Tech Support Scam Calls

While browsing the Internet, you may suddenly receive a full screen "virus warning". The warnings appear even when browsing legitimate websites (Amazon.com, for example.) The warnings are often accompanied by a computer-generated voice, which says that the computer is infected and that you must call "Microsoft support" to "fix" the "problem". These warnings are meant to be harsh in order to scare you. The warning also conveniently has a 1-800 number to call - but it's not Microsoft on the other end - it's the scammers from India.

The scammers then convince you that something is wrong with your machine, and the only way to fix it is to allow them remote access to "fix" the problem. Once the scammers connect, they falsely claim there are serious problems with the machine. They then proceed to bill anywhere from $150 for a fake 1 year "contract", or $350 for 3 years of fake support.

The fact of the matter is that nothing is wrong with the machine at all, and the contract is completely bogus. Typically, they will call back within a few weeks or months, claim something else is wrong with the machine. Here's the catch: the new problem isn't covered by the original fake contract - which isn't a contract at all. This time, it will cost substantially more to "fix" the "problem" - usually $800 or more.

The scam then repeats indefinitely, until you either run out of money, or wise up.

A few weeks ago, a friend reported she was using her PC when suddenly she received a popup virus alert stating that her PC was infected. She called the 800 number on the screen and and spoke to a man with a thick Indian accent. They then connected to her PC remotely and installed some antivirus software to 'fix' the 'problems.' They then wanted her to sign a 3 year contract with them for $898. She told them 'No,' but that she would pay $350 for a 1 year contract. They kept insisting that she pay for 3 years. She’s pretty computer illiterate so she reluctantly agreed to a 3-year contract and sent them a photocopy of a voided check. When her son came home from work, she told him what happened and he said it was a scam. She immediately went to the bank and closed her account. They called her again recently and left a message on her voice mail, stating that she now owes them $6000.

I did a bit of research on Expert4Help.com and their web site has all the makings of fake tech support written all over it. The website domain name was registered on 2019-04-06 (through Godaddy.com) by someone in India. The website IP (182.50.132.58) points to a server in Singapore. If you look at the Expert4Help.com webpage near the bottom, it says that they are located at 4200 Great America Pkwy, Santa Clara, CA 95054, USA with a 1-833-257-8555 as their phone number.

You have to wonder - if this was a legitimate American business, why would they have their web server in Singapore, and why don't they have a local phone number listed on their site alongside the 1-800 number? The answer is simple - it's a scam!

Now to address the issue.

" I Closed my Bank Account. Is it enough? "

First of all, she did the right thing by closing her account as that will stop them from getting her money for now - but it's not enough.

The main issue now is that they still have access to her PC and can access other financial information, or worse.

Here's why:

Once they connected to the PC the first time, they use a remote hidden command line (DOS prompt) to upload and install programs to your system without you seeing it. Once this infrastructure is set up, they are able to install additional remote access backdoors so they can get back into your computer whenever they want at a later date, even after the original connection has been closed. This also allows them to install other programs (malware) on your machine, delete your restore points and even infect your system reset image so that the remote access is still enabled even after a system wipe.

Why Do Scammers Install Remote Access Backdoors?

Scammers will install remote access backdoors for many reasons.

In most cases, they do this to propagate more scams in the future. Even after paying for a 1 or 3 year fake tech support contract, a few days, weeks or months later you will encounter yet another 'problem' with your PC. For example, scammers can make your screen go wavy and then cause another virus alert to appear (along with their 1-800 number to 'fix' the 'problem.') Of course, this new 'problem' won't be covered by your original fake tech support contract. And, that's when they ask you to fork out even more money - usually a higher amount than the first. This scam goes on indefinitely until you either run out of money, or wise up.

Another reason they put remote access backdoors on your system is so that they can spy on you remotely. In this case, they can record your keystrokes, monitor what websites you visit, and sniff for credit card or banking information. Yet another reason they install remote access backdoors onto the system is to punish you remotely if you don't pay. In this case they will either delete all your files, encrypt all your files and hold them for ransom (demanding payment to unlock your files,) or lock you out of your PC by changing your password.

Scammed by Expert4help.com? Here's What to Do

Now that you know what the scam is about, here's what you can do:

If you paid by credit card, call the credit card company and complain. Be advised that if you attempt to reverse/block payment, the scammers will punish you remotely by deleting all your files or lock you out of the machine. In this case, I suggest you contact a reputable tech support firm to remove the backdoors before making the claim.

If you paid by gift card - for example, App Store, Amazon, iTunes, Google Play, etc - you can kiss the money goodbye. Unfortunately, this method of payment is irreversible once the PIN is divulged.

If you paid by voided check, this is one of the worst things you could have done because now the scammers have your name, phone number, address, bank name, bank address, routing number, account number, etc. In this case I suggest you cancel your account and open a new one. That will stop the scammers from getting your money - for now - but it is absolutely paramount that they don't have access to your machine, otherwise they can sniff your financial information and drain your bank accounts.

Finally, hire a professional to look over your system to undo the damage caused by the scammers. Based on my experience, these scammers will leave, ON AVERAGE, 3 to 5 hidden, open connections on your system. That means they can get back into your computer and do whatever they want, whenever they want. They could have also installed surveillance/malware on your computer to sniff passwords and financial information. A real PC expert can find these backdoors and threats and eliminate them. Based on my experience, antivirus and anti-malware won't find these threats because they are often legitimate software programs used in nefarious ways.

Help make this column better by sharing your tips or experiences with your own tech with the Sangat.

Email me and tell me your story, and keep sending me your suggestions for column topics, along with your own favorite mobile app recommendations and reviews so I can share them here. Just email them to me at [email protected]