What Happens When a Tech Support Scammer Cold Calls Emsisoft?

It’s called the Microsoft Tech Support scam, and it’s been around for years. Last week, Emsisoft and Bleeping Computer intercepted one of these scammers, and in addition to messing with him for a good three hours, we took detailed notes on how the Microsoft Tech Support scam works.


Someone calls you up, claiming to be from Microsoft, and scares you into thinking that your otherwise normally functioning PC is infected. If they scare you well enough, they’ll then connect you to a remote administration software that lets “their experts take a look at your PC.” From there, a number of bad things can happen, including malware installation, data theft, or simply more scare tactics, all in an attempt to sell you some expensive program that doesn’t work – or doesn’t even exist.

People all across the world get contacted by Microsoft scammers every single day, and all too often they become victims.


The Set Up

Step 1: Cold call victim, then lie, using fancy tech buzzwords

Like many a con job, the Microsoft Tech Support scam starts out with a cold call. In this case, it was to one of our friends over at Bleeping Computer – probably one of the worst people in the world a tech support scammer could connect to.

The scammer, who we’ll call Mr. Z., started his ruse by introducing himself as a Microsoft support tech. Mr. Z told our friend that he was calling about an urgent issue. The issue was that our friend’s computer was sending errors to the Window’s server, and that this was a critical problem that needed to be fixed. Being a volunteer support tech himself, our friend immediately knew what he was dealing with. There is no “Windows server” to which all Microsoft computers magically connect, and Microsoft technicians do not cold call their users about critical errors that need to be fixed.

This was a straight up scam.

Step 2: Use the Windows Event Viewer to scare them with things they’ve never seen

Nevertheless, our friend decided to play along. Feigning naivety, he took the bait. He told Mr. Z that his computer had been acting funny, and he asked Mr. Z how he knew there was a problem. All too ready to supply the evidence, Mr. Z began to give instructions.

You will need to open your command prompt. You will then need to type eventvwr and hit Enter.

cmd eventvwr

In scammer-textbook fashion, Mr. Z was making use of one of the oldest tricks in the book. The Windows Event Viewer is simply an administrative tool that displays information about significant events that occur on your computer. Scammers make use of it because “significant events” are often just little glitches, such as a program failing to launch or update. Over the lifetime of a typical computer, many of these glitches will be logged as an event, and displayed as a warning or an error, even though they are not necessarily critical– or even noticed by the typical user.


As someone who works with computers on a daily basis, our friend knew the Event Viewer trick all too well, but, still, he played along. Feigning concern, he asked Mr. Z if all those warnings and errors in his Event Viewer were a problem.

With the utmost seriousness, Mr. Z confirmed that they were.

Step 3: Have them download TeamViewer and Establish Remote Control

It was about at this point that our friend decided to share the fun. Having read about this type of thing before, he knew that the next part of the scam would be to connect to his computer with a remote administration software. This type of connection can be dangerous if given to a stranger because it allows them to control your computer.

Fortunately, malware researchers have useful tools called virtual machines. A virtual machine is essentially an operating system emulator, which allows the researcher to study malware in its natural environment, without having to infect their own computer. Our friend knew that Emsisoft’s researchers used virtual machines on a daily basis, and since he didn’t have one of his own he decided to pass the scammer on to us.

As expected, Mr. Z told our friend that the only way to fix the warnings and errors that appeared on his Event Viewer would be to download TeamViewer and grant Mr. Z remote control. Here, our friend once again complied; however, instead of supplying the access code to connect Mr. Z to his computer, he gave Mr. Z the access code to connect to ours.

The Scare Tactics

Here is where things get really interesting.

Mr. Z is connected to one of our virtual machines in Europe. He’s been told by our friend, who lives in North America, that he’s going to let his daughter take over the computer because this whole TeamViewer thing is way too complicated for him. Mr. Z is no longer on the phone with our friend from Bleeping Computer. He’s in a TeamViewer session. With us.

In a typical Microsoft Tech Support scam, this is usually the point where all hell breaks loose. Malware infection, sensitive file rifling, installation of a covert backdoor for future access – you name it. Mr. Z could do anything, and we were ready for it. To test Mr. Z’s legitimacy, we even infected our virtual machine with malware, to see if he would notice – but notice he did not.

Through it all, Mr. Z had one primary objective: scare us into thinking something was wrong, and then sell us his “support program,” which would magically fix it all.

Step 4: Reiterate the Event Viewer Problem

The first scare tactic Mr. Z employed was a rehash of his Event Viewer shtick. We were, after all, the original contact’s “daughter,” and we needed to know what the problem was.

The Lies:

MRZ-PC (8:04 PM):

i m showng u tis again becoz befor line ws dissconnctd

EMSISOFT-WIN764 (8:05 PM):


MRZ-PC (8:06 PM):

these r the error n warning which z harming ur computer


EMSISOFT-WIN764 (8:06 PM):


I don’t see errors

can you show it with the mouse pointer?

MRZ-PC (8:06 PM):

u knw wat , ur computr z very slow

these r the errors ok


EMSISOFT-WIN764 (8:07 PM):

yes, I see it now

that looks quite bad

can you fix that?

The Truth:

Event Viewer is a normal part of your Windows PC, and logged warnings and errors are just minor glitches. To access Event Viewer on your own, open the Control Panel, then click System and Security > Administrative Tools > Event Viewer.

Step 5: Tell them about “good files” and “bad files”

Before he would “fix anything,” though, Mr. Z had an educational agenda. Showing us a few little event errors was not enough to achieve his ultimate goal. Like all scammers, Mr. Z needed to misinform us and instill fear. Mr. Z, in a nutshell, needed to show us which computer files were good, and which computer files were bad.

According Mr. Z, good files could be deleted and bad files could not.

The Lies:

MRZ-PC (8:07 PM):

ok , jst go ahead n try to delet them ok

yes m here to help u , first f ol u hav to try to delet hthem if u nt able to delet them, i will help u ok /

EMSISOFT-WIN764 (8:08 PM):

erm, okay


MRZ-PC (8:09 PM):

do u see ther z no delet option

it means u can not delet them by your own


MRZ-PC (8:10 PM):

yes u can not delet them by your own , becoz some f the errors n warnings truns in to virus tats the reason u can nt able to delet them by your own

EMSISOFT-WIN764 (8:11 PM):

ah, I see

MRZ-PC (8:12 PM):

can u see i click on team veiwer and they giving nme the delet option becoz teamveiwer z a good file and good file always gives u the delet option n bad file never giv u the delet option , remember tat in future like u will know which z th good file n which z bad file


EMSISOFT-WIN764 (8:13 PM):

oooh, so for good files you have a delete option and for bad files not gotcha!

MRZ-PC (8:14 PM):

these errors and warnings they harm your computer services , services means which runs your computer , which z very impotant to your computer

now let me go ahead n show u th services

The Truth:

The “files” Mr. Z was trying to have us delete were really just logged events in the Event Viewer. Furthermore, whether or not a file can be deleted has nothing do with its maliciousness.

Step 6: Tell them about the “dangers” of stopped services

Now that we were good and concerned about our evil files which we could not delete, Mr. Z needed to make it clear why these files were such a problem. According to Mr. Z, the bad, undeleteable files were disabling our services – and if it got to the point where all of our services were disabled, our computer would die.

The Lies:

MRZ-PC (8:16 PM):

so these r the services which z very important to your computer , n now u can see ther xz so mny services hav stopped working ?




EMSISOFT-WIN764 (8:17 PM):

I see

MRZ-PC (8:17 PM):


EMSISOFT-WIN764 (8:17 PM):

I guess in the middle pane it says stopped, not stopp

MRZ-PC (8:18 PM):

its a same thing


EMSISOFT-WIN764 (8:19 PM):


MRZ-PC (8:21 PM):


can u see , 70% services has stopped runing inside your compuyter , n only 30% serivices z running inside your computer , which z not good

EMSISOFT-WIN764 (8:24 PM):

can’t I just start them or so?

MRZ-PC (8:24 PM):

onec these all sevices will stopped running , your computr will completely stopped and u can be able to use your computer any more

yaa u hav to reinstall the services


EMSISOFT-WIN764 (8:25 PM):

omg, would that mean we’d need a new computer?

MRZ-PC (8:25 PM):

no , i mm here to help u out , we will repair the services


now let me go ahead and check youir antivirus

EMSISOFT-WIN764 (8:26 PM):

phew, okay, I was scared there for a sec

The Truth:

Services are simply background processes that perform many tasks on your computer. They do not appear in your point-and-click graphical user interface, and instead operate behind the scenes. To take a look at which services are running on your PC, simply press CRTL ALT DELETE, open the Task Manager, and then click on the Services tab. Here you will see that some services are running and some are not. This is not a problem. Services are designed to automatically start and stop when they are needed and when they are not; and, as Elise points out at 8:24, a stopped service can be started manually. Just right click.

Step 7: Tell them about their “useless” antivirus

After showing us what was wrong with our computer, Mr. Z needed a scapegoat. Computers don’t just stop working on their own, mind you. To explain why we had undeleteable files that were disabling our services, Mr. Z pointed the blame at our “incompatible” and “useless antivirus”…Emsisoft Anti-Malware!

The Lies:

MRZ-PC (8:29 PM):

ok let me go ahead and sjow u , your antivirus status


ok i click on compatability

MRZ-PC (8:29 PM):

now can u see thr z a written \

MRZ-PC (8:30 PM):

run tis program and compatabilty mode for windows XP service pack 3


EMSISOFT-WIN764 (8:30 PM):

but isn’t that unchecked?

MRZ-PC (8:30 PM):

so it means , your anti virus z nt working ion your computer


The Truth:

Right click on your Emsisoft Anti-Malware shortcut, choose Properties, and then click on the Compatibility tab. You’ll see a drop down Compatibility mode menu which allows you to manually set the operating system for Emsisoft to run on. This menu was Mr. Z’s proof that Emsisoft Anti-Malware was incompatible with our computer!!!

Now, we were willing to play dumb…but not that dumb, so we pressed this whole incompatibility issue by running a scan.

More Lies:

EMSISOFT-WIN764 (8:31 PM):

but it runs, I mean, I can’t trust what it says?

I have another antivirus I think

MRZ-PC (8:31 PM):

if u hav a very good antivirus in your compter , those errors & warnings will never enter in to your computer

EMSISOFT-WIN764 (8:32 PM):

okay, I’m running that too now

look, it found stuff!!!!

MRZ-PC (8:33 PM):

its just showing u yay z running , but actually it z nt running , tats why there r somany error n wrnings in your computer

EMSISOFT-WIN764 (8:33 PM):


MRZ-PC (8:33 PM):

u paid for tis antivirus or its free ?

EMSISOFT-WIN764 (8:33 PM):

okay, I won’t click on that message then

my father did, yes

or he got a free year license or so

MRZ-PC (8:34 PM):

how much un paid ? or u paid yearly or monthly or something like tat ?

EMSISOFT-WIN764 (8:34 PM):

let me ask him

MRZ-PC (8:34 PM):


EMSISOFT-WIN764 (8:34 PM):

he says he paid 30 dollar yearly

but he got a free license from a friend

MRZ-PC (8:35 PM):

ohhhh really , u r payng t30 dollr yearly for tis useless anti virus


EMSISOFT-WIN764 (8:36 PM):

well, idk, but it is detecting stuff right now, although it doesn’t seem to help much

MRZ-PC (8:37 PM):

see , these r use less , if it really works then u will not get these errors in your computer


EMSISOFT-WIN764 (8:37 PM):

thats true

do you know what I could use best?

More Truth:

Emsisoft Anti-Malware was indeed working. It was detecting the malware we had pre-loaded onto the virtual machine before the TeamViewer session even began!

Step 8: Scan the computer’s brain

Now that Mr. Z had shown us the error of our ways, it was time to start problem solving. As he had so clearly shown us, we were running a useless antivirus that was allowing undeleteable files to disable our services! To provide a more accurate diagnosis of the situation, Mr. Z began by scanning our computer’s brain.

The Lies:

MRZ-PC (8:38 PM):

now let me go ahead n scan the brain f brain f your computer n let seee wat it says , if u hav any iother any problm tis scan will tell us


i will tell u

EMSISOFT-WIN764 (8:38 PM):


MRZ-PC (8:38 PM):

about th best antivirus fr ypur computer

MRZ-PC (8:45 PM):

jst wait it will tak same time


EMSISOFT-WIN764 (8:45 PM):


MRZ-PC (8:46 PM):

just look at the first window

what z wrtten over there ?


EMSISOFT-WIN764 (8:47 PM):


it says something about a trozen

whats that?

the second says warning

and the other something about the license

MRZ-PC (8:47 PM):

yes, do you knw wat z trojen virus ?

EMSISOFT-WIN764 (8:48 PM):

I know its bad yes

The Truth:

Mr. Z did not scan our computer’s brain. Instead, he just typed tree c:\ /f into the command prompt. This is a harmless command that simply creates a “tree-styled” graphic display of the specified directory in the command prompt. In this case, that display was quite large, and as it was created it simply looked like a scan. To see this in action yourself, open your command line prompt (find it using Windows Search), type tree c:\ /f, hit Enter, and voila – you too have “scanned your computer’s brain.”

If you take a closer look at Mr. Z’s brain scan, you’ll also see 3 messages at the end:


trozen virus found -250

computer liscebse will expire will expire in two week

First of all, these messages have nothing to do with running tree c:\ /f. If you type the command yourself, you can see that none of them appear after the command has run. So how did Mr. Z make it look like his brain scan had produced these results?

He typed them into the command prompt. And by the looks of it he used a broken keyboard.

Just as you can tell your computer’s command prompt to run tree c:\ /f (or any other command for that matter), you can also tell it to run warning!!! This isn’t a command the command prompt recognizes, though. In fact, if you take a closer look you’ll see that this lack of recognition is indeed the prompt’s response.

Step 9: Reference the Almighty Google and Wikipedia

Mr. Z was now moving in for the kill. Having used his extensive technical knowledge and highly effective brain scan, he had shown us that our computer was infected with “trozens.” Mr. Z. wanted to be absolutely sure that we were aware of the dangerous, though. Mr. Z needed us to understand what these “trozens” were… and to Mr. Z, there was no finer way to do so than through Wikipedia and Google.

MRZ-PC (8:48 PM):

ok let me show u wat z exactly trojen


EMSISOFT-WIN764 (8:49 PM):


MRZ-PC (8:51 PM):

yes m showing u , wat trojen vius

ok m gonna type trojen in the google n let see wat it says …..


EMSISOFT-WIN764 (8:53 PM):


MRZ-PC (8:53 PM):


EMSISOFT-WIN764 (8:53 PM):

sorry, some text appeared

MRZ-PC (8:53 PM):

just wait … m doing somthng so do not touch your computer

opk , now go ahead n read the highlightd line

tis z about trojan viruses


EMSISOFT-WIN764 (8:55 PM):


I understand

that sounds quite bad

MRZ-PC (8:55 PM):


below tat u can see ther z a written purpose and uses

EMSISOFT-WIN764 (8:56 PM):


MRZ-PC (8:57 PM):



and below that

EMSISOFT-WIN764 (8:57 PM):


MRZ-PC (8:58 PM):

thr z a written crashing the computer wit blue scree up death

let me show u

the blue screen


EMSISOFT-WIN764 (8:58 PM):

oh, I’ve never seen that

but it looks baad really :(

MRZ-PC (8:58 PM):

can u see the blue screen ?


EMSISOFT-WIN764 (8:59 PM):

yes, I see it

MRZ-PC (8:59 PM):

if trojen will crtash your computer then u can see the blue screen

EMSISOFT-WIN764 (8:59 PM):

oh, and I definitely don’t want that

MRZ-PC (8:59 PM):

and when ever u turn on your computer

u can see the same screen

n they will ask u to restart your PC again

and no matter

haow many time u go ansd open your computer , u will get the same screen

EMSISOFT-WIN764 (9:00 PM):

I see

MRZ-PC (9:00 PM):

and just below that can u see ther z written , ELECTRIC MONEY THEFT

it mean they can steal your money from your BANK ACCOUNT

EMSISOFT-WIN764 (9:02 PM):


MRZ-PC (9:02 PM):

jst below tat thr z a writtn , DATA THEFT

EMSISOFT-WIN764 (9:02 PM):

yes, I see

MRZ-PC (9:02 PM):

DATA THEFT means they can steal your personal infirmation from ur computer



EMSISOFT-WIN764 (9:03 PM):


MRZ-PC (9:03 PM):


EMSISOFT-WIN764 (9:03 PM):


MRZ-PC (9:03 PM):

can u see , ther z writtn PAYMNT CARD INFORMATION

now i will like to see u

EMSISOFT-WIN764 (9:04 PM):


MRZ-PC (9:04 PM):









EMSISOFT-WIN764 (9:05 PM):



I sometimes shop online

and I think my father does banking

MRZ-PC (9:06 PM):

hav u read tat thing ? m asking u something?

EMSISOFT-WIN764 (9:06 PM):


MRZ-PC (9:06 PM):

i think u hav to stop doing tat things

EMSISOFT-WIN764 (9:06 PM):

yeah, I’ll definitely stop that

MRZ-PC (9:07 PM):

you shuld nt do tat things UNTILL N UNLEWSS u do nt remove th TROJAN VIRUS from your COMPUTER .


EMSISOFT-WIN764 (9:07 PM):


MRZ-PC (9:07 PM):


now do u undrstand , wat z TROJAN ?

EMSISOFT-WIN764 (9:08 PM):


The Truth:

There is a Wikipedia article about Trojans.

The Big Sell

Step 10: Give them a .txt file they can’t refuse

It had now been over an hour on TeamViewer. In all that time, we had learned about warnings and errors, undeletable files, stopped services, ineffective antivirus programs, brain scans, and the dangers of “trozens” by way of Wikipedia and Google. Thanks to Mr. Z, we were now completely misinformed and “desperate” for an answer. Lucky for us, Mr. Z had a solution.

MRZ-PC (9:11 PM):

now let me discuss to MY SENIOR TECHNICIAN about your computer

EMSISOFT-WIN764 (9:16 PM):


MRZ-PC (9:17 PM):



m talking to my senoir superwiser about your computer problem

what should be the best solution

EMSISOFT-WIN764 (9:18 PM):

ok thanks

MRZ-PC (9:18 PM):


now m going to write down on the NOTEPAD SOLUTION FOR YOUR COMPUTER



How a Microsoft Tech Support scammer fixes your PC.

A Heartfelt Thank You on Behalf of Bleeping Computer and Emsisoft

Final Step: When they realize it’s a scam, deny everything

By now of course we weren’t even sure if we could still play along. Mr. Z had provided over 2 hours of tech support… and now he was trying to get us to pay for extended service, with poorly written ads pasted into Notepad. In all honesty, this final tactic put us at somewhat of a loss for words, but after some careful consultation with a few of our friends from Bleeping Computer, we eventually developed an adequate response (continuing the conversation in Notepad).


Not to anyone’s surprise, Mr. Z denied all allegations of being a scammer until the very end.


Moral of the story? Some people will do anything to scam strangers on the Internet, even if it’s more work and less pay than getting an actual job. Don’t let them scam you.

Have a great (Mr-Z-free) day!

Your Emsisoft Team.


* Note: All of “Mr. Z’s” spelling and grammar has been left in its original form. If you can’t understand about half of what he’s saying, don’t worry – neither could we! In general, grammar like this – regardless of language – is a telltale sign that you’re dealing with a fraud.

  • MSerif


  • Ricky Lee

    hahaha……nice. We all know what a cat does to a mouse before killing or eating it. It was fun to see Emsisoft playing with this rat Mr Z hahaha…..

    • Josh Javage

      On the other hand, it’s blocked me from running some items I would like to sandbox, but quarantines the object before I can run in one. That’s quite annoying.

      • Fabian Wosar

        You can change the default behavior of what Emsisoft Anti-Malware does with malware it found under “Protection”/”File Guard”. Per default we will automatically quarantine malware detections and display an alert for PUPs. You can switch the behavior for malware detections to alert as well, which will give you the option to decide what to do if a malware file is found.

    • Monika (Emsisoft)

      :) thanks, will pass your feedback on to the team!

  • https://plus.google.com/u/0/+DirkVancraeynest/about/p/pub Dirk Vancraeynest

    Did MR Z and his fellows get caught, or are they still scavenging on others?

    • http://steamcommunity.com/id/tairikuokami Michal Ostrihoň

      It is not like he did anything illegal. People willingly paying for “nothing” is not the crime, it is marketing and proving, that someone actually did lie on purpose is very difficult and if he is in different country, it does not matter anyway. Getting a new teamviewer ID is a matter of secs.

      • Monika (Emsisoft)

        Very well put, Michal

    • Monika (Emsisoft)

      I’m afraid the answer is no. Even if one group in particular gets caught, a few other ones would just pop up like mushrooms in the woods after a rainy day…

      • arahman21

        Well, the other issue being that unless the scammers were complete bonheads, they are in another country (commonly India). Trying to call the police on them just ends up being a waste of time and effort.

  • Fathom This

    Bravo, MCS!!!

  • barb boggs

    Too funny!! Thanks for the entertaining lunch break :)

    • emsisoft_steve

      Our pleasure :)

  • Dan

    I’m in Oregon USA; a few weekends ago, while I’m working online at home, somebody calls our VOiP internet line, tells my wife they’re from Microsoft and that we need to turn our computer on as it’s been sending requests to MS for service and they need to remotely access it; my wife calls upstairs for me; I ask a few questions, and am told they can’t see my PC yet…I tell caller that’s the way it’s going to stay until my phone tracer completes on their line…suddenly, no more caller on other end, slammed phone. As the call came in on an internet Magicjack line (which “needs” several modem ports responding ‘closed’ so it can ping itself back), obviously some scammer with access to internet phone numbers was simply assuming if you have internet you must have more than a phone line…our actual PC setup is fairly well-stealthed itself due to modem/phone issue, and the caller/hacker couldn’t ping it through modem. I wanted to mention this as it involves calling a number not generally visible to the public, like a business or residential line with yellow/white pages listing.

    • http://emsisoft.com/ Sebaztian

      Thanks for sharing Dan! Great idea to get them to hang up! Was that the last time they called?

      • Dan

        It was Saturday August 16, 2014, sometime mid-afternoon USA PDT; no such calls known before or yet since. BTW, I use Emsisoft Emergency Kit sometimes as second-opinion for myself, emergency detection should others need it…update it at least once daily, and for me it’s the best at finding PUP.

        • http://emsisoft.com/ Sebaztian

          Thanks Dan. Glad to hear you’re so happy with the Emergency Kit! Positive feedback always makes our day.

  • Dee Broughton

    Google “virtual machine”. Looooove this. Love Emsisoft! :)

    • http://emsisoft.com/ Sebaztian

      Thanks Dee :)

  • Ritasinger

    Totally cool. I got one of those guys, and a woman as well. The woman kept saying, “Listen to me, listen to me, you have to listen to me!” I said, “No, I don’t.” and hung up. The man had me going for a bit — stupid, I know — until he wanted to connect to my machine. I am pretty tech savvy and know way better than that.

    • emsisoft_steve

      Nice job, Rita. Do you remember the reason they gave for calling? Was it similar to Mr. Z’s “your computer is sending errors to the Windows server” routine?

  • http://www.swingingradioengland.vze.com nigeljames

    My trick is to have an old keyboard next to the phone and tell them nothing they tell me is working they get very annoyed after about 3 hours they can hear the keys going but cant work out why nothing is working

    • Monika (Emsisoft)

      that “sounds” like a good solution indeed… :)

  • Charlotte Mitchell

    This is exactly why I just renewed my Emsisoft subscription – good work and loved the article! Now if we could just get you onto robocalls about “my credit card” -lol!

    • ErniePetoskey USA

      Yes, help us with robocalls. Not just for credit card loans but political calls, surveys and charities!

      • Josh Javage

        Either ask them to add you to their “DO NOT CALL LIST” or hang up, add to block list. Problem solved.

        • ErniePetoskey USA

          The “Do Not Call List” was written by politicians so they exempted them selves and their lobby buddies. And if you hang up on the robocall, it logs you as unanswered and will continue to call until you allow them to complete their call. The same as if you no not answer but your answering machine answers. Their computer knows the difference between an answering machine and a human. Block list works on my computer but not on my telephone.

          • herringchoker

            Find a phone number that gives a Not in Service message.
            Record the tone sequence preceding that message, and add it at the start of your v-mail/answering machine message.

  • Gerard X-Ray Yankee

    Living here in the Benidorm, Spain area we had some of those calling up elderly english speaking people by using local phonebooks with indian accent. So we told the people if they were calling and starting to talk about Microsoft Windows to interrupt them immediately by telling them that we just installed triple glass windows against the airport noise so we don’t need there service anymore. And it worked, they quickly hang up and never call back again because it’s useless to talk to somebody who does not know what XP or WIN 7 is.

    • http://emsisoft.com/ Sebaztian

      That’s hilarious!

  • Lyubo

    Good work Emsisoft. If just about every people could read this it would be perfect. I hope you have enjoyed your chat :)

    You didn’t really paid these idiots, did you? I’m joking! :p

    Emsisoft and Bitdefender are the best!

    • http://emsisoft.com/ Sebaztian

      Thanks Lyubo!

  • Altabear

    Awesome! nicely done

  • Gary Gough

    Best I’ve done is keeping them on the phone for 45 mins. Played it straight except I was sitting at a Linux box, oddly everything they asked me to do didn’t work.

  • http://ariel51.wordpress.com/ GrayFoxDown

    Bravo! Love it when these cyberspace creeps get what they deserve.

  • Carmel Bryson-Muir

    Thanks for the good laugh. I’ve had 3 of these phone calls in the last three weeks!!

  • Josh Javage

    My mom fell for something like this. They went in and screwed her computer from accessing the net. I had to rollback her computer, and warn her about crap like this. I can imagine my wife and mom falling for this kind of crap without me there to help.

    • http://emsisoft.com/ Sebaztian

      It’s important to spread awareness so that people are warned

  • Josh Javage

    Back in the first year of Wired magazine, they had articles on phreakers and hackers. Those was some very interesting articles. I miss those professionally written tales. Over the years I subscribed and resubscribed, but nothing ever came again from Wired, which went over those types of people.

    • Monika (Emsisoft)

      Josh, feel free to submit concrete topics you’d like us to cover in the future by simply replying to one of our newsletters and change the subject to “Content proposal for blog.emisoft.com” or similar. Looking forward to your submissions!

  • Ross Banick

    They called my friend recently and he had them on for an hour. Same scenario. What they’re after is the PAYPAL account, that they’ll have you make if you go far enough. They will swear to get it, and the proof is in the audio file posted here…

    Notice the swearing from 21:30 to 23:50 and again at 32:24 to 33:29.
    The scammers were not happy.

  • Zzarzax

    I frequently get them calling me, I do one of three things ask for their name and address of their company that usually gets an automatic disconnection from their end, just slam the phone down as soon as they tell me who they are or say “F*** Off Scammer and then slam the phone down.

    • emsisoft_steve

      Option 3 makes for a much shorter chat log :)

  • Top Tucker

    Apparently this scam originates from India with some guy from Rajasthan spouting a lot of foul language. Listen to the audio Ross Banick has posted. The following seems to be one of their addresses.
    Glorihosting Technologies Pvt. Ltd.
    A-147 District Center Jawahar Nagar Kota
    Rajasthan, India – 324005
    Phone: +91-744-2405338 ,+919166666040,+919530450149
    Email: *** Email address is removed for privacy ***

    • http://emsisoft.com/ Sebaztian

      Spreading awareness about a scam and exposing them is probably the best way to fight these scammers

  • Monika (Emsisoft)

    Glad you liked it!

  • Monika (Emsisoft)

    oh dear. playing dumb seems to be the smarter strategy with those scammers. they probably don’t like to be on the dumb end of the line ;)

  • Monika (Emsisoft)

    of course. in theory.
    thinking of tons of spam emails in my inbox every day, that I’d say are illegal too. but usually not much I can do against (except filtering and warning others).

  • Monika (Emsisoft)

    happy to hear!

  • Archibald Tuttle

    I almozt wetted my zelf!! That was zo funny. Almozt unbelievable what trickz they try. However, my grammar haz been affected by thiz………..any zolution Mr. Z? Pleaze call me!

    • emsisoft_steve


  • Dale Juneau

    Cool, I have done that before, Love messing with scammers so bad and yeah even went so far as sending a report to the Internet scam site for the FBI. and they paid a “friendly”visit to the scammer…

    • http://emsisoft.com/ Sebaztian

      Good job! They told you that they found him and he was based out of the states?

      • Dale Juneau

        Actually the scammer messaged me through a chat room which is where it started, scammer goes “why did you report me, now my boss is mad” I said to her hey I warned you that I would do that. LOL have not heard another peep from that group. They were targeting deaf people.

  • Geoff F

    I’ve also heard of this being done with honeypotted VMs with zip bombs or malware infected files. Well done on keeping him going for so long! I’m sure I would’ve gotten frustrated with reading his atrocious English well before that.

    • emsisoft_steve

      Speaking of patience, it is kind of amazing how long Mr. Z was willing to keep going. This whole interaction lasted over 3 hours.

  • emsisoft_steve

    It was funny how he got all defensive. One of my favorite lines from the Notepad conclusion was: “if i m scammer ther z no need top col u, i can scam you without you calling you as well i show u th every thing, what z going on your”

    Translation: No, I’m not a scammer, but if I was I’d be so good at it I wouldn’t even need to call you – I could just hack into your computer.

    Seriously, something a child would say (but probably with better spelling).

  • http://emsisoft.com/ Sebaztian

    Great advice on some “defense” strategies :) I don’t think they care about any moral values though because they must be well aware of their wrong doings

  • http://emsisoft.com/ Sebaztian


  • blaKe+

    Haha, I hope “Mr. Z” finds this article. That was great! What an idiot.

  • marksv

    LOL!!! Been a long day and this was a nice chuckle. I’m always jealous that I have never been able to speak to one of these dirt bags. Have a VM all ready them.

  • http://www.nbrogi.com/ Niccolò Brogi

    Having to put up with the spelling z pretty bad. I like how he misspells trojen (cit.).

  • David

    About a years ago, I got scammed by a tech from Bombay whose website looked exactly like the company I was trying to reach. I’m no techie, so, it took me awhile to realize what was going on. I contacted the REAL company by phone – and they were aware of the scammers. Then I called PayPal, who reimbursed me, and went after “Mr.Z”. Oh-Em-Gee, was he mad!! He swore up and down that he worked for the company – until I told him, “They’ve never heard of you”.

    “Ok, I work on your computer for 3 hours and you cheat me out of $100.00″.

    “You took the money under false pretenses. The company says they don’t charge for tech support. You lied to me. Goodbye”. He kept calling me every ten minutes – so I blocked him from my phone and changed my email address. Fortunately, all my important files are stored on an external drive.

  • Wolf Baginski

    I’ve had a few of these calls, and they seem to come in bursts. Maybe the kids going back to school is a trigger, It can soon get tedious, but…

    1: Tell them that your ISP has just changed your IP address to in an attempt to fix poor performance.

    2: Tell them you are transferring the call to the cyber-security section and then, in a different accent: “218 Squadron cyber security. Flight Lieutenant Bloodnok speaking. The trace on this call has given me a list of our prior business, and I have already reported your non-delivery of artistic costume photographs of Indian young ladies.”

    3: “You’ve been monitoring this computer?” (Off mic) “Inspector, there’s somebody here who knows what’s on the computer. Tracing the call now.”

    4: “Sorry, my computer runs Linux, not Windows.”

    These days I usually just hang up, though #4 still seems worthwhile.

  • http://www.stevenirish.com/ Steven Irish

    Enjoyable read, thank you! Hopefully this article keeps spreading :D

    • emsisoft_steve

      You’re welcome. As long as there is an Internet, there will probably be Mr. Zs. It is important for people to know that they exist and how to spot them.

  • Minecraftiscewl .

    Why would he think anyone would believe a professional would have such terrible language.

  • http://designtechsoft.com David Okunmuyide

    LOL. Nice job Emsisoft.

  • CWL

    Did y’all report them? they just called me with a number 656 and said the scam “We’re from PC support, I said I didn’t call you and they said my computer is sending out….” ! I yelled at the OH Bullshit and hung up! It was just as you said in the post. Did you guys report them? I will if I know who to report them too? Oh and I blocked them on my phone and they were totally from INDIA!

    • emsisoft_steve

      Good to hear you weren’t fooled :) We did report our scammer’s TeamViewer ID to TeamViewer for verification, but as Michal points out below getting a new ID takes a matter of seconds. It would seem the best defense for now is a good slam of the phone and spreading the word to others. Thanks for sharing your experience.

  • OnTheRightInTampa

    I have spoken to many support people – not One go them used such poor grammar, spelling and contractions. Apple/MAC support folks have ‘been able to see my screen’ (after appropriate download & granted permission, using a ‘random’ permission code. They never actually Control my computer, but use a Yellow Pointer arrow or box – and I must make all ‘Actions’- Extremely Professional – as are Many other support personnel at Real Companies.

    I would recommend that you request Their call-back number & extension – If they will not comply…. Bye!

    • emsisoft_steve

      Same goes for spam and phishing emails. Poor grammar? Usually a scam.

  • greenman2288

    this is just beautiful. Bravo.

  • Eddy Watts

    Well Done Emisoft. I always try to wind these scammers up as while they are on the phone to me they are not conning any one else. Perhaps we could start a completion for fun to see who can keep them going the longest( I have manged 15 minutes, but will try again using a vd). They are quite stupid, as having been told they have called vale computers a pc repair firm they still go ahead telling me my computer has problems, got them the other day when I asked which one of my four pcs he was talking about.
    Had a call which amused me recently from what a young lady (in english) Who said “its the World wide web talking” When I finished laughing I asked her which i of the millions on the web she was ,she insisted that she was calling from the www and it had found problems with my computer. Wel done again emisoft Eddy

  • Kenaston Akridge

    Hilarious! I need to see more of this :D Can you possibly do a video next?

  • Jarek

    ‘There is no “Windows server” to which all Microsoft computers magically connect, and Microsoft technicians do not cold call their users about critical errors that need to be fixed.’

    so where are all errors send if no to microsoft server? how can i get windows update if not connecting to microsoft servers? and why i gave microsoft my phone number when i made my live account if they never calls? even if calling to user and help with problems is not microsoft behavior, it shouldn’t be like that every self-respecting company should provide support to customers who have a problem with their products?

    i dont know maybe i live in parrarel world where windows update and customer support exist

  • emsisoft_steve

    Good catch. Thanks for the close reading :)

  • http://dynamict.se KristofferT

    And here i’m wishing they’d try to scam me so i could play dumb and have some fun :(.

    Anyone know where they usually harvest the numbers they target for scams? :P. Put a phonenumber out on various sites visible and hope for the best? :)

  • http://gtaxl.net/ Victor Coss


  • http://gtaxl.net/ Victor Coss

    You should of packet sniffed the teamviewer session and got his IP. Simple.

  • http://www.amanthatsaros.com/ Amantha Tsaros

    I just go this call today. I figured right away it was a scam – even though I am not knowledgeable about tech at all. I kept asking the guy to repeat himself while I did google searches and found your site. I asked him to hold and put the phone down while I type this. I wonder if he is still there? Hmm.

    • Mariska

      Glad it was of help! This apparently is a timeless article, these scams are still going around.