Support scam malware

What is support scam malware?

Support scam malware tries to lure you into contacting fake tech support. The fake tech support will then try to install more malware on your PC, steal money from you, or try to obtain personal information that they can then use to steal your identity. They might claim there are more problems with your PC, and that you’ll need to pay for their services or software to fix the problems.

We detect this type of malware as "SupportScam", as in these examples:

This type of malware often claims there is something wrong with your PC. In late 2016, we’ve especially started to see support scam malware that mimics the Windows error screen (also known as a blue screen error message or BSOD), as in the following screenshots.

However, the malware can appear as any error-type message, such as:

  • A fake blue screen error
  • A fake windows activation key dialog
  • Various fake system errors

How do I know if am infected?

The following can indicate that you have this threat on your PC:

  • You can’t use your web browser properly, and you see a page informing you to contact a fake tech support number.
  • You can’t use your PC normally, and you a message that tells you to contact a fake tech support number.

How does it work and how does it get on a PC?

As with other malware, this threat can be installed on your PC when you visit a malicious or compromised website, by other malware, or from spam emails. It can also get on your PC if you use torrents to download illegal copies of software or key generators.

After getting on your PC, it can force your PC to restart. When Windows loads, you will see an error message that tells you to contact the fake tech support – usually by calling a specified number.

When distributed in a spam email, the email will include a hyperlink that will redirect you to a support scam website. If you click the link and visit that site, it will try to launch a series of pop-up messages so you can’t close the page.

The series of pop-up messages can be stopped on a Microsoft Edge browser.

We’ve seen it being bundled with other software, which may not be detected as malware. These types of software are called software bundlers, and include SoftwareBundler:Win32/Stallmonitz and others.

What should I do if I am infected with a support scam malware?

When you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at the Microsoft Answer Desk.

You can also contact your local government scam reporting department, such as the following:

In case you have already engaged and paid for fake support:

  • Apply all security updates as soon as they are available. Do a full scan to remove the threat.
  • Change your passwords.
  • Call your credit card provider to reverse the charges, if you have already paid.
  • Monitor anomalous logon activity. Block traffic to services that you would not normally access.

How can I prevent support scam malware from infecting my PC?

If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, ignore or report the message or hang up the phone.

Be wary of downloading software that is not hosted on their respective or official websites. Some of them might be bundled with malware (like support scam) without the author’s knowledge.

Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or fix your computer. Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

For more details on how to deal with phone (and other) scams, see our help on how to avoid phone scams.