Vol. 21, #32 - August 8, 2016 - Issue #1092

Image

Reader feedback: Tech support scams

  1. Editor's Corner
    • Reader feedback: Tech support scams
    • Send us your feedback
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Printing - Manually delete pending printer documents
    • Windows 10 - Prevent unsigned code from executing
    • Windows 10 - Top support solutions
  4. Events Calendar
    • North America
    • Add Your Event
  5. Tech Briefing
    • Citrix
    • Cloud computing
    • Exchange Server
    • Office 365
    • Storage
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Other Articles of Interest
    • Helion Cloud Suite redefines HPE hybrid cloud strategy
    • Kubernetes: The next big thing in IT shops?
    • Users give thumbs-up to lower-end versions of VMware's NSX
    • An inside look Liquidware Labs FlexApp:
  8. WServerNews FAVE Links
    • Golf Cart Jetpack
    • Luke Aikins Jumps From 25,000 Feet Without A Parachute Into A Net
    • Stairway To Heaven... Mind-Blowing Fireworks
    • Mirror Dance Gets Standing Ovation
  9. WServerNews - Product of the Week

Editor's Corner

A few weeks ago in Issue #1089 Tech support scams your Editor shared a story of how he was almost tricked by a tech support scam that has been around a while but which he had not previously encountered. Obviously this topic hit a nerve with many of our readers because a number of you send us stories of your own about different scams you've either been bitten by yourselves or had friends or relatives come across. So in this week's issue of WServerNews we're going to hear from a bunch of you, our esteemed readers, so we can all benefit from "crowdsourcing" some of the hard-earned wisdom you've gained from your personal IT horror stories.

Crowdsourcing, hmmm, sounds a bit like outsourcing, doesn't it? I'm not sure I like monkeying around with the English language by creating stylish new words like croudsource. Expert opinion (Dilbert) would probably agree with this, viz:

http://www.wservernews.com/go/9q7uzkmr/

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

Reader feedback: Tech support scams

Let's kick things off with this story from Mary who works for a company in California, USA that provides enterprise software solutions for child care agencies:

Last October, using IE, I searched Google for "Palomar Health" and clicked on the main link, which was: 

http://www.wservernews.com/go/bk53lcgx/

But instead of going to the Palomar site, I got two screens, one a popup over the other:

 

Image

And this was the popup:

Image

 

When I clicked OK, the popup kept coming back. I finally had to use Task Manager to shut it down. I was pretty sure it was a scam, but I was curious, so I called the number. A guy with a heavy accent wanted to connect to my machine for unclear reasons. I asked him how much it would cost, and he said no cost to connect and check, but if they found problems they could sell me a virus checker. He kept asking questions about my system, but I refused to tell him anything. I elicited this information from him:
Your company? "Microsoft Technical Support"
Oh, you work for Microsoft? "No. We provide technical support for them."
You mean you support Microsoft products, right? "Yes."
Are you contracted with Microsoft to do that? "We are a Microsoft Certified Partner."
What is your company's name? "PC Support."
So, how do I get your popup to go away? "I can fix it when we connect."
I kept giving him a hard time, and he transferred me to his supervisor. I said, "Look, my time is valuable. Can we just agree that you've hijacked my system and tell me what it will cost to make it go away?" She said "$30.00."
Never mind. I already killed it.
This happens in IE using Google. It doesn't happen in Chrome. It doesn't happen in IE if you use Bing.

Fascinating story, thanks. Have any other readers encountered this particular scam or know anything more about it? Email us at [email protected]
Here's another tech support scam story from a reader named Bob:

I have run into several of these scams in more than one format. They are either exactly as you mention "A problem with your PC has been detected" or something similar OR you get a phone call stating that "we've noticed you're having problems with your PC,…" The latter is the one that burns you to no end. I had a customer that I thought was smart enough to realize that this was something from "SCAM Central", but they did not!
This customer got a call stating pretty much what I stated above "we've noticed that you are having problems with your PC,…". Well, this customer actually believed it. Gave the caller access to their computer. When the customer called me, I nearly fell in the floor -- literally. I thought that customer was smart enough to know that this was from SCAM City. I quickly got them to let me access their PC remotely via a secure connection and ran every kind of scan I have on that PC. (Small business, only one or maybe two PCs. If there's a second, I do not know about it.) Fortunately, there was nothing taken or "left behind" on the PC that I could find. No changes to the firewalls, it was "clean" as far as I could tell.
I thought that this customer (medical profession) would have known better. I did "chew" on them a bit about granting access. My word to them was "Never ever grant anyone access to your PC or network unless you know 100% who it is and you trust them." To the best of my knowledge, that has not happened any more, at least with this customer.
We all need to be vigilant with our customers, whether they are small business or corporate, to never turn over access to our systems or networks unless you know the people and trust them.
I have received calls trying this exact scheme. The call lasted less than 15 seconds, as I let the caller know that I knew what was happening. I recorded the phone number, but that is probably spoofed. It is way too easy to mask a phone number with software.
Let the "user" beware is about the best way to sum up.

Merlin, who works in the IT Department for a county office in New Jersey, USA, had this to say:

The way we have encounter the screens are through articles on reputable sites. Someone will go to read an article that is link to another site and there it is. We have instructed all users to turn off the machine immediately and call us. As of yet we had only one person fall for it, but the funny thing was they told the user to call the help desk. When I arrived they already had a CMD box open and was typing. I immediately shut it down disconnected the machine from the network and ran some scans on her machine and the server she was attached to. I did not find anything but reimaged the machine anyway. The only thing that still puzzles me is them telling the user to call the helpdesk. If anyone has any ideas why let me know.

Do any of our readers have any idea why this particular scammer might tell their mark to call the helpdesk of the mark's own company for assistance? Email us your thoughts at [email protected]
Brenda who works as an IT consultant and cycled in the 2016 Tour de Cure to Stop Diabetes (go Brenda!) shared her own observations as follows:

These quite frequently pop up as unblockable pop-ups (i.e., the pop-up managers don't block them) from interstitial pages when I launch livestreams of European sports channels (mostly Eurosport), which are often on sports-betting sites.
In other cases, there is no avoiding clicking on a covering ad (which is the support scam ad) - you click the marked "close" button (often NOT the one originally appearing on the page, but the one that appears a number of seconds later), and it launches the scam page as a pop-over or pop-under page, often with annoyingly loud accompanying audio.

Bruce who works for an Aerospace Support Services company tells this story of how his MIM was nailed by this:

My mother in law has gotten hit a couple of times with a similar scam probably while trying to play or get access to games for free.  When I remote to her pc, her pc speaker is issuing dire warnings similar to what is in your post - Do not turn your computer off, call immediately, do not start any other programs, things like that.  This is Windows 7, with IE.  I don't know if it's the same scam, but the phone number looks familiar.  It doesn't seem to do anything other than hijack the browser with a BHO and once you kill the IE Task, a MB scan finds and removes the BHO and several PUPs.  She did call the number the first time it happened, and of course they wanted remote control to her PC and her credit card number.

Phil from the UK was hit with a similar scam and decided to have some fun at the expense of the scammers:

Thanks for the latest edition of WServerNews (Issue #1089) and your article about the Tech Support Scams. I similarly had the same issue, with a mis-typed URL and had the fake BSOD appear - on this occasion, I thought I would phone the number as it was Toll-Free and try and wind them up.  I recorded the conversation and then decided to make it into a YouTube video...... you can watch this here: 

http://www.wservernews.com/go/o0sfigev/

Feel free to publish the link if you want to.

As Dilbert would say, "Ha ha ha, hoo-hoo-ha, giggle, SNORT":

http://www.wservernews.com/go/ml0gnvr9/

Getting back though to my own story in Issue #1089 Tech support scams where I ran across a scam when I was using the Microsoft Edge browser, Ian who works as a Strategic Systems Consultant for Dell Software responded with:

Mitch, just reading your article on Tech support scams. Edge is not the only one. I've gotten the same 'fake BSOD' in IE as well. Not seen it in Firefox yet. In Firefox, I seem to get the 'fake Flash update' scam a lot. I've been screen capping these as I get them for reference. I've never tried to go to the sites. I have done 'reverse phone lookups' on the numbers. Most of the time you get nothing, sometimes you will get notes that it is a potential scammer.
I have noted that most of the time, you can use the back button and get back to the pages you were looking for before the scam popped up.
Teaching 'users' how to recognize the challenge is the trick. They are fairly reputable looking to untrained people. Even tech people can fall for them. I got a call from a customer that one of their developers got one (from a music site in Europe). He even called the 800 number and had the scammer remoting into his machine before someone got smart and pulled the plug.

I agree that teaching users how to recognize such scams should be your first line of defense against them. But if even seasoned IT nerds and developers can fall for them, what's the ordinary run-of-the-mill user to do? Do any readers out there have some specific, practical suggestions on how best to teach ordinary users to recognize these scams? Email us at [email protected] if you have any ideas.

Don, a seasoned IT consultant who works in Delaware, USA recommended this:

I've found this to be useful when Edge starts at an undesirable page (provided Edge is the default browser):
WindowsKey+r www.google.com Enter
Edge will start with two tabs -- the undesirable and a second tab (with the focus) of google. Merely X the undesirable tab. You can then check the start page et al, but what I'm more often seeing is the undesirable page being opened as the last page Edge was on.

A reader whose alias is Greyghost offered this suggestion:


I had the same sort of issue happen in Edge recently but I failed to get a screen copy. Told me that my IP address had been locked and I had to call the support number and get help with much the same warning as in your example. I used Chrome to verify that nothing was locked up and then used Task Manager to close Edge. Sort of catches you off guard when this type of message pops up all of a sudden. I don't use Edge all that much as I have not found it to be all that stable, but have found on at least one Dell system that Windows 10 repeatedly reset the default browser to Edge for reasons I have not totally resolved.


Mark, who owns a company in San Diego, California that provides custom software and IT services, suggested the following:


I'd recommend a System Restore (at least) when you accidentally click on a bad browser link. Besides your home page, you don't know what else it might have changed / downloaded / installed.
Huh, I just upgraded to Windows 10 and it looks like System Restore aka System Protection got turned off! A trick to free up some space for the upgrade? Thanks for helping me discover that. Re-enabling System Protection now…


Mark Minasi whose book "Inside MS-DOS 6.22" helped launch my own IT career (thanks, Mark!) sent us the following suggestion:


Mitch, this is an old scam. I've seen it on Chrome dozens of times. You of course did the right thing, although in my case I've always got a PowerShell prompt open:
Ps chrom* | killThis
This stuff drives me crazy, as it's just Javascript and I cannot understand why browsers don't just let me block instructions that can do things like what you saw, or that manipulate my history etc.
Keep up the good work!


Finally, a reader named Susan from Minnesota, USA shared this story with us:


I had a friend call me on behalf of another friend. Not only did she get a similar prompt, but was silly enough to call the number and GAVE THEM REMOTE ACCESS to her machine. Silly woman of course had no idea what they were doing. After, she calls my friend and tells her about it. My friend told her to do nothing more and she was calling me. In the process of us talking about what to do, silly woman CALLED THEM AGAIN!
We had to explain to her that Microsoft does not willing help anyone without calling into a robotic answering system, sitting on hold for about 2 hours, giving them a credit card for a $250 charge before they will even say hello.
Silly woman had to call her husband, who came home from work and sat on tech support with their computer's manufacturer for about 3 hours, trying to put the computer back to factory.
Not sure she learned her lesson though.

Send us your feedback

Got anything more to add on this subject? Email us at [email protected]

Recommended for Learning

Symon Perriman who I collaborated with a few years ago on writing an ebook titled "Introducing Microsoft System Center 2012 R2" for Microsoft Press:

http://www.wservernews.com/go/b1te12i5/

wrote to us in response to the Ask Our Readers - Hard drive failures and VMWare ESXi (two more questions) item in Issue #1090 Is hybrid cloud dead? with the following suggestion:

http://www.wservernews.com/go/zlqvtjz5/

which covers the different solutions from Microsoft, 5nine Software, Xtreme Consulting Group, NetApp and Vision Solutions. I have to recommend the (free) 5nine V2V Easy Converter as easiest solution for moving just a few VMs as it is a simple wizard and requires no special hardware.
For a link to the above tool see the Admin Tools section later in this issue.


Microsoft Virtual Academy 

IT Showcase: How Microsoft does IT

Lots of IT Pros and practitioners go to Microsoft IT Showcase to see how Microsoft plans, deploys, and implements Microsoft technology for its own 180,000 Windows 10 systems around the world. And now, MVA and IT Showcase are teaming up to give you even more real-world examples. Check out dozens of modules, use cases, and case studies, and get the help you need. Read all about it!

http://www.wservernews.com/go/82r3sbwc/

 

 Quote of the Week

"You have to take care of your customers for them to take care of you." --from a business colleague


Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Veeam Task Manager for Hyper-V – Free tool for real-time Hyper-V performance monitoring. It works perfectly with both standalone ESXi and Hyper-V hosts, as well as with large virtual deployments. 

http://www.wservernews.com/go/y9a13gag/ 

With a multitude of sensors and a vendor agnostic platform, PRTG Network monitor enables you to use ONE solution to monitor your entire infrastructure including applications, software, hardware, cloud & virtual environments. 

http://www.wservernews.com/go/mxlh84q5/ 

The free 5nine V2V Easy Converter as easiest solution for moving just a few VMs as it is a simple wizard and requires no special hardware:

http://www.wservernews.com/go/6rtxnqde/

EaseUS Todo Backup Free is a popular free backup software with over 6,000,000 home users:

http://www.wservernews.com/go/ug9wpx9s/

EdgeManage lets you manager your Edge favorites by addressing some of the missing features in the new Microsoft Edge browser:

http://www.wservernews.com/go/nzz2sstm/

 

This Week's Tips

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Printing - Manually delete pending printer documents

Mark Berry of MCB Systems has a tip on how you can get things unstuck when a document gets stuck in your print spooler and prevents you from printing things from your Windows computer:

http://www.wservernews.com/go/cpjiy1g8/

Windows 10 - Prevent unsigned code from executing

Windows Management Experts (WME) has a brief tutorial on using Device Guard in Windows 10 to prevent unsigned code from running on your systems:

http://www.wservernews.com/go/kyr8vq3f/

Windows 10 - Top support solutions

This TechNet blog post describes the top Microsoft Support solutions for the most common issues experienced when using Windows 10:

http://www.wservernews.com/go/8siba145/

Events Calendar

North America

2016 Microsoft Worldwide Partner Conference on July 10-14, 2016 in Toronto Canada

http://www.wservernews.com/go/s1hv2esa/

Ignite on September 26-30, 2016 in Atlanta USA

http://www.wservernews.com/go/3u3k3at3/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]

Tech Briefing

Citrix

Installing and configuring Citrix StoreFront 3.5 (Part 2) (VirtualizationAdmin.com)

http://www.wservernews.com/go/exfcy5f2/

Installing and Configuring Citrix XenDesktop 7.8 and publishing a Windows 10 PVS Desktop (Robinhobo.com)

http://www.wservernews.com/go/v79ejo10/

Cloud computing

Docker and containers (Part 6) (VirtualizationAdmin.com)

http://www.wservernews.com/go/o5hkmr6e/

What are cloud access security brokers, and how do they fit into end user computing? (Jack Madden)

http://www.wservernews.com/go/aap9m8jl/

Exchange Server

Email Security with Digital Certificates (Part 4) (MSExchange.org)

http://www.wservernews.com/go/uu1brsg3/

You can finally "redirect" OST files with FSLogix Office Containers! (Gabe Knuth)

http://www.wservernews.com/go/wfrlwzqd/

Office 365

Deep Dive Into Office 365 Deployment (Part 2) (WindowsNetworking.com)

http://www.wservernews.com/go/gpxqbrcv/

Adding Office 365 Connectors from a Mobile App (Richard diZerega's Blog)

http://www.wservernews.com/go/0wte9cph/

Storage

Dell Updates Storage Center Operating System 7 (SCOS 7) (StorageIO)

http://www.wservernews.com/go/23jk1b75/

The top storage challenges of the next decade (Robin Harris)

http://www.wservernews.com/go/y9w3q0cd/

Recommended TechGenix Articles

Upgrading a XenDesktop 7 (Part 1)

http://www.wservernews.com/go/xv9lxq4p/

Exchange Server 2016 and Microsoft Cloud (Part 8)

http://www.wservernews.com/go/odpzb6k5/

Hyper-V Windows Failover Cluster and IsAlive Operation (Part 1)

http://www.wservernews.com/go/93vxw4ui/

Azure Security Infrastructure

http://www.wservernews.com/go/rbq0dcv4/

Other Articles of Interest

Helion Cloud Suite redefines HPE hybrid cloud strategy

Hewlett Packard Enterprise (HPE) consolidated seven offerings from its Helion platform to ease cloud migrations and make it easier to deliver, integrate and manage a mix of applications that work with a range of cloud-based infrastructure.  Find out more about the offerings and why customers are so encouraged by them.

http://www.wservernews.com/go/2xypyv5g/

Kubernetes: The next big thing in IT shops?

It's still early days for Google's container cluster management software, Kubernetes, but some intrepid IT pros have gone beyond just kicking its tires. Find out more about how Kubernetes has made it to prime time in some forward-thinking IT shops.

http://www.wservernews.com/go/e4sdwrry/

Users give thumbs-up to lower-end versions of VMware's NSX

VMware looks to finally establish a foothold in corporate accounts with two low-end versions of NSX. But will the enterprise take the bait? Click below to learn more.

http://www.wservernews.com/go/t65nhqnn/

An inside look Liquidware Labs FlexApp:

For all the security and management benefits of delivering applications rather than full virtual desktops, it can often cause too much app isolation. FlexApp tries to find a balance between IT's competing interests. Will it fit into your enterprise?  Click below to learn more:

http://www.wservernews.com/go/rznzfk9v/

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

Golf Cart Jetpack

Eagle-eyed golfing with the golf cart jetpack - thanks to Oakley and pro golfer Bubba Watson:

http://www.wservernews.com/go/sdujlljy/

Luke Aikins Jumps From 25,000 Feet Without A Parachute Into A Net

World-class skydiver Luke Aikins jumps out of a plane with no parachute or wingsuit and lands safely in a 100 by 100 foot net suspended 200 feet above the ground:

http://www.wservernews.com/go/36hvw7ll/

Stairway To Heaven... Mind-Blowing Fireworks

'Sky Ladder' - a 1650 feet high pyrotechnic display created by Chinese artist Cai Guo-Qiang to celebrate his grandmother's 100th birthday:

http://www.wservernews.com/go/gqhbfsgk/

Mirror Dance Gets Standing Ovation

10-year-old JT Church and All-Star Robert Roldan with a stunning mirror-inspired dance at the Top 9 competition 'So You Think You Can Dance':

http://www.wservernews.com/go/7kfcp9ky/

WServerNews - Product of the Week

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.