost impossible to secure on the internet.

    Suggest you try a free linux distribution or even Apple (which uses a unix base). Try Unbuntu or Linux Mint Cinnamon if you don’t want to work too hard or debian cinnamon if slightly you’re more skilled.

    Your story is the exact reason I gave up on Windows, (Windows 10 being nothing more than complex spyware also helped push me away).

    • Wolf Richter says:

      This site runs on a Linux server. That’s as much as I want to deal with Linux. Linux is just as vulnerable as anything else to hacking. I know!

      • Alex says:

        Linux (as is all unix’s) is all about locking down the permissions on each file and folder. Once that is done properly, running as a regular user is usually pretty secure.

    • Wolf Richter says:

      BTW, this was a scam not a hack.

      My computer is fine – and it did not get hacked. The scam was that they were trying to get me to click on something in order to download malware. But since I didn’t click on it, my Windows 10 machine is just fine, no problem.

    • a citizen says:

      You are in fantasy land, friend.

    • fajensen says:

      Well, sure I will. Right After “Altium Designer” comes in a Linux / FreeBSD version. Linux / FreeBSD are very good operating systems for software developers, not so much for people using other design tools.

      These days, I don’t care. I use virtualisation for everything. If something (or me) shits on my Windows, Linux, FreeBSD or whatever, I just roll out the backup image.

      It is also nice to have a small “computer” used only for banking and disposable ones for questionable internet activity.

      If one mainly uses Linux, the “Qubes OS” takes a lot of the hassle out of VM’s and compartmentalisation (https://www.qubes-os.org/intro/).

      PS –
      We can forget about having “secure systems” because all the CPU’s one can buy today will have one or more “management” CPU’s buried in the 20 billion transistors or so. Perfect place for a “blue pill hack”, probably only a real risk if one pisses off the Russians, French, GCHQ or the NSA.

      https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

      • viny1l says:

        The desktop version of FreeBSD is TrueOS. It is so locked down it is difficult to get anything done. I deleted it and install Mint instead.

        If you are an experienced Unix SA, it is not difficult to lock up your Linux system tighter than a drum. The easiest thing is to create a ‘noprivs’ group with no privileges and then a ‘nobody’ in that group, and run as that.

        I have found, however, that doesn’t keep scammers from calling me.

  17. Paulo says:

    I quickly turned the machine off, rebooted, did a virus scan and always insure protection is up to date. No problems.

    Now, if I could just stop the robo and call centre phone calls ………..
    I got the phone call saying it was Canada Revenue Agency, blah blah blah. It sounded authentic and left me wondering what my 87 year old father-in-law would do?

    • RD Blakeslee says:

      I’m 87 – see following post.

    • Maximus Minimus says:

      They must be familiar with Canada Revenue Agency, probably first hand. Otherwise, not that many know what a tax agency is called in another country.

    • sierra7 says:

      I’m also 87 on the cusp of 88……have an unlisted phone #; Don’t “answer” until I hear a voice or recognize the # on the screen. Even with an official unlisted # I still get some small number of phone calls but use the above formula (explained to my friends and family) and it works well.
      Never have my desktop with speakers turned on unless I watch something that needs that function.

    • Argus says:

      I got this Microsoft scam a couple of times, recognized it straight away as fake and immediately shut my computer down.
      Have upgraded my virus protection now but we’ll see what happens.

  18. You could use Chrome. There is an extension called “Block Site” which you can use to block sites. That works out pretty well for me.

    You can also edit your hosts file: See here: https://en.wikipedia.org/wiki/Hosts_(file) and http://winhelp2002.mvps.org/hosts.htm

  19. RD Blakeslee says:

    I’ve been using Microsoft operating Systems since the original, first version of Windows. They have never used the internet to notify me of any security problem – they just patch the problem in their next security update.

    If I find out there is (or was) a problem, it will be from a news release by this-or-that security organization.

    So, when these “Microsoft” scams appear on my browser, I shut down the computer and re-boot it. So far, I haven’t had a problem with the re-boot displaying the scam again.

  20. Tom says:

    Wolf,

    So many people get taken by this scam, it’s very easy to happen, and also the scam where they call you and tell you your computer is infected.

    Microsoft never does any of the above, however I get frantic calls from people about this and I go in and fix their computers the right way.

    I tell people who have let them remote into their computers to change all passwords, and use 2 step verification, and put a freeze on Equifax and TransUnion for new credit, and notify and or setup alerts across the board on any financial transactions, it’s very nerve racking process.

    If you fear the worst, then pull the plug and take it to a local professional.

    Regards,

    Tom

  21. Bill says:

    Use linux, free better and no virus, scams or spyware.

    • Wolf Richter says:

      As I said elsewhere on this thread, this site runs on a Linux server. That’s as much as I want to deal with Linux. Linux is just as vulnerable as anything else to hacking. I know!

      This was a scam, not a hack. And scams are everywhere, even on your phone. Even face to face.

      • vinyl1 says:

        Linux is actually pretty solid. They are hacking your web server, not Linux itself. You have to know what you are doing to configure Apache. For a site like this, could just shut down most of the mime types.

        Of course, you probably have an appserver and a database too, which have different types of security issues.

  22. ZeroBrain says:

    They’re most likely paying the phone bill with stolen account info – the bills will rack up with a third party, not them.

  23. timbers says:

    I had a similar event happen to me. I called them and kept then on the phone as long as I could. Eventually they hung up. Google Jolly Roger bot on YouTube.

  24. Aqualech says:

    I see this every day. Just cnrl alt dlt to close the browser window and proceed.

  25. Mike Smith says:

    When these scammers cold call me, as an IT Professional, I lead them on for several minutes before thanking them. I thank them for continuing to undermine faith in their country, where we have sent our jobs and intellectual property. I understand this outsourcing is needed to compete in business, but when people will not trust your support staff due to being scammed, it definitely sends a message. I personally know several Indians who are great IT Pros, and they are also very upset about this growing trend.

    • alex in san jose AKA digital Detroit says:

      I’m surprised it’s any secret any more that when someone cold calls you, the game is to keep them on as long as possible, wasting as much of their time as hilariously as possible, w/o ever buying whatever their product or scam is.

  26. roddy6667 says:

    I haven’t seen any of that crap for about ten years. I am strictly Linux.

    • coaster noster says:

      I switched to Ubuntu in 2012, when Windows said it did not recognize me signing on (booting up).

      I’ve gotten the telephone calls saying, “Windows Tech Support calling” and “So, I don’t run Windows!” and then the hang up.

      IMHO, I would simply close all browsers (I run Chromium and Firefox simultaneously) and disconnect from the internet (shut off the router).

      • roddy6667 says:

        Currently I am using a Chromium variant called Vivaldi. Does not use any Google services.

      • a citizen says:

        You guys are killing me. Ubuntu? You can convert your machine into a paper weight if you want, but I have real work to do for a real company and real clients.

        Furthermore, if you seriously think any UNIX variant enjoys a safety advantage over a Windows box then you are simply malinformed by personal choice.

        • vinyl1 says:

          @a citizen – Most companies run 90% of their business on Linux now. When I worked at the big bank, we had tens of thousands of machines running Red Hat and AIX, as well as some legacy Solaris installs.

  27. Mean Chicken says:

    I tell them they should contact Microsoft for virus updates.

  28. Bet says:

    When I get the phone calls from (Msft) telling me that my computer is infected with a virus and they can help me fix it
    I just say. My husband is a Msft programmer who works in telemetry
    Shall I put him on for you ?? Usually they hang up

    • Argus says:

      I ask them whether their mother knows what they are doing and whether that makes her proud.

  29. Realist says:

    IE is included by default in win10, but it is hidden, if you run iexplore it starts IE. It is probably there to ensure compability with outdated corporate stuff.

  30. Sydney says:

    They’re not paying for that toll free number. It’s almost certainly hijacked. Or it’s used for call routing only and the underlying traffic is actually being fraudulently routed through some company’s PBX.

    One thing to also be aware of with any scam phone interactions – whether you call them or they call you – is that in many cases your number is now “hot” if you speak to them. Autodialers are often just fishing. They dial numbers in numerical sequence and many are unused, fax machines, disconnected, etc. Once you confirm your number is a live one answered by a real person who is willing to interact, your number becomes valuable to sell as part of black market calling lists. Tempting as it is, never speak to a scammer. It’s a sure way to increase the scam calls you receive.

    • Vernon Hamilton says:

      agree. Thank goodness for caller ID. I never pick up the phone unless it is someone I know. no need to give them hope.

  31. Robin says:

    A new browser is Brave – mobile and desktop. Has built-in blockers unlike Firefox which needs add-ons and is fast like chrome. Desktop could not import Firefox logins (it crashed for me) but the Android version seems solid.

    Suggesting as a user – I have nothing to do with Brave project or team.

  32. MCH says:

    The common thread is always about fear. Whether it is email scams or something else. The website scams usually is more of an immediate concern because I always wonder if I somehow went to a site or got directed there by a hacked site, and now I’m compromised.

    The current scam I see on email is one where they hit you with an old or perhaps a current password, and tell you that they want bitcoin or they’ll release compromising pictures of you visiting and adult site, where they keylogged what you were doing, blah blah blah. But the real funny thing is, the more people talk, the more they show up as idiots. That message would’ve been far more powerful, if they just hit you with a stolen password, give their demands, and then let people’s imagination run wild.

    I for one am happy that the truly dangerous hackers are all state employed and are too busy doing stupid things like ruining elections rather than really attacking specific individuals. It would’ve been really easy to truly compromise the morons at the DNC and probably the RNC (since I can’t imagine the dumbos being much smarter), if the Russians got into their private lives by compromising their work emails. A much deeper level than some bullshit like releasing a bunch of emails telling us that the DNC was crooked and fixing the primaries.

    Can you imaging what a truly patient and dangerous hacker could do if he got a hold of someone’s email account, and read through enough of those to really assess them and do damage.

    • MC01 says:

      If you think good quality hackers are exclusively employed by governments you are in for a very rough surprise.

      The German R&D division of an industrial engineering firm was the subject of an average 327 cyberattacks per day in 2017, New Year and Christmas included, “and those are just the cyberattacks our security team identified and stopped; something always gets through” my source told me. He then proceeded to describe some of the procedure R&D must employ to minimize the damages from leaks already present in the system.
      I think you will understand why I am not naming any names.
      It would be easy to blame those “State-sponsored hackers” our media love to hate so much, but in reality this is mostly the work of freelancers, be them individuals or collectives.
      The childish narrative of the Chinese, Russian or whatever government “sponsoring” hackers to do very nasty things hides the fact the major customers for these freelancers are invariably corporate. One may think about some industrial secret, but the most coveted prizes are really “eyes only” internal communications, memoranda and the like, as they detail how your competitors work, what their future plans are, what are they working at behind the scenes and how your rival’s team is getting along.

      Scientia potentia est.

      • MCH says:

        I see your point. Although I was talking about it on a more personal level. Individuals are usually small fish unless there are specific reasons to attack them. If you are a chief engineer for a car for example, but usually that’s not targeted to just take the guy’s personal money. More about gaining access to what he knows.

        It’s about the cost benefit. The talented freelancers you are talking about are likely not looking to rip off individuals. Companies are much more lucrative from that regard.

  33. roddy6667 says:

    This falls under the category of “social engineering” rather than a hack. The user is being scammed by using fear.
    The user is the most vulnerable part of the machine. Similar to a car, where the most dangerous part is the nut behind the wheel.

  34. Sarge says:

    I’ve been a Mac guy since the Lisa days and made my living as a Mac support tech and network engineer. I ran a mailing list called Macmarines back in the 90s that offered help to users who were struggling to maintain their Macs in a Windows centric world (Barry Ritzholt was on the list for awhile. He turned me onto used BMWs but that’s another story).

    Although I took a lot of heat for staying in the Apple world, in all that time – over 30 years – I never got a virus or a hack of any kind. And neither did any of my clients. There were a few out there but they were few and far between. Now, almost everything is web based and the security of your browser is paramount. Apple has been and become religious about security. It’s almost impossible to hack a Mac system (or even Windows) now unless you deliberately let them in…hence the advent of social exploits that prey on your gullibility. Macs use Apple’s Safari, Chrome, Firefox, Opera and several others and interact with the vast majority of websites, financial or otherwise, no diiferently than a Windows or Linux OS. And you have little to worry about on the backend. MacOS is just better and more secure.

  35. Alex says:

    Or use Freedome VPN and never get this crap https://www.f-secure.com/en/web/home_global/freedome no financial connection, just a happy user of it.

  36. J.M.Keynes says:

    – I want to share my own experience with a similar scam:
    – Sometimes, when I am surfing the interent, a window opens and tells me that my Windows system needs to be “upgraded” and that I need to visit some suspicious website.

    – Some 3 years ago I got a phone call and the person on the other side was (supposedly) from Microsoft. He told me that my computer was infected and (supposedly) was turned into a bot. He wanted to help me to get rid of that bot/malware/infection.
    – After a few minutes I realized that he wanted to make me infect my computer with his instructions. He wanted to send me some software that I had to run on my laptop. At that point it became clear that he had some criminal intent. Then after some speaking some harsh words in his ear I simply hung up.

  37. Unit472 says:

    I wrote the phone numbers down and called Verizon and said their phone system was being used to facilitate a criminal enterprise. They didn’t get back to me but it really is THEIR responsibility to shut these operations down.

  38. Willy2 says:

    – Is there a pattern ? E.g. that these things happen only on say chinese websites ?

  39. JoAnn Leichliter says:

    The really poor English and the information request are an instant dead giveaway–I would ditch this immediately.

  40. JOHN says:

    Hi Wolf,

    This scam happened to me many times.
    My computer is Apple and I use Chrome as a browser, but the scam is same regardless of computer or browser brand, it is a simple trick and this scam is saved in cookies , if you delete the cookies it goes away.

  41. p zirk says:

    I often get this and other nasty popups, the main thing is not to click on anything in the affected window ( generally One cannot close the scam window by clicking the X at the top right, this adds to the panic ) to avoid starting an unwanted download. What works well for Myself so far is to press ctrl,alt, and delete together then select task manager, and end the browser process be it chrome etc. Then I just open another page and keep going. So far no problems and I save time.

  42. RangerOne says:

    My parents got ripped in by a similar anti virus scan. They managed over the phone to get remote access and sell $100 of dollars of uneeded cleaning software.

    Needless to say I reformatted their hard drive and made new passwords for them.

    There are a few basic rules with regard to computer security that I believe are considered norms by avid computer users.

    A major OS company does not use pop ups to recommended patching software, ever. The same is true of a major anti virius company.

    They will also never ask you to call them about critical patches. They may have help lines on their tools or main website but they will never encourage you to call them and they will never be part of a pop up.

    Trying to get you to call over a virus or security issue is a huge red flag. Security flaws and viruses are exclusively deat with in major patch releases or hot fixes that every one gets automatically.

    If Microsoft wants to recommend software to you, it will always do so from their built in OS notification system. Like wise an anti virius has official built in message center to alert you of needed updates.

    I am certain scams are getting more sophisticated and there are some that would difficult for almost anyone to pick up on, even tech works… so if you feel anything may be fishy. It is always advisable to assume it is and Google around to see if what is happening is a new form of scam.

  43. Todd H. says:

    Crime and fraud (such as this) should be included in GDP. Many other forms of spending that are negative to society are included, so why isn’t crime in there?

    • Wolf Richter says:

      My guess is that any benefit that might have been extracted from me, if I had fallen for this scam, would have counted as an “export,” in which case it would have been deducted from GDP.

      :-]

      • Mch says:

        Congratulations, Trump loves you for your contribution to exports. Hurry up and make it.

        ;)

        • Todd H. says:

          It makes you think when cigarette and Roundup sales are included in GDP, but internet scams are not.

  44. Kenny Logins says:

    Harden your system.

  45. B Fast says:

    I had guys from “Microsoft” phoning me, telling me that they were going to fix my microsoft computer. I tried everything to get them to stop calling. I tried hanging up on them. I tried the, “do you not understand that your company is a scam company, and when they get caught you will too” approach. I tried the very pleasant, “Would you please remove me from your call list” approach.

    When they persisted, I got nastier. I tried putting them on hold for 10 to 20 minutes until they gave up. I loved that one. I tried going with their game like Wolfe did until I got to the point of trouble, then laughing at them and informing them that I was deliberately wasting their time.

    Nothing would stop the calling.

    Finally I pulled out the big guns. I went to the the toilet, made sounds that I was vomiting, then flushing the vomit. Then my wife gets on the phone and explains to the guy that his phonecall had made me sick, and that I had just vomited from it. She then hung up. A few moments later, the guy calls back, declares on the phone “F You”, and hangs up. My name is Bruce Fast and I have not received a single scam call for over 5 years.”

    • elysianfield says:

      “When they persisted, I got nastier. I tried putting them on hold for 10 to 20 minutes until they gave up. I loved that one. I tried going with their game like Wolfe did until I got to the point of trouble, then laughing at them and informing them that I was deliberately wasting their time.”

      Bfast,
      Really piss of a few of these people and you might find your name on membership lists of Grindr, NAMBLA, or other site that might compromise your good name. Revenge is sweet, but fleeting…being on some government list as a potential pederast is forever. Never give a criminal a reason to target you.

  46. Lion says:

    Wolf, I am getting a lot more of these scam attacks. Do you think they could be related to the Equifax data heist and that the bad guys have access to some much personal info now?

  47. KEVIN O'RIORDAN says:

    These scams are usually run from India and the thick Indian accent and poor English are a dead giveaway, the people on the other end soon lose interest/patience when a few well chosen questions are asked of them and move on to the next easier victim.

  48. Kenny Logouts says:

    Best bet for browser, sadly now Firefox has gone weird, is Palemoon.

    Then install uMatrix.

    Yes you have to manually white list a lot of elements per site to get them working right, but you’d have to be doing something really wrong to have problems.
    It also includes blacklists of domains that offer you nothing positive.

    Then go to harden windows 10 (or 7 etc) https://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html

    Then trim out all the stuff you don’t use… especially from your firewall… especially from inbound connections! (Default block up/down ideally, then rules for all traffic on the specific protocols needed)

    Or a simpler fix, Pi-hole and that blocks almost all unwanted stuff via your browser.

  49. Nat says:

    You should also send any related scam urls to US-CERT: https://www.us-cert.gov/report-phishing

    They can’t always do much (given that scamers on the net are international and all), but it costs you nothing and sometimes gets their scams on enough lists and whatnot that they have to rebuild their infrastructure from scratch. If enough people cause that to happen to them in rapid succession they are going to have to close up shop.

  50. WSKJ says:

    Thx Wolf, and helpful commenters,
    for revisiting this general topic from time to time.

    for the data bank, here are some apparent scams that I have encountered on my Mac in the past year:

    end April, 2018: a window came up with the Apple logo on it; said it was from the “Apple Care Protection Plan”; said warning of 2 viruses and phishing; I could lose everything; offered me the opportunity to “Scan Now”. I turned off the Mac; probably unplugged my modem; my younger son, tech-savvy, may have helped me with Ctrl-Alt-Delete as several have suggested above. Finally, I got rid of the window and there were no following indications of viruses etc. I worried for a while.

    He recommended, as have several above, looking at the source address. In June I received some message from “us.hshiq.win” which offered me some kind of trouble…might have been one of those offering me “financial records at risk”.

    I recently come across windows (e.g. on gardening sites) which seem to offer nothing but a “No Thanks” at bottom of window, rather than the standard upper-right hand corner X. So far, no problems with using the “No Thanks”, but it’s just one more time-consuming computer problem for me (time spent on trying to figure out whether something is legit or not).

  51. rex says:

    Control- Alt- Delete, Task Manager, End Task seemed to work on the several times I’ve dealt with that annoyance. It is distressing to think that there are enough panicky people to apparently make this scam profitable.
    rx

  52. Greg Tyler says:

    I Called . Some guy from India.
    Enjoy wasting there time

  53. Laughing Eagke says:

    Thank you Wolf for the headsup and advice. And also thanks to all who have provided very valuable advice and websites.
    This is the best internet site I use without any questions. No need for anyone to provide any ratings on websites. I could care less what anyone else thinks

  54. Cashboy says:

    This happens to me a lot.
    I just:
    Ctr Alt Del,
    select ‘Task Manager’
    select from the list the web browser that the message came up on and then close it.

    I might then open up the web browser and check the history of web pages visited and then might run ‘Crap Cleaner’ and reboot the PC.

    I have no anti virus software on any of the PCs in my office because I find that they often change the register and conflict with other software and if they are running in the background slow the PC down.

  55. marie says:

    I’ve had this one a few times. Here’s what I do:
    I call and when they pick up I scream VERY LOUD in their ears. Literally.
    Works wonders.
    For robocalls I just insult them. Works well too. Somehow after a while they realize the gig is up and they stop.
    New ones will come.
    Most are from India and the Philippines.

Comments are closed.