Quick Links

"Hi, I'm from Microsoft and we've noticed your computer has a lot of viruses." This is how the Microsoft tech support scam starts. By the end, the victim has probably paid hundreds of dollars and had their computer infected.

This cold-calling telephone scam has been going on since 2008, but shows no sign of going away. If you have any relatives who might fall for it, be sure to let them know Microsoft won't actually call them.

This scam isn't just for Windows PCs. A new scam offers "Mac Technical Support" that works in a similar way, demanding access via a remote-desktop tool and requiring payment to fix non-existent problems.

Update: Just to be very clear, anybody who ever calls you saying there is a problem with your PC is a scammer (no matter who they tell you they are). Just hang up the phone.

How It Works

These scammers don't send out scammy emails or text messages. Instead, they'll call you on your telephone. It's not even a recording -- a real person will talk to you and try to trick you. The scammers appear to target absolutely everyone; they may be going through every number in the phone book.

When you pick up, the person will claim to be "from Microsoft," "from Windows," or from from something more specific, like the "Windows Service Center" or "Microsoft Support." They tell you your computer is infected with viruses and has all sorts of PC problems that need to be fixed. At this point, a less technically inclined Windows user who may actually be facing PC problems may start falling for the scam.

The Tricks

If you stay on the line -- and you shouldn't -- the scammers will attempt to demonstrate that they have information about what's wrong with your computer. They'll ask you to look at parts of Windows that generally aren't accessible to average users. For example, they'll ask you to look at your Event Viewer, Prefetch folder, and MSConfig utility. Average Windows users aren't familiar with these system utilities, and the scammers will attempt to deceive them.

Related: What Is the Windows Event Viewer, and How Can I Use It?

For example, a scammer will tell you to open the Event Viewer and verify that errors are present. The Event Viewer lists a variety of status messages for many different things in Windows, and errors are often completely innocuous. For example, below we have a variety of errors in that state Apple's Bonjour service was "continuously busy for more than a second." This may be helpful to developers debugging the service, but is completely irrelevant to average users. However, the red icon, "Error" message, and the sheer number of different errors can look scary to less-knowledgeable users. Scammers will inform you that these errors are proof of viruses.

event-viewer-errors

Related: 10 Windows Tweaking Myths Debunked

Scammers will often direct you to the C:\Windows\Prefetch folder as well, telling you that each file in the Prefetch folder is a virus. These are actually harmless files that are used to speed up application launch times, but they have confusing looking names.

prefetch-folder

Scammers also like directing users to MSConfig, telling them that each stopped services on the Services tab represents a problem. To a less knowledgeable user, this might seem logical. In reality, Windows normally starts and stops services as needed. It's normal for system services to be stopped.

msconfig-services-stopped

Moving In For the Kill

With their victim suitably scared and terrified -- after all, the person on the phone claims to be from Microsoft and knew there were various "problems" -- the scammer moves in for the kill. The scammer directs the user to download TeamViewer or LogMeIn, legitimate and useful remote-access programs. After the user downloads the remote-access program, the scammer asks the user to grant them access to the computer.

The victim is then instructed to to enter their credit card information onto some sort of web form and pay hundreds of dollars -- anywhere from $49 to $499 or more -- as a fee to "extend the warranty" or "fix the PC."

It's unclear what happens if the victim pays. The scammer may install malware on the victim's computer, take the victims' credit card number or financial information and abuse it, or do other nasty things.

teamviewer-remote-access

What To Do

If you receive a call from someone who claims to be "from Microsoft" or "from Windows," the best thing to do would be to just hang up immediately. You can attempt to report the call, but these calls are coming from international numbers -- often from India -- and it's honestly unlikely that much action will be taken against them. It's been five years and such scams are ongoing in spite of some attempts at enforcement.

These scams continue because people continue to fall for them. If people stopped falling for the scams, they'd be a waste of time and would stop. The best way to stop them is to spread the word and ensure people won't fall for these tricks.

Related: How to Recover From a Virus Infection: 3 Things You Need to Do

If you fell for a scam, you should call your credit card company and inform them, telling them to cancel any charges and send you a new credit card. You should scan your computer for malware with a reputable antivirus product and change the passwords on your email account and financial accounts, just as you would if you discovered an actual virus on your computer.


For more reading on this subject, read Malwarebytes' account of playing along with one such scammer. Microsoft also has their own "Avoid tech support phone scams" page that provides more information.