Don't Call This Number: It's a Tech-Support Scam

A tech-support-scam outfit is calling people at home and telling them that their "version of Windows has been terminated" and asking them to call a toll-free number for assistance "from Microsoft." 

Credit: ESB Professional/ShutterstockCredit: ESB Professional/Shutterstock

The phony phone number is (844) 308-6819, but don't call it. If you do, a man with a heavy accent will ask you to go to a website called Support88.com, then ask to you click one of three buttons on that site. Doing so will download software that gives the friendly foreign gentleman total control of your PC.

Let's be clear: Microsoft will NEVER call you at home to tell you that your Windows software is out of date. Anyone who phones your house out of the blue and pretends to represent Microsoft is a scammer, and you should hang up on them right away.

MORE:  How to Protect Yourself from Tech-Support Scams

In our own case, we got a call at home a few minutes ago. A pre-recorded female voice told us that our Microsoft services would be "terminated" and that we needed to call (844) 308-6819 straight away.

Being up for a little adventure, we did. The aforementioned Indian chap was polite and helpful, and told us that we needed to upgrade our version of Windows. (We're using Windows 10.)

He instructed us to go to the Start menu and type in "msconfig," then hit Enter. This brought up the Windows System Configuration interface. So far, all harmless.

The tech scammer then had us open the Services tab in the System Configuration interface and tell us if we saw any services in a "Stopped" state. Of course, we did, as most Windows systems will have some stopped services.

It's not clear why the scammer had us go through these steps, except maybe so that he could later claim that the stopped services were evidence of system malfunction. (They aren't.)

The scammer's next step was to ask us to type "www.support88.com" into the search window in the Start menu. This opened up the Support88.com website in the default browser. (This website is registered to a proxy service in Scottsdale, Arizona, making it hard to find the real site owner.)

At this point, we saw a nearly blank web page that read "SECURED SUPPORT CONNECTION" in block letters, underneath which were three green buttons reading "TECHLEVEL#1," "TECHLEVEL#2" and "TECHLEVEL#3."

Don't click any of these buttons.Don't click any of these buttons.

The phony technician, whom we assume was sitting in a call center surrounded by dozens of fellow co-workers performing the same scam, asked us to click "TECHLEVEL#2." We did, and our browser downloaded a Windows executable file — an installer or application — called ShowMyPC.exe.

This was the point at which the scam went from harmless to harmful. ShowMyPC would have granted the phony technician access to our PC, which would have let him install anything. We told him he was a scammer and hung up.

MORE: Best Antivirus - Top Software for PC, Mac and Android

ShowMyPC appears to be legitimate desktop-sharing software made by a company in Campbell, California. The company may be aware its products are being used for criminal purposes, as the ShowMyPC site displays a warning: "Do not accept help from unknown callers."

The other two buttons would have downloaded two other legitimate desktop-sharing applications, Supremo and Alpemix. Needless to say, you do not want a stranger half a world away poking around on your PC.

To avoid similar tech-support scams, do not trust any phone calls, text messages or browser pop-ups that tell you that you need to upgrade your software, that your PC or Mac is infected or that your computer needs to be tuned up. Don't call any toll-free number, and don't go to any website, that these scammers suggest.

To be able to laugh in their faces when they do contact you, make sure your computer is updated to the latest operating system (Windows 10 or macOS 10.12 Sierra) and that you're running robust antivirus software.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
3 comments
    Your comment
  • KAnonymous
    Shouldn't these domains be cancelled? Shouldn't these "people" be prosecuted? PFFTT!
    0
  • DJCanadianJeff
    contacted godaddy about this they will look into getting it shut down
    0
  • DJCanadianJeff
    root@jeff [/]# dig support88.com

    ;; QUESTION SECTION:
    ;support88.com. IN A

    ;; ANSWER SECTION:
    support88.com. 599 IN A 188.121.43.44

    root@jeff [/]# ipinfo 188.121.43.44
    {
    "org": "AS26496 GoDaddy.com, LLC",
    "loc": "52.3824,4.8995",
    "country": "NL",
    "region": "",
    "city": "",
    "hostname": "n1nwvpweb008.shr.prod.ams1.secureserver.net",
    "ip": "188.121.43.44"
    }
    0