Cyber Security

Technical Help Scams – What to look out for

Written by admin

Authored by Oliver Devane

Technical Help Scams have been concentrating on laptop customers for a few years. Their aim is to make victims consider they’ve points needing to be fastened, after which cost exorbitant charges, which sadly some victims pay. This weblog submit covers various instance actions, that scammers will undergo when they’re performing their scams. Our aim is to teach shoppers on the indicators to look out for, and what to do in the event that they consider they’re being scammed.

Promoting – The Lure

For a tech assist scammer to succeed in their victims, they should first discover them (or be discovered by them). One approach we see contains scammers creating Twitter or different social media accounts that submit messages claiming to be from the official technical assist web site. For instance, a Twitter account will submit a tweet with the hashtags #McAfee and #McAfeeLogin to drive visitors to the tweet and make victims consider the hyperlinks are respectable and protected to click on.

Scammers behind tech assist scams can create very convincing web sites which mimic the official ones.

Some fraudulent web sites use the McAfee brand or different firm logos to attempt trick people. They typically invite clicking on a ‘LOGIN’ or ‘ACTIVATE’ hyperlink with an identical shade scheme to official websites to seem respectable.

These websites could then ask the sufferer to enter their actual username, password, and telephone quantity. Upon coming into these particulars, web sites will normally present an error message to make the sufferer consider there is a matter with their account.


The error message will normally comprise a hyperlink that upon clicking will load a chat field the place the scammers will provoke a dialog with the sufferer. At this level, the scammers can have the telephone quantity and e-mail handle related to the sufferer. They may use this to contact them and make them consider they’re an official technical assist worker.

Gaining Entry

The scammer’s subsequent goal is usually to achieve entry to the sufferer’s laptop. They do that in order that they will trick the sufferer into believing there is a matter with their laptop and that they want their assist providers to repair it.

The scammers will do that by both asking the sufferer to enter a URL that can consequence within the obtain of a distant entry software or by offering them with a hyperlink within the chat window if they’re nonetheless chatting with them on the pretend assist web site.

A distant entry software will allow the scammer to take full management of the sufferer’s machine. With this, they may have the ability to take away or set up software program, entry private knowledge akin to paperwork and cryptocurrency wallets in addition to dump passwords from the net browsers to allow them to then entry all of the sufferer’s accounts.

It is important to not present distant entry to your laptop to unknown and unverified people, as there might be a giant danger to your private knowledge. Some examples of distant entry instruments which have respectable makes use of however are sometimes used to perpetrate fraud are:

  • TeamViewer
  • LogMeIn
  • AnyDesk
  • Aweray (Awesun)

Exercise as soon as the connection is established

If the scammers are given entry to the sufferer’s machine, they may typically make use of the command filename cmd.exe to carry out some visible exercise on the pc display screen which is finished to aim to trick the person into believing that some malicious exercise is going on on their laptop or community. Most individuals shall be unaware of the filename cmd.exe and the actions getting used,and thus shall be none the wiser to the scammer’s actions.

Listed below are some examples we’ve seen scammers use:


Altering the title of cmd.exe to ‘community scanner’ or ‘file scanner’ to make the sufferer consider they’re operating a safety software on their machine.

Listing enumeration

Scammers will make use of normal capabilities inside the cmd.exe file, to make their victims consider they’re performing a lot of exercise. Considered one of these capabilities is ‘dir’ which is able to  show  all of the recordsdata for a selected listing. For instance, in case you have a folder known as ‘faculty work’ and have 2 phrase paperwork in there, a ‘dir’ question of that folder will appear as if this:

What the scammers will do is make use of ‘dir’ and the title perform to make you consider they’re scanning your machine. Right here is an instance of operating ‘dir’ on the all of the recordsdata on a machine with the cmd.exe title set to ‘File Scanner’:


The same perform to ‘dir’ known as ‘tree’ might also be used. The ‘tree’ perform will show listing paths and can generate a lot of occasions on the display screen:

Tech Help Cellphone Quantity

Some scammers will even add their telephone quantity to the taskbar of the sufferer’s machine. They do that by creating a brand new folder with the telephone quantity because the title and including it as a toolbar. That is proven within the picture beneath

Software program Set up

Scammers could set up different software program on the sufferer’s machine or make them consider that they’ve put in further software program which they may then be charged for.

For instance, some scammers could add packages to the desktop of victims which don’t have any objective, however the scammers insist they’re respectable safety instruments akin to firewalls or community scanners.

Some instance filenames are:

  • Firewall safety.exe
  • Community firewall.exe
  • Community safety.exe
  • E-mail safety.exe
  • Banking safety.exe


The scammers will normally carry out some exercise in your machine earlier than asking for cost. That is achieved to construct confidence of their work and make you consider they’ve achieved some exercise and subsequently deserve some type of cost. Don’t be fooled by scammers who haven’t carried out any helpful exercise.  As detailed within the earlier sections, watch out to not fall sufferer to pretend social media accounts or web sites.

Indicators to look out for

This part accommodates just a few indicators to look out for which can point out that you’re interacting with a scammer.


Some scammers will change into impolite and really brief with you in case you begin questioning what they’re doing. They could say that you’re not technical and don’t perceive what is going on. This could not be the conduct of a respectable technical assist operative.

Go away the pc on

Scammers will encourage you to depart the machine and distant connection on even when you might want to exit and go away it unattended. Don’t below any circumstances do that as they’d then be free to do any exercise they need in your machine and community.

Created recordsdata being detected

Some recordsdata added to your machine by the scammer could also be detected by the AV safety software program. They could act like that is an error and the file is harmless. In case you have initiated a distant connection and the controller creates a file in your machine which is detected by the safety software program, we advocate ceasing the interplay as detailed beneath.

What to do

The next steps ought to be carried out in case you consider you might be being scammed as a part of a tech assist rip-off.

Disconnect the machine from the web

If the machine is related by way of a community cable, the best manner is to unplug it. If the machine is related by way of Wi-Fi, there could also be a bodily swap that can be utilized to disconnect it. If there isn’t a bodily swap, flip off Wi-Fi via the settings or the pc. It  could be powered down by urgent the facility button.

Hold up

Hold up the telephone (or finish the chat) and don’t reply any extra calls from that quantity. The scammer will attempt to make you consider that the decision is respectable and ask you to reconnect the remote-control software program.

Take away the remote-control software program

If the scammer was controlling your machine, the remote-control software program will have to be eliminated. If the pc was powered down, it may be powered again up, but when a popup is proven asking for permission to permit distant entry, don’t grant it.

The distant software program can normally be eliminated by utilizing the management panel and add/take away packages. To do that, press the Home windows key after which carry out a seek for ‘take away’ and click on on ‘Add or take away packages’.

Kind the packages by set up date as proven beneath after which take away the distant software program by clicking on the ‘Uninstall’ button.  Take into account that the software program put in in your laptop could seem by a distinct title, however in case you have a look at what was put in on the identical day because the scammer initiated the distant management session, it is best to have the ability to determine it.

Test the Antivirus Software program for any exclusions

Some scammers could add exclusions for the recordsdata they create in your laptop in order that they don’t seem to be detected by the safety software program. We advocate checking the exclusions and if any are current which weren’t added by your self to take away them.

A information for McAfee clients is on the market right here

Replace Antivirus Software program and carry out a full scan

After eradicating any software program which was put in, we advocate updating your safety software program and performing a full scan. This may determine any malicious recordsdata created by the scammer akin to password stealers and keyloggers.

Change passwords

After performing a full scan, we advocate altering your entire passwords because the scammer could have gathered your credentials whereas they’d entry to your laptop. It is suggested to do that after performing a full scan because the scammers could have positioned a password stealer on the pc and any new passwords you enter might also be stolen.


This weblog submit accommodates various examples that scammers could use to trick shoppers into believing that they might have points with their gadgets. In case you are experiencing points along with your laptop and need to converse to official McAfee assist, please attain out by way of the official channel which is

The McAfee assist pages may also be accessed straight by way of the McAfee Whole Safety display screen as proven beneath:

McAfee clients using net safety (together with McAfee Internet Advisor) are shielded from recognized malicious websites.

About the author


Leave a Comment