The Singapore Police Force (SPF) has issued an advisory on “Emergence Of Tech Support Scam – Purchase of Software For Fake Computer Virus Infection”. This scam has been on-going for awhile involves tricking victims into making payments to purchase software for fake virus infection on their computers. All users to be on the lookout for such scams.  Do share the advisory with your family and friends!

Proceed to the following URL for more details:
https://www.police.gov.sg/news-and-publications/media-releases/20190122_EMERGENCE_OF_TECH_SUPPORT_SCAM_PURCHASE_OTHERS

I came across this scam back in 2016 from a client. The company IT department call us for inquiry about restoration of Active Directory administrator password. We attended onsite and realized that the system was locked with syskey, a windows feature that locks the system with a password.

The IT administrator mentioned that someone called the mainline stating that they are from Microsoft and would like to check on the server license. The IT administrator provided teamviewer access to the so-call “Microsoft Tech-Support” and they enter the syskey password and restarted the machine. The scammer then mentioned that the system is running on an unlicensed version of microsoft and is required to pay the license fee to microsoft.

How It All Started

In the case study above, the call was targeted and made over the main line of the company.

As for others, they usually purchasing advertising and redirects from websites, and pops up in your screen looking like your computer has been infected with virus and is unable to close the windows. They will then direct you to call a toll-free number for technical help, request for access via teamviewer or other remote tools, lock your computer and ask for payment. You may refer to some of the videos I have below for reference.

Tip 1. Do not allow anyone you don’t know to remote access your computer.

Tip 2. If your IT support vendor calls you to provide remote access, call your usual IT vendor support number to verify that the request is legitimate

Tip 3. Never provide your banking details, personal information without first validating the person.

Tip 4. Verify the person. Remember when you call your telco or banks, they will always ask for verification to make sure you are the owner of the account. We should also verify the caller by asking what information they have about you, ask about your billing address, the last 4 digit of your ID…etc. If they have those information, then it’s proven they are your service provider.