We recently had a client call in with an issue that seems to be happening more often now.
He got a call from someone claiming to be a Microsoft technician and claiming that his computer alerted them to some problems and malware.
He thought it was legitimate because they knew a lot of his personal information. They also knew that he had an adopted daughter, which he took as confirmation that they were not a scam.
See, his adopted daughter has been out of touch for many decades now, so very few people know about her. In reality though, there are lots of sites (like Intelius) that use government records to profile people. My guess is that the scammers have an account at one of them.
After about 45 minutes of working through his computer’s “problems”, the caller proceeded to ask for payment. Upon refusing to pay over $200, the caller proceeded to lock Windows with a password using SysKey.
Whenever he booted his computer, there was a password prompt before it would show the user chooser or desktop.
Legitimate tech companies can sometimes remove this without issue, but in this case, the removal corrupted the user account database so even with the user password not set, Windows wouldn’t log in. At the end, we had to do pop the hard drive out and copy everything off it so we could do a complete reformat and reinstall of Windows.
On a related note, Bing recently announced that they are no longer accepting tech support advertisements because the vast majority of them are scams.
Minutes after posting this article, I came across another version of this. It is a little nastier because it doesn’t use SysKey. It uses a custom piece of malware that loads before the user interface loads. It looks like a valid Windows Product Key validation error.
http://www.techrescue.mn/wp-content/uploads/2016/05/newerror.png