There’s a phone scam making the rounds from people claiming to be from Microsoft. They insist a person’s computer may be infected with viruses and that they can connect to the computer and remove them.
First of all, Microsoft DOES NOT offer free over-the-phone tech support, and they will not call you out of the blue like that.
According to Microsoft themselves:
We do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or fix your computer,” Microsoft said on its Web site. “If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the message or hang up the phone.”
A similar phone scam made the rounds in 2010, using slightly different methods, but both scams have the same goal of getting people to pay for their supposed technical support and allowing the hackers into computers using a variety of remote connectivity solutions available on the market, including TeamViewer.
“In previous iterations of this scam,” says the SANS institute, “the person on the phone would get you to click through to the event viewer to “find something red”. Strangely enough, there is usually something red in most people’s event log. However, do not despair if you don’t have anything red, yellow is just as bad (note: this does not necessarily indicate virus activity). Once the problem (well, any problem) was identified, your support would have expired, and they redirect you to a web site where you can part with your money and download some version of their malware.”
“The new iteration of the scam goes one step further. Rather than get the victim to look [for supposed problems], they get you to install TeamViewer (or similar software). They take control of your machine and start moving the files across. Manually infecting, sorry fixing, your machine.”
By the way, TeamViewer is perfectly legitimate software used by many people for remote tech support, although other similar tools are likely used by the scammers as well. It’s what the scammers do once they have access to your computer that is the problem.
The scam is obviously still working. It seems they have figured out that users can’t be trusted to click a link, but installing remote control software and getting you to install the malware for them is ok.
There have also been reports that the scammers will get you to download a program named very similarly to Malware Bytes, but is actually malicious software that the scammers have created. Hackers and scammers are using widely trusted company names, like Microsoft, Malware Bytes, and TeamViewer, to fool you into trusting them or letting them access your computer.
“We are having a number of reports of clients being scammed by people calling saying that are from Microsoft and they offer to help the person fix their computer,” said Chris Rose, a member of Nerds On Site in St. John’s, Newfoundland. “I am sure others are familiar with this type of scam. I sent a press release and was called by the local CBC and a local outfit called NTV.
You can find the CBC video below.


  1. Mel Blakney says:

    The Microsoft Scammers are giving people 209-498-3038 as the contact number for their Supervisor. I found out this number originates from San Andreas, CA , phone carrier is Pac-West Telecom, INC, it is a landline but name and address is unpublished according to 411.

  2. Hello. Uhuh. Microsoft, what’s Microsoft? 🙂

  3. Ben says:

    Nerd Support Group now named – Nerdi Support – Same Phishing and malware Scam though :
    Got a cold call from ‘John Smith’ (nice Indian Name considering the thickness of his Indian accent combined with the a tang of call centre trained American), calling from the London (yeah, right) offices of NERDI. He advised me that he is a registered Microsoft Technician and that they have had confirmation of over 3000 virus/errors on my PC. Now, I know this is a scam, no one cold calls you to offer assistance with you ‘Problem’ PC, so I tagged along. What i need to do is turn on my computer, open the windows start menu (which he explained to me like a 4 year old child, i got annoyed at this point and told him to get on with it as I know my way around a PC and windows) and to open the ‘RUN’ function (alarm bells should now be ringing), then to enter the acronym for brining up the event viewer, something like ‘eventvwr’. Now I know perfectly well what this is, does and contains, so again i played along. He the proceeded to ask me to confirm some of the ‘Errors’ I was getting, I did, ‘ Oh on, you have a number of system errors caused by Trojan virus’s’ which apparently my world class virus software cant remove because it doesn’t know it exists, and for a small fee (£50) and allowing him access to control my PC remotely he would rid my PC of all the infected files and errors. Whilst this was going on I was actually Googling his company name ‘NERDI’ and for event viewer phishing scams, low and behold, i may not be able to find any trace of a company called NERDI but this scam has been running for years, previously in Australia. I asked John what country he was calling from (so that I could suitably insult him before I hung up on him) and the kicker, ‘Im based in London’. Well suffice to say that I hung up on him. Can you believe he called straight back to ask why i had insulted him and that he certainly was not running a scam to either get access to my PCs files or my bank/card details. Thankfully no further calls have come through.
    Be warned, this scam appears to be alive and well and now operating with UK telephone numbers. Do not give them your details. Do not pay for their service. this is a phishing scam that has obviously been sold onto someone new using an Indian based call unit or office.
    And finally. Microsoft will not cold call you for any reason what so ever.
    The only reason you would receive a call from Microsoft, especially for IT related issues, is because you have requested them to call you through one of their service/maintenance channels.
    If you haven’t called them first, they are not from Microsoft.

  4. Bev A. says:

    These folk have been phoning me 3 or 4 times a day for the last 2 weeks from an “Unavailable Name” to tell me that I have been downloading huge files which indicate a virus (or several) in my system. They have fairly slick answers for everything I throw at them – until I tell them I run a Mac. Then I hear click – but they obviously don’t make notes as they are pretty persistent and phone back regularly. I live in Calgary and the company name they give is Staying Live (or Alive) and the number they give is 403-395-3985. Obviously when dialled that does not exist. They claim to not have a website or Internet presence as they are Microsoft technicians and do not have access to that information. But they have my name and address which, strangely enough, is in the white pages……

  5. I hate those spams…These spammers and hackers get new idea and a new way to steal your money or infect your computer with spams and viruses everyday.. from where did they get these ideas…Screw them..they even call you pretending to be Microsoft..

  6. RoseAnn Kennett says:

    I knew it was a scam because microsoft does not help customers for free even when you call them. These people care calling customers – something microsoft NEVER does.

  7. Jama Coggin says:

    Fantastic work, hope I learn more from your blog. This is very good start for me. I am not native English speaker or writer, but thank you.

  8. Sherri says:

    I also just received a call from a “Microsoft support agent” alerting me to warnings they have gotten regarding my computer download malicious software. Yeah right. I asked to have my number removed from their call list. He said he wasn’t authorized to do that. After a little bickering, and him not accepting my authorization, I asked to speak to his supervisor. He agreed to remove my number from their list, but need confirmation of my information first. Again, yeah right. He asked whether I was running a Mac or Windows. I asked him, if he could tell that my computer was attempted to download malicious software then he should know what kind of computer I have. He then said to me, “Ma’am . . . F-Off”. Can you believe that?! He used the actual word, but at least he was polite. I told him the same goes from my end, and he continued to beak off to me. I just hung up and plan to report them to the do not call list and phonebusters when their office opens tomorrow.

  9. pihu says:

    Got this call and was trapped.. till the point that they installed the software..then this guy started asking age n other details, which made me uncomfortable..what show I do to protect my pc

  10. Kevin says:

    Hi Pihu,
    If you believe your system has been compromised, the very best thing you can do is ensure your data is backed up and perform a Wipe and Reload, or have us do that for you. If that’s not an option, Ensure you have a legitimate and trusted antivirus solution (Kaspersky, NOD32, etc) and run a full system scan. Also run anti-malware tools. We encourage you to contact a Nerd to have a proper System Cleanup done to ensure your system is not infected or compromised.
    For the future, it’s worth noting that no reputable and legitimate company will EVER call you out of the blue and offer tech support. To get tech support, you need to call them and request a callback. That’s how Nerds On Site works as well.
    Thanks for your comment, Pihu!

  11. Astrid Ennis says:

    My 78 year old mother doesn’t know her way around a computer at all and has never turned one on. Unfortunately for her, that didn’t matter- our scammer was able to fix a virus without a computer even existing. Luckily though, he didn’t want a credit card number, but moneygram which is also a bit technical for mum so she asked me to do it.
    The moneygram was to Ahmed Amin and the phone number was 07937422484.
    When I called, I did reach this computer genius and told him he must have called the wrong number when he called my mum because she doesn’t have a computer, but he still didn’t give up. Incredible!

  12. Ernest Pepples says:

    Still going on much as Ben (10-28 2011) described. Called me 1-28 2013 claiming to be based in NY, gave this “HELP Desk” number : 315-715-8454 and put up TeamViewer screen. Kept calling back and leaving the Help Desk call-back number on my voice mail. Nervy bunch.

  13. Sam says:

    Thank you so much for your inforfmation. As infuriating as this woman was I was able to get your information and confront her with it. Thanx folks, you are a real life saver.

  14. Sabyasachi Mukherjee says:

    I am from India and have personally worked in this scam company for 3 days. They call up customers in US, Germany, Australia & new Zealand. The Sales department then show some error reports in the event viewer log of the company and claim that the customer’s computer is infected with virus & malware. They also tell the customer to open up the task manager, go to processes and look up for the process csrss.exe. Once you have located it they tell the customer to google it. Once you google it the first link (,d.bmk)gives you the wrong information that this is a trojan, where as in reality it is a very important process of windows operating system. Once they are successful in conning a customer specially in the US or Australia they say they are microsoft certified professionals and that they can fix your computer. After that remote access of the customers computer is taken and some freewares are installed which is avaialable for free on the internet. They charge the poor customers a minimum of $133 to a maximum of almost $350. So I would request all of you never to fall in the trap of these scammers and be aware of such fradulent calls. Never give permission for recordings which the customer care rep will tell you to do over the phone. And finally don’t let the customer care executives send the confirmation mail from your mail or get the printout of the invoice. They do not have any office in the UK. It is just a residential address where some relative of the owner of the company stays.BEWARE OF SUCH SCAMMERS!!

  15. Sheherzade says:

    I live in Switzerland and got contacted by phone by some rather polite dudes (presumably from the UK, but possibly from India judging by their accent), offering to help me to rid my comp of “dangerous programs”. They claimed to be somehow connected with Windows and Microsoft and told me about having received many error messages from my comps. As I actually had heaps of problems with my machines in the past weeks and even let Microsoft get 1 or 2 error messages, I wasn’t sure if those guys were real, though I rather doubted it.
    I went along with them for a while and even downloaded and installed TeamViewer. But when I saw that they actually could (and surely wanted to) use it to get into my comp, I told them no, no way, bye bye
    For safety reasons, I haven’t given them any information at all about myself except that I was using Windows. In the background I heard several voices trying the same scam on other computer owners. 😉

  16. Manicus says:

    Still going, this one. Was called by the same Indian chap. Same modus operandi still. When asked what ‘errors’ and what ‘problem’ he wanted me to press the key next to the bottom left key that says ‘ctrl’. I immediatly sent him on his way but got the call back. That lasted about 15 seconds ending in him shouting the F word a couple of times.
    I’m in the Netherlands btw.

  17. Thomas Parker says:

    Just got the same call, I insisted on a phone number for their company, caller said he was unable, also said he could not give me the name of the company. Kept saying we are microsoft help desk, I hung up. The phone rang again, the new caller said he was the supervisor, I asked again for the same information, he gave me 859-212-0707 and also 209-542-2721, said the name was something like Home ID Export. I asked why the first caller couldn’t give me that simple information, he said they were not allowed to. Told caller I’m not going to let a cold caller into my system, I will contact Comcast and check with them. He said (trying to save the call) Oh comcast, yes, we have helpped many comcast customers. Told him, well, not this time, please remove my number off their calling lists.

  18. Hannah says:

    Hi I got one of these calls and me being a gullible idiot bought it! Once I realized that I was stupid called and canceled and do you know what happened? They managed to make it so I cannot use my laptop!! The only saving grace is that they won’t be able to get any money BC I called the bank first so they will not give them the 122.22 they wanted!! I am using my desktop right now and have changed all passwords and reported them to the FTC. Anyway dose anyone now how I could get on my laptop?

  19. priscilla says:

    Hi, I have been struggling with constant viruses on my laptop. I received a voice message on my computer was infected and I needed to call this number a.1 888 number right away I called the number like an idiot and was received by Indian accent caller who told me she was for Microsoft and she was in tech support and she would help me remove the virus for my computer she then proceeded to tell me that I needed to type in a link with a code in my computer and she took control of my computer remotely after this I stayed on the phone with her for about 1 hour when at the end she told me that she would provide me with a network security because i failred to purchase one from Microsoft at the time of my purchase, and that this would cost me anywhere from 200 to $600 she was adamant that she did not want my credit card information over the phone that I should never give my credit card information over the phone and she would send me link through my email to pay her. now I would like to know please does anybody know if she since I did not pay her if she can now take over any personal information or transfer anything for my computer? By the way she said her name was Kate Smith when I asked her what her name was and she also said she worked for Microsoft after I asked her twice if she worked for. Who can I report these people to?

Comments are closed.