Fun with Fake Tech Support

fake-tech-supportWe have written about the dangers of working with “tech support” people who call out of the blue claiming to be from Microsoft or possibly your Internet service provider.  Here are a couple of stories about people who turned the tables on these con artists.  As a precaution, please remember that attacking these guys back is just as illegal as what they are hoping to do to you, and they do have your phone number at the very least, and maybe more information.

The first is a longer 2 page post from Fahmida Rashid at titled “What I learned playing prey to Windows scammers.”  The documentation is great, and if you are interested in learning all the different ploys that these telemarketing fakers are using, it will make a great read.

The second is a story from Naked Security that describes the way that a guy named Ivan Kwiatkowski turned the tables on a fake tech support agent, and actually tricked them into downloading and installing the Locky encryption ransomware exploit.

After playing along, and pretending to be an old man with bad eyesight and poor computer skills, he convinced her that he could not read the tiny numbers on his credit card, and could he send her a picture of his credit card.  When she agreed, he sent her a ZIP file that contained the Locky software that he copied from a phishing email in his deleted items folder.  And she opened it and launched the program, which promptly went to work encrypting every useful file in her computer.

Again, another great read, especially if you have ever fantasied, as I have, of giving these jokers a taste of their own medicine.  Of course I cannot recommend this course of action, it is illegal in the United States engage in computer crime, even if you are attacking a criminal.  But still…fun to think about!

And now the rules:  when they call you, and they will, just hang up!  There is nothing wrong with your computer.

More information :




About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.