practical case around a fake blue screen

practical case around a fake blue screen

For anyone who has never seen one of these blue screens, everything suggests that the message is serious. The placement of the elements, the font, the general style correspond. Here is, for comparison, a real blue screen:

This is the normal behavior of a blue screen: the announcement of a serious problem that led to a crash, the collection of technical information for a report which will be automatically issued afterwards, and the warning that the machine will be automatically restarted. When you don’t know, it is very complex to tell the difference between the two: nothing seems to be obvious.

So what’s wrong? Several elements, unfortunately of the order of subtlety for the vast majority of people, because they come from a good knowledge of computers. You will no doubt have noticed several of them: the mention of Facebook identifiers, the order not to restart the computer, or even the telephone number, which is not a supposedly free number (see our guide on this subject ). Some will also have noticed the “Contact Windows”.

It is especially necessary to specify two crucial elements, which one cannot guess unless you know the computer universe. On the one hand, Windows 10 and 11 integrate an antivirus. They will never “lock” the computer to prevent anything, just like any other antivirus for that matter. It would be counterproductive, since it would no longer be possible to intervene to repair anything.

On the other hand, the blue screen warns that in the event of a restart, it will be impossible to “ guarantee the security of your data “. In no way Microsoft can guarantee this security. No operating system vendor does this, unless we are talking about a specific online service, and then only with regard to the security of data stored remotely.

Microsoft cannot know how you use your computer and, despite certain risk-reducing technologies, cannot guarantee this. Unless you strengthen the system with many settings and adding a host of rules to harden the whole, but we find ourselves on the known problem of the cursor between ease of use and security. Nothing can replace awareness of security issues.

What about calling the “free” number?

Unfortunately, the affected person called the number provided in the blue screen. At the other end of the line, a charming, calm and professional woman. It asks several specific technical questions: what were you doing when the blue screen appeared? What is the error code? Did you restart the computer? Are you connected to the Internet? What is the browser used?

So many questions that lull the vigilance of the victim. The following, on the other hand, should immediately raise the ears: the user is invited to install certain software. In this case, it was ConnectWise Control and AnyDesk, two remote control solutions, a branch rich in products, one of the best known of which is TeamViewer.

This is where the alarm should sound – if not howl – in the back of your head: Microsoft will never seek to take control of a machine remotely, including during a genuine customer service call. Counselors will ask you to complete the tasks yourself. The recommendations made will never go very far either, and can end with a simple advice: find a repairer.

computer repair fraud

If this alarm does not occur, another arrives shortly after, because to perform the manipulations, it is still necessary to be able to access the “locked” computer. In our case, the person was simply asked… to press the Windows key. The Start menu and the taskbar then appeared, which is impossible with an ordinary blue screen, which indicates a total crash of the system. From there, the person was prompted to type “AnyDesk”, which started the search in the start menu, with web add-in if software could not be found.

But when a friendly and polite lady recommends installing software, many do, because it takes on a “messiah” dimension: someone will get us out of this mess.

Computer repair fraud in all its glory

This is where the adventure ends for the victim, because she called us to tell us what was happening. Not to ask if the process was shady in any way, just to tell us. Within seconds of explaining, she had hung up and cut off the Wi-Fi connection on the laptop. After which, a turn in the Windows Settings allowed to remove AnyDesk, installed by him and which was about to initiate a remote takeover session.

This is a classic computer repair fraud. It is very common and is based on anxiety-provoking messages always seeking to mimic the interface of Windows or an antivirus. Objective for malicious people: take control, install software to “repair” the machine, and charge them. This software is often fake, but it can also be genuine, accompanied by fake keys or temporary keys. It will be useless to contact Microsoft: you have carried out these manipulations, the responsibility lies with you.

However, the road does not end here. This type of fraud is so common that it has its own page on the Cybermalveillance.gouv.fr site. Recommendations are given: regularly apply security updates for the system and all software (especially the browser), keep the antivirus up to date, avoid unsafe sites (illegal streaming, counterfeit software, some pornographic sites…), do not install pirated applications, use a user account without administrator rights, do not open attachments in emails from strange addresses or with an unusual or empty structure, or make regular backups .

Above all, the site indicates it in bold: no official technical support will ever claim money.

What if the fraud has already taken place?

And if the damage is already done, even if only in part? Keep as much evidence as possible of what has been done (photos of the screen, telephone number, address of the page visited…), clean the browser (purging the cache, deleting cookies, resetting default settings, even deletion of the profile), remove any installed or “suspicious” applications, run a full antivirus scan, change their passwords, etc. Yes, the operation is daunting and entails a huge waste of time, but the risk must be taken into consideration.

A clarification all the same on the uninstallation of shady applications: beware of zeal. Using a browser, it is very easy to verify the authenticity of an application, or even of a process in memory (list accessible from the task manager). Some names are unfortunately sometimes so generic that one cannot know. If in doubt, do not uninstall, as it may be an important manufacturer-installed application or even a driver. Moreover, in the case that interests us, the victim had only had time to install AnyDesk, which was very easy to remove. If you do a search on “ConnectWise Control”, you will find that we are not always so lucky.

If the fraud has gone all the way and you have paid, oppose it on the card and demand reimbursement from the fake customer service, stating that a complaint will be filed. This is not an empty threat: it is more than advisable to make a report on the PHAROS platform (Ministry of the Interior) and to file a complaint with the police station or the gendarmerie on which you depend.

The Info Escroqueries platform (0 805 805 817, free) can provide advice in these procedures, and it is also possible to get help from a specialized association by contacting France Victimes (116 006, free). For all intents and purposes, Cybermalveillance.gouv.fr publishes a decision tree to guide potential victims.

If we only need to remember two crucial pieces of information, just remember that an official customer support will never ask you for money and will not offer you a remote control. For the latter, it is sometimes found in companies, but it is the subject of a specific contract, most often paying.

Note that this type of fraud is also common in business: the former legal expert Zythom recently told how a company was robbed of 40,000 euros following a so-called phone call from Microsoft technical support.

.

Leave a Comment

Your email address will not be published.