Tech support scammers have started targeting Windows users and various antivirus customers according to reports from antivirus vendors Avast and ESET. In order to trick victims into believing that their computers have a problem, scammers commonly leverage the Windows Event Viewer, a legitimate Microsoft application that lists various errors and warnings logged on the system. Most of them are not of critical importance, but can appear worrisome to non-technical users.
Scammers have recently started to ask users to open the Run dialog box by pressing Win key + R and type commands like “prefetch hidden virus” or “inf trojan malware”. The PREFETCH and INF commands open the C:\Windows\Prefetch and C:\Windows\Inf folders, which contain legitimate system files. However, less technical users might be inclined to think that these are malicious files revealed by the “hidden virus” or “trojan malware” command parameters. In fact, neither of these commands accepts parameters in the Run box. You could type ‘inf green leprechaun’ or ‘prefetch me a cheese pizza’ and you’d get exactly the same directory listing, showing legitimate files.
We received a call from a client just this morning and it appears that they were being targeted by this new scam tactic. This is the first client to have contacted us regarding this so far, but they reported receiving the phone call from a “Microsoft customer service” representative who needed to take control of their computer to resolve some malware issues. The client asked if this was something their IT support guys could handle instead but, they promptly told her NO, this was something they needed to take care of over the phone. Hesitant and not knowing exactly what to do, they ended the call and immediately called the New River Computing offices for advice. Of course, we informed our client that it was most certainly a scam.
Software companies almost never contact their customers by phone regarding technical support issues, so receiving unsolicited phone calls from people claiming to represent such companies is a good indication of a scam. There’s no guarantee that people won’t get marketing calls but they should be within acceptable legal and ethical boundaries, and that doesn’t include pretending to see malware on a system they don’t have access to.
We at New River Computing always advise our customers to stay alert while online, and in this case, on the phone. Never disclose your credit card details to anyone unless you are specifically contacting them to make a purchase, never download software you are unfamiliar with, and never give access to your computer (remotely or in person) to someone you do not trust.