Skip Navigation

How to avoid being a tech support scam victim
Monday 27 February 2017 11:22:47 by Andrew Ferguson

Online scams are getting better, but the patterns are the same and it is suspected that the scale of the 'support' scams is such that the person actually phoning you may even believe they are working for the company they claim to be working for.

Having just removed adware installed using AnyDesk after a parent believed a scam caller because when asked 'are you really from BT?' and the caller said yes, and apparently the sounds of a call centre convinced them this was genuine, I thought it was worth highlighting how people are caught out and some of the things you can do to help or avoid being scammed. The parent has had the chats and warnings about these sort of scams, but the fact they fell for it highlights that you need to vigilant all the time.

So how do you protect yourself? What should you say to friends and relatives?

In this case the caller was claiming to be from BT support and was stating that her PC was infected and they would sort it out if she downloaded AnyDesk remote control software. Alas the parent did download AnyDesk but thought more of it and contacted us, and after some scanning have removed AdWare that was installed for the short time they had control. So the key points to convey to people are...

  1. Broadband Providers, Microsoft and other IT firms will not usually call you to warn about a virus or another incident on your PC (if they do follow steps suggested below, i.e. do not trust them)
  2. The caller may know more about you than just your phone number, due to the number of hacks on large companies, don't allow this extra info be used to gain your confidence.
  3. Hang up the call, or ask them for a number to call them back on, and note this down, it may help authorities combat this nuisance. Incidents can be reported to
  4. Do not share personally information with random callers, they may be phishing for a little more information about you rather than verifying your identity
  5. Never call the scammers back on a number they give you
  6. In some cases scammers have stayed on the line and will pretend to be your bank, so to ensure your line is clear, phone a friend who you know and thus can ensure your line is clear. Some changes have happened to phone systems to reduce the risk of this happening, but calling a friend or family is a good way of knowing the line is clear.
  7. If you think it really may have been your provider or bank, call them after looking up their number on a statement or website
  8. Do not visit any websites or download software they suggest, AnyDesk appears to be the choice of the moment for gaining remote access to a PC.
  9. If you know someone who has fallen for the scammers,
    • make sure they contact their bank immediately if they do online banking from that device to report the incident and avoid losing money
    • run the various malware and anti-virus tools. MalwareBytes is a popular suite and will clean up a PC as part of the free trial
    • For any services such as email, online shopping, website logins, you should once the computer has been given a clean bill of health change change all your passwords and check for suspicious activity on the accounts. Report any rogue orders to the vendors, to ensure you are not out of pocket
  10. The tendency is to clam up about being caught out as it can be embarrassing but this makes life easier for the scammers, so do the opposite tell your friends and warn them these attacks

A great resource if you don't have a friendly tame IT person to hand to help you is and while it may seem a bit scary to read of so many scams that are done online, being pre-warned is half the battle.

The 'support' scams have been running in various disguises since at least 2009, and the fact they have not given up indicates they are still getting a reasonable hit rate, a better informed public will hopefully in time mean they will vanish and hopefully some of those behind the scams will get caught and sent to prison eventually.


Posted by merula_tech about 1 month ago
Point (1) isn’t correct; we as an ISP often contact our customers and reslellers when we get advised of spam being sent via a particular IP or malware infections e.g. reports coming to us via CERT/NCA.
Posted by andrew (Favicon staff member) about 1 month ago
Have changed it to NOT usually, given the scale of these scams it may be worth ensuring that measures are in place, e.g. call to warn but tell customer for security to get them to call you back on a previously supplied contact number.

Having providers who may report issues like this over the phone, helps the scammers as people can be easily engineered, and caller ID faked etc
Posted by R0NSKI about 1 month ago
Had a call only a couple weeks ago supposedly from BT, I pretended to go along with them for a while just to waste their time, before telling them to stop trying to scam me, at which point he got very rude. They were asking me to open a cmd prompt and type netstart, it was at this point where I told them where to go.
Posted by TheEulerID about 1 month ago
For a bit of idle amusement (of you have the patience) then pretend to go along but don't actually do anything. Get them to talk you through things slowly, pretend you've made mistakes and don't really know what you are doing. Then tell them about lots of error messages that have come up. I had a colleague who kept this up for about 40 minutes, by which time the scammers technical department had been called in. He figured he put them to considerable effort and inconvenience.

nb. so have gone so far as to sacrifice a virtual machine to this game.
Posted by TheEulerID about 1 month ago
Action number #11 should happen way before you ever get called by a scammer, and that's to have an iron-clad backup system so you can restore your system and data from a clean point.

It's not just scam calls of course. You never know when something might slip through the system and you find yourself at the mercy of ransom ware merchants or the like.

It's expensive and time consuming to have proper multi-generational backup/restore, but can be a life saver. Also, don't treat shared NAS as all that's needed - it's potentially the weakest link of all.
Posted by Somerset about 1 month ago
Always ask them for a contact number first, that usually makes them end the call.
Posted by alexatkinuk about 1 month ago
Its pretty simple, if someone calls you claiming to be tech support from a company NEVER believe them!

If you think they might be legitimate, hang up and call them back on an official telephone number from their website or otherwise provided by that company officially.
Posted by alexatkinuk about 1 month ago
I'm not sure if it still applies, but if the call was from a landline and you are going to make the call back on that same line, always check for a dial tone first in case the caller did not hang up.

Most cordless telephones will still let you press the call button first before dialing, so you can hear the dial tone. The problem is a lot of people forget this as they are used to using mobiles.
Posted by radiomarko about 1 month ago
If I have time I put them through to "the IT dept", I then talk tech gibberish to them for a minute or so, apologise for putting them on hold for a minute and then put the phone in front of a radio in the kitchen 8)
Less opportunity for that fun recently as the excellent BT Call Protect seems to have stopped them getting to me.
Posted by fastman about 1 month ago
if anyone perports to be BT or Openreach or a communications company ask for a number to call them back on -- if they are real they will provide one if they are no they will hang up
Posted by tommy45 about 1 month ago
I had a scammer call my number several times (unanswered) I decided to answer it,the caller was a female with Indian accent, claiming to be from Mikersoft techeecal surport, claiming that my pc had been sending lots of error messages to them,
I said Really??? she said yes ,i repeated Really, she hung up,lol, had i had a VM set up to scambait, i would of had some fun wasting their time,and maybe then uploaded it to youtube, like many others have
Posted by tommy45 about 1 month ago
As for reporting to action fraud , unless the are registered in the uk there will be very little they can do, most of these scammers are located in india
Posted by ian72 about 1 month ago
@alex & fastman - those points are covered by items 3 & 6. A dial tone could even be simulated so following point 6 is better (or even call your own mobile - if it doesn't ring you know the line wasn't released). Asking them for a phone number is fine but check it independently before ringing it otherwise still could get caught. Andrew's article is excellent and covers pretty much all the points.
Posted by mike41 about 1 month ago
Very useful article, thank you Andrew. We are circulating it around our user support group, we have had two scam attempts in the past 10 months but fortunately the victims realised what was happening. As you say these *******s are becoming craftier all the time.
Posted by wiggsc00 about 1 month ago
If you are worried about relatives who aren't tech savvy but rely on you for support, then I would suggest creating a 'Superuser' admin account that only you know the password for, and then downgrade their account to non-admin.
I've done that for my relatives who ask me to support them. it has very little effect on their day to day activities, and on the odd occasion when elevated privs are required, it will prompt for an admin password. This helps them avoid installing malware by accident.
Posted by alexdow about 1 month ago
I ask the caller which of the 5 (or "several") PCs etc is the one involved.

As the scam caller is never able to answer this, I then hang up.
Posted by michaels_perry about 1 month ago
Point 6 illustrates the faulty design of the telephone system nowadays. The system does not clear down for several minutes after the call is finished, giving the scammer the chance to further the scam by pretending to be who they are not. In the older systems the mechanical Strouger switched cleared down immediately either handset was replaced. That's what Ofcom should insist happens now as a method of preventing the scam continuing.
There is no excuse for such bad system design.
Posted by rickw about 1 month ago
I like the story of the guy who pretended to go along with the caller and after many minutes agreed to login. There was another long pause whilst he made lots of noises as though he was looking for something.
Finally he told the caller he was still looking for his acoustic coupler at which point the caller was very rude and hung up!
Posted by Mr_Fluffy about 1 month ago
I just find it extremely annoying that my landline provider (BT) doesn't proactively provide a free filtering service like any halfway decent email provider (Yahoo and Gmail in my case) does for spam. Suspicious numbers shouldn't even get a look-in and caller withheld numbers should have a unique identifier to enable filtering and reporting.

As far as "Problem with your Windows" scams are concerned we have no problems giving them an earful for their scamming attempts since all our computers run Linux rather than M$ OSes and we know that malware is about as likely as an iceberg at the Equator!
Posted by Mr_Fluffy about 1 month ago
It seems to me it ought to be the case that landline providers should include Caller ID as part of the basic package anyway like mobile providers do -- making the consumer pay extra for something so useful yet so effortless to achieve smacks of unnecessary greed to me.
Posted by BobCB about 1 month ago
I got caught a couple of years ago by an outfit called NSC Techno Solutions. I called what I thought was the McAfee helpline and ended up with a load of free and useless software installed.
I created merry stink and managed to get the money back through my credit card provider after three months. I did have to contact the FBI and the Cincinnati Enquirer locating both the NSC office address and their payment address in Ohio using Google Earth.
Now I just tell anyone who calls to wait while my PC boots up and then go and make myself a cup of coffee;they're not usually there when I return.
You must be logged in to post comments. Click here to login.