The unstoppable "tech support" scam

Information Technology

They take mere hours to set up and they’re near impossible to shut down: a pernicious new type of scam is targeting British computer owners.

The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise.

That’s the point at which PC Pro reader Mike McCartney entered the room and prevented his grandfather from making what could have been a very costly mistake. And judging by the groundswell of comments on the pensioner targeted by fake virus phone scam story we ran on the scam in March, many others have received similar calls.

The “company” behind the scam is called The Nerd Support – although there are others perpetrating similar swindles. The Nerd Support points its victims towards a legitimate looking website, which carries official-looking logos that reassure visitors that it’s a “Microsoft Registered Partner” and is even verified by McAfee Site Advisor as a site that’s passed its “intensive daily security scan” that tests for “dangerous sites, phishing, and other online dangers”. To add to its legitimacy, the site bears a working London 0203 telephone number.

It’s absurdly easy to pull off such a sting. Website domains can be registered for less than $10, and the relatively skimpy website could be cobbled together within hours. What’s more, the website’s FAQs and customer testimonials are duplicated across several other domains, suggesting the designer has either been making liberal use of the cut and paste commands, or that there are several identikit sites waiting to pull off the same scam if one domain gets blocked.

Cheap telephone numbers

The British telephone number can be bought from companies such as Skype for less than £4 per month and, of course, you don’t need to be anywhere near London to buy an 0203 telephone number. In fact, judging by the Indian hold music and the accents of the staff who answer The Nerd Support lines, we’d wager that the scam is being run closer to Bombay than Brixton.

And using a service such as Skype, scammers can make their international cold-calls for only fractions of a penny per minute (although there’s no suggestion Skype’s involved in the fraud).

While it’s a doddle to set up such a heist, shutting them down is much more difficult. A spokesperson for the Office of Fair Trading urged affected customers to ring its Consumer Direct helpline, although quietly conceded that if the scam was being run from abroad, the chances of it being closed down were slim.

A spokesperson for PhonepayPlus (formerly ICSTIS) said his organisation could only get involved if the fraudsters were using a premium-rate telephone line, and not the standard-rate 0203 number. He pointed us to telecoms regulator Ofcom, but its spokesperson said that shutting down a telephone number was “not within its remit” unless the telephone line itself was at the centre of the scam (such as charging people excessive fees for text messages).

And what of the companies whose reputations are being tarnished by association with The Nerd Support? In a statement sent to PC Pro, Microsoft said it was investigating the company: “There are no circumstances under which we would ever allow partners or any other organisations to pose as Microsoft. We take matters such as these extremely seriously and will take immediate action if such behaviour is brought to our attention and found to be the case.”

Meanwhile, McAfee said that “Site Advisor rates websites based on the security implications of visiting them – McAfee visits websites and tests them for a comprehensive set of security threats. Although some users’ experiences of The Nerd Support seem to imply that its activities may constitute a scam, testing is currently in progress to understand whether it carries any of these security threats”.

Which leaves only The Nerd Support itself. When PC Pro first telephoned the company and began asking questions, the company representative hung up. On our second attempt, the person who answered the phone – who claimed to be “in charge” – told us that The Nerd Support has never cold-called customers.

When we asked him why he was using Microsoft logos and pretending to represent the software giant, he became angry, demanding to know why he “should justify himself” to us before once again hanging up. Alas, it seems the con artists answer to no-one.

This article first appeared in October 2011

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.