Cybercrime scheme research

Microsoft Tech Support scam affiliate program

The new sector of cyber attacks has become popular nowadays. Scammers in the guise of the Microsoft Technical Support try to force Internet users into making a call on an alleged toll-free phone number. Of course, this number isn’t free indeed, and the fraudsters gain money from the each call.

Microsoft Tech Support scam
Tech Support Scam landing page example

Due to many of our users claims about such cyber attacks, we’ve decided to make a detailed investigation into this fraudulent scheme. In this post, we will give you the answers to the most frequently asked questions about Microsoft Tech Support scammers. Forewarned is forearmed! We hope that you will be attentive to the signs and take care of your safety while browsing. Don’t let scammers to manipulate on your fears!

How scammers scare people?

There are always similar methods, which hackers use to scare their victims with their main goal being to gain profit. Fraudulent landings are able to toggle full-screen mode, lock the pressing of the main keys and stop the context menu launching. These scamming actions can be easily done by using the following javascript code:

Toggle the full-screen mode
Toggle the full-screen mode
context menu is blocked
Code using for menu blocking
locked keys
Locking the main keys

Amusingly, but the fraudsters even connect the Google Analytics to their malicious web pages!

scammers google analytics
Google Analytics on scammers landings

The horrible text messages are not the only thing which scammers are using to terrify their victims. There are also threatening voice notifications played. Usually, they are stored here:

* MALICIOUS_URL * / chrm / alert2.mp3

If you ever encounter one of these scare tactics, just keep calm and believe that there is no real danger, if you’re not calling the “free” phone number of the fake technical support team.

Scam-as-Service: how it works?

The landing pages, which our users were unhappy to see, are just the tip of the iceberg. Malware-as-Service has been thriving in the cybercrime world for a long time, and as for these new scam techniques, they should be called Scam-as-Service.

On a recently, discovered semi-private Russian underground forum, we stumbled upon an affiliate program’s description:

scam support
Scam support affiliate program

Scam support affiliate program description

“The private affiliate program of the tech support hires new publishers. Our landing page aggressively convinces people to call on your unique phone number (free) and you get a commission from each call. The standard rate is $ 4.5 per call, for the major partners with the good quality and volume the tariff is discussed individually.

  • Always provide clean landings and domains.
  • Accept all browsers for the Windows desktop.
  • Accepted countries: US, CA
  • All subjects are suitable, the main thing that the traffic was alive.
  • Handy admin panel with the instant statistics of calls and conversion.
  • The ability to make multiple streams and their conversion’s comparison.

Conversion, as elsewhere, depends on the traffic’s quality. The popunder and the redirect, if the quality is good, bring from 2 to 5 calls from 1k unique visitors. The search and scrap bring up to 30 calls from the 1k unique visitors, depending on the subject and the audience. You’ll get your payments every day or O/R – BTC. Usual working time is from 19:00 to 02:00. But, it’s highly recommended to ask the support if it has changed each time before delivering the traffic.”

As you can see from the description, the scheme is quite simple: the creators of the affiliate program provide publishers with domains, admin panels with statistics, and payments through the BTC (which became the standard currency in the cyber underworld). Publishers should only send the traffic to the affiliate domains and wait for the profit.

Tech Support scam affiliate program web pages:

[huge_it_slider id=”1″]

Could Google eliminate this fraud?

Of course, Google can quickly defuse such aggressive scams by adding fraudulent landings to the Google Safe Browsing filters. But, the scammers do not give up easily. They register a large amount of the similar domains with the similar names (trying to make an allusion to Microsoft):

Popular malicious domain names
Scam domain list

So, bear in mind, that the lifetime of the separate scam pages is very short. They shouldn’t scare you at all.

What happened with those who made a call?

There is the same phone number for all scammers pages: +1-844-713-3460. We gathered the typical user complaints on this number:

“A message popped up on my computer” says: *** YOUR COMPUTER HAS BEEN BLOCKED *** “and went on to say that things were being stolen, including my photos. Threatens to disable my computer in five minutes. Then gave this number to call. SCAM !!!!! For so many reasons, starting with Microsoft all in lower case; the fact that the error is not sequential to other legit error messages; plus the threat, I started looking up the number …. on another reporting site a guy says his Mom made the mistake of calling and allowing them to remotely access her computer-they changed her passwords and high jacked it, demanding money to release it! BAD MOJO !!! “

“Was on the computer. Number came through and said Critical Alert from Micro-Soft. Called number back and gentleman wanted access to my computer to fix whatever the problem was. Threatened to shut down the computer if we did not call. We did not allow access. The error message attached to number was Microsoft error”

As is clear from the users’ complaints, the scammers are trying to make the victim give them full access to the computer for the further intimidation.Obviously, you shouldn’t give the access to your system to anyone unfamiliar from the web, especially, if they insist on undertaking these suspicious actions themselves.


Microsoft Tech Support scam – new widespread scheme in the cybercrime world. Scammers make money from the users fears, by scaring people with the same simple techniques. Usually, there are keys blocking, full-screen mode and horrible audio messages.I hope we have convinced you that you shouldn’t be afraid and give hackers what they actually want. Such deceptive and primitive schemes don’t deserve for your sponsorship!


GridinSoft Journalist. We write about cybersecurity and privacy, striving to provide readers the latest news of this field and useful tips to keep their data safe in this joyful, but dangerous modern world of the web.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button