March 1, 2017 / by / Сybercrime scheme research / No Comments

Microsoft Tech Support scam affiliate program

The new vector of cyber attacks becomes popular nowadays. Scammers in the guise of the Microsoft Technical Support try to force Internet users to make a call on the alleged toll-free phone number. Of course, this number isn’t free indeed, and the fraudsters gain money from the each call.

Microsoft Tech Support scam

Tech Support Scam landing page example

Due to many of our users claims for such cyber attacks, we’ve decided to make a detailed research of this fraudulent scheme. In this post, we will give the answers to the most frequently asked questions about Microsoft Tech Support scammers. Forewarned is forearmed! We hope that you will be attentive to the signs and take care of your safety while browsing. Won’t let scammers to manipulate on your fears!

How scammers scare people?

There are always same methods, which hackers use to scare their victims with the main goal to gain profit. Fraudulent landings are able to toggle full-screen mode, lock the pressing of the main keys and the context menu launching. These scamming actions could be easily done by using the following javascript code:

Toggle the full-screen mode

Toggle the full-screen mode

context menu is blocked

Code using for menu blocking

locked keys

Locking the main keys

Amusingly, but the fraudsters even connect the Google Analytics to their malicious web pages!

scammers google analytics

Google Analytics on scammers landings

In addition, they send statistic to the stats

Statistic sending to

The horrible text messages are not the one thing which scammers are using to terrify their victims. There are also threatening voice notifications played. Usually, they are stored here:

* MALICIOUS_URL * / chrm / alert2.mp3

If you ever encounter one of these scaring methods, just keep calm and belive, that there is no real danger, until you’re not calling to “free” phone number of the fake technical support team.

Scam-as-Service: how it works?

The landing pages, which our users was unhappy to see, are just the tip of the iceberg. Malware-as-Service is thriving in the cybercrime world for a long time, and as for these new scam techniques, they could be called Scam-as-Service.

Recently, discovering the semi-private Russian underground forum, we stumbled upon an affiliate program’s description:

scam support

Scam support affiliate program

Scam support affiliate program description

“The private affiliate program of the tech support hires new publishers. Our landing page aggressively convinces people to call on your unique phone number (free) and you get a commission from each call. The standard rate is $ 4.5 per call, for the major partners with the good quality and volume the tariff is discussed individually.

  • Always provide clean landings and domains.
  • Accept all browsers for the Windows desktop.
  • Accepted countries: US, CA
  • All subjects are suitable, the main thing that the traffic was alive.
  • Handy admin panel with the instant statistics of calls and conversion.
  • The ability to make multiple streams and their conversion’s comparison.

Conversion, as elsewhere, depends on the traffic’s quality. The popunder and the redirect, if the quality is good, bring from 2 to 5 calls from 1k unique visitors. The search and scrap bring up to 30 calls from the 1k unique visitors, depending on the subject and the audience. You’ll get your payments every day or O/R – BTC. Usual working time is from 19:00 to 02:00. But, it’s highly recommended to ask the support if it has changed each time before delivering the traffic.”

As you can see from the description, the scheme is quite simple: the creators of the affiliate program provide publishers with domains, admin panels with statistics, and payments through the BTC (which became the standard currency in the cyber underworld). Publishers should only send the traffic to the affiliate domains and wait for the profit.

Tech Support scam affiliate program web pages:

Could Google eliminate this fraud?

Of course, Google can quickly defuse such aggressive scam by adding fraudulent landings to the Google Safe Browsing filters. But, the scammers do not give up. They register a large amount of the similar domains with the similar names (trying to make an allusion to Microsoft):

Popular malicious domain names

Scam domain list

So, bear in mind, that the lifetime of the separate scam pages is very short. They shouldn’t scare you at all.

What happened with those who made a call?

There is the same phone number for all scammers pages: + 1-844-713-3460. We gathered the typical user complaints on this number:

“A message popped up on my computer” says: *** YOUR COMPUTER HAS BEEN BLOCKED *** “and went on to say that things were being stolen, including my photos. Threatens to disable my computer in five minutes. Then gave this number to call. SCAM !!!!! For so many reasons, starting with Microsoft all in lower case; the fact that the error is not sequential to other legit error messages; plus the threat, I started looking up the number …. on another reporting site a guy says his Mom made the mistake of calling and allowing them to remotely access her computer-they changed her passwords and high jacked it, demanding money to release it! BAD MOJO !!! “

“Was on the computer. Number came through and said Critical Alert from Micro-Soft. Called number back and gentleman wanted access to my computer to fix whatever the problem. Threating to shut down computer if we did not call. We did not allow access. The error message attached to number was Microsoft error “

As is clear from the users’ complaints, the scammers are trying to make the victim give them full access to the computer for the further intimidation. Obviously, you shouldn’t give the access to your system to anyone unfamiliar from the web. Especially if he insists on this suspicious action by himself.


Microsoft Tech Support scam – new widespread scheme in the cybercrime world. Scammers make money from the users fears, by scaring people with the same simple techniques. Usually, there are keys blocking, full-screen mode and horrible audio messages. Hope we convinced you that you shouldn’t be afraid and give hackers what they actually want. Such deceptive and primitive schemes don’t deserve for your sponsoring!

Leave a Reply

Your email address will not be published. Required fields are marked *