The eventvwr phone scam

I just had an … interesting … conversation with a phone scammer who wanted to hack my computer. Here’s the gist of it so you’ll recognize it when it happens to you. Bottom line is this:

If someone calls from “Windows Service Center” asking you to hit Windows+R and type in “eventvwr” they are trying to hijack your computer.

Strong language ahead. You have been warned.

Guy with a thick accent says he’s calling from “Windows Service Center” claiming my computer is distributing malware and hacked software. He asks for me by full name and says he will show me how I have been hacked and how to fix it. For reference the number he called is a new number that has never been made public and was never registered with Microsoft or any software.

I ask him if he works for Microsoft. No, he works for “Windows Service Center” or something similar. He explains it’s a 3rd party responsible for monitoring Windows software on behalf of Microsoft. Knowing that Microsoft does not have contracts with this type of company I already knew it was a scam, but I wanted to see what he was up to.

He asks me to turn on my computer and hit Windows+R which opens the Run window. From there he wanted me to type in “eventvwr”. Of course I didn’t but I let him trail on for a bit pretending I had done what he told me to. It became apparent what he wanted was for me to enable Remote Desktop so he could take control of my computer. Being unsuccessful (because I didn’t activate anything on my end) he kept saying my Software Defender software which comes with Windows (it does not) was buggy and needed to be fixed.

After a lot of back and forth I had had enough and I asked him where he got my number from, explaining that my number is not listed with Microsoft. Boy that got him going:

Mr. Scam: “Sir, you are a software novice and you clearly don’t know what you are talking about. Your computer is infected and I need to fix it. We have security experts standing by.”

Me: “I’m just asking you where you got my name and number from. I never registered this number with Microsoft.”

Mr. Scam: “I am trying to do you a favour. Microsoft has asked us to fix your computer.”

Me: “But Microsoft doesn’t have my number.”

Mr. Scam: “Listen to me you asshole. You are not computer savvy. You are a novice and you don’t know anything about computers.”

Me: “Actually I am a beta tester for Microsoft and a leading technology expert. You are trying to scam the wrong person.”

Mr. Scam: “You work for Microsoft?!!?!? Fuck you motherfucker asshole.”

Me: “And that’s all the proof I need you don’t work for Microsoft.”

All I heard from that point on was beeping so I assume he was trying to figure out how to hang up his computer.

Having a hunch this wasn’t the first time the guy had tried this scam I did a quick search on the interwebs. And look what I found: A YouTube video of someone having a conversation with the exact same guy trying to do the exact same thing!

More information about Microsoft phone scams:

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

http://www.microsoft.com/en-gb/security/online-privacy/msname.aspx

96 thoughts on “The eventvwr phone scam

  1. Just got the same thing from 818-671-1881. Lady tried pretty hard but let my sarcastic side take the lead. Not actually doing what they wanted I asked for the supervisor. Another foreign accent (surprise surprise) comes on trying to convince me. I asked why I should trust him and he responded with do I want their service call number. I replied with NO, I want your bank account number and I promise I won’t do anything to your account. He then threatened to lock my computer. HAHAHA

    1. Just had them hang up on me. Every once in a while I sit here (computer off) & follow their instructions. “Type E as in elephant” etc. They figure out I’m entering the entire phrase… Start over. It usually takes a while before they start cussing.
      Today, I added screaming about what my imaginary kids are doing to the cat and asking where my glasses were.
      I finally told them and said they could start talking about what they were going to do to my mother.
      The guy just sighed and hung up.

    2. Just now, phone call from sweet sounding heavily accented woman. Right away knew something was up. She said she was with the Windows Department. My computer has been flagged as having been infected and I was to follow her directions in order to remove the problem.
      Is my computer open? She asked. In order to stall her I said I have to open my computer. Meanwhile I first asked for her number in case we got deleted, googled the number given. That was no help. When I told her I was ready, she gave me the file name to enter on the Ctrl/Windows icon buttons she asked me to press. It was EVENTVWR. That’s when I quickly googled this word and saw the lists of hacker comments.
      When she asked to tell me what it was that was showing on my screen, I told her I was seeing “Computer Hacker”. She asked—What? And I repeated “Computer Hacker”. It took a moment to sink in with her before she hung up.
      Seems like they have made their way here now….over the pond. 🙂

  2. Yep just got the call. He gets pretty pissed off when he figures out that you’re playing with his head. He told me to do something really wrong to my mother.

  3. Just got the same call, (800) 624-9896. Said he was from Dell, I told him I didn’t understand I had an hp. Didn’t follow along to any steps just played along. He knew me by “Mr. Robert” I told him I thought we elected Trump to stop the outsourcing of jobs. He told me to fuck off called me a dirty bastard and a bunch of other stuff I couldn’t understand if I wanted to… lol

  4. I got one of these today. I played along until he called a supervisor. Supervisor came on and told me to do the Windows+R and run eventvwr. i told i did and he asked for verification. then he got upset and told me i was going to lose my head when he arrived at my house. Hilarious!

  5. Had a phone call from a similar scammer last week. I was at my mother’s home and they rang. She answered, but upon susptecting something was not right, I took over. I had heard of this scam before, but didn’t know the exact details.

    Scammer: Sir, we have had a report that your computer is infected (or words to that effect);
    Me: Who are you looking for?
    Scammer: Sir I only have the computer id, but no name.
    Me: Okay (I wanted to play along).
    Scammer: Are you the owner of the computer?
    Me: er…yes..?
    Scammer: Have you got the computer in front of you.
    Me: No. But I can start it up.
    Scammer: Yes, can you do that.

    Me: Okay, I have started up the computer. What now?
    Scammer: Can you see the four-windows button on the bottom left of your keyboard? Near the control key – C-T-R-L.
    Me: Yes.
    Scammer: Press the windows key with one finger and press the R key with another finger.
    Me: Okay.
    Scammer: What do you see.
    Me: Erm…a window popped up.
    Scammer: What do you see.
    Me: Not sure – it’s not a window I am familiar with…
    Scammer: It’s the ‘run’ window. Can you type in E-V-E-V-T-V-W-R?
    Me: Yes.
    Scammer: Press the okay button.
    Me: Okay.
    Scammer: What do you now see?
    Me: Some other window has popped up.
    Scammer: Sir, are you a minor?
    Me: No.
    Scammer: You sound as if you are 20-22 years old. Are you a minor?
    Me: No.
    Scammer: How old are you?
    Me: A bit older than that.
    Scammer: What do you see?
    Me: A window, but I can’t make out what it is.
    Scammer: That tells me that you are not typing anything in, and not following my instructions.
    Me: I’ll try again.
    Me: What version of windows should I have?
    Scammer: What?
    Me: What versions of windows should I have?
    Scammer: Windows 10.
    Me: That is probably this is not working – I am using Vista…
    Scammer: Do you think you are smart?
    Me: What did you say?
    Scammer: Do you think you are smart?
    Me: Did you just swear at me?
    .
    ps: As you will have gathered, I didn’t have a computer in front of me…

  6. I just got a similar call. I live in London. He said he was working for BT (British Telecom) and I had some malware on my internet router. (oh noes!!)

    After I brought up event viewer and played along a bit more he asked me to type in teamviewer.com in run.

    At that point I was like.. ‘I already have teamviewer installed!’.

    “You already have teamviewer installed?!!!!” – Scammer is barely trying to contain his excitement at this point. We’ve been on the phone about 7 minutes.

    Then I just started laughing and told him I hope I wasted some of his time, and told him to ‘fuck off mate’.

    He called me a motherfucker. I laughed some more. He asked me why I was laughing. I just kept lol’ing. He hung up.

    I hope someone calls again trying this scam, its great when you pull of a big reveal at the end like that.

    1. I just had this call 08/05/2017….Same thing…same process…someone called me from the””” windows centre”””…trying or write something on the Windows+ R….Please be careful.. I am living in France, Paris….

    2. ha! this is EXACTLY what just happened to me. Even the motherfucker is the same. Too funny.

  7. hehe, i led one of these guys on for 8 mins before I came clean. He called me a “mother f*cker” probably 10 times then hung up on me.

  8. I also got a call today from such a pakistani and his “Supervisor”. I am not a computer expert so I told them that I would like to Google “eventvwr’ first to make sure it is not some sort of a scam. All I got was a loud click sound and that was it!

  9. haha i got this call today at my work. I obviously didn’t do it but he didn’t say he was from Microsoft he told me he was from HP. He did have the name of the Company owner. I had run messing with him. the number that showed up on my call display was 1609-225-5799

    1. Had a very similar call – I managed to string them out for over 15 minutes. They asked me to type “E for echo”, then “V for Victor”, and so on – I started asking if it was victor or vector, whether Washington (for W) needed a capital like the president, and whether I should be using commas or full stops. But they still didn’t twig they were being scammed back.
      There should be a record for the longest this can be stretched out for. Can I claim it – about 17 minutes and 3 different ‘supervisors’.
      And to qualify you have to make them hang up on you!!

  10. Thanks for recording…..that was helpful.
    Just got a call from a thick accent guy. Could be Indian or Pakistani. He asked me to do the exact same thing and I acted like I am doing it he got frustrated and finally hung up. I told him I will take it to best buy since I don’t know how to diagnose computers. Idiots need to find a real job……

  11. 6/8/2017 – 2:30pm cst USA

    Phone call from ” ( 642) 214 -424 – 90651 – ??? from called ID

    Scammer “claimed” he was from Microsoft and my computer was infected

    Heavy middle eastern or Indian accent male

    wanted me to TYPE in “EVENTVWR” into the RUN window of Windows

    KNOWING full well this was a scammer I kept him on the line toying with him for over an hour, playing around with him trying to type in those words

    finally in the end, he asked me what I had typed and what message box came up ?

    I told him what the message box said ,,,,,,,,,,,,,,

    it says, your a Scammer, a Fraud and you can’t speak English worth a jack diddly Shit !

    That’s what I told him it said !

    I then told him it must be TRUE because I can’t understand a frickin’ word your sayin, dumb Ass ,,,,,,,,

    then the phone went,,,,,,,,, Click !!!!

    Dumb Ass Middle Eastern scammers and indian scammers and Nigerian scammers !

  12. In Australia…

    I started today with one of these EventViewer guys about 4.30pm my time.
    We got to the point with TeamViewer where all I had to do was press the button marked “Allow Remote Access” and he was into my machine.
    But for some mysterious reason the button wasn’t working, which frustrated him no end.
    Around 6pm I left him hanging on speakerphone while I went to get dinner, under the pretext of answering the door.
    I could hear his little plaintive calls for about 15 mins afterwards….”hello? hello?”.
    Eventually he hung up.

    But he rang back about 5 times, and each time I answered and pretended not to be able to hear, figuring I had better things to do.

    The 6th time I decided to give up and speak to him, or Joseph as he now called himself. I first asked him what his number was so that I could call him back if there were further problems. He gave me 1800 617 894.

    To paper over my non-responses on the phone, I said it appeared those dirty hackers and scammers had obviously got into my phone as well. I acted angry and asked him what was it with those #$@# scammers…were they not ashaming their ancestors & parents and why did they not have the balls to make money the honest way and actually add value to the world.

    Joseph said not to worry, he was there to fix my computer and get rid of those hackers. However, we continue to have the same problem, whereby everything was working right up until I clicked “Allow Remote Access”. So again I expressed anger with these scammers & hackers and called them all a bunch of wasteless losers.

    Joseph passed me over to a lady with a heavy sub-continent accent by the name of Mary Pearce. She also tried to get, unsuccessfully, the remote access working with TeamViewer. I again gave her a gobful about these pathetic scammers & hackers, and asked her too why would these piece of shits do this…trying to take money of old people like myself.

    Mary didn’t know, and eventually passed me over to a technical expert. He too was unable to get the remote access working, and who heard my gripes at these pathetic, small-pronged scammers & hackers.

    The technical expert then passed me over to a manager called Mark, who also had a thick sub-continent accent.

    After Manager Mark heard my complaints about these scammers & hackers who had got into my computer and phone, he said he would send out some technicians to fix my problem. He said it would only cost Rupees…sorry, Dollars 2.99 to get them to my house, and asked did I have a credit card. I said no, but that I had $10 on me and when the technicians arrived I would give them the $2.99. He said that wouldn’t work because the technicians needed the money in advance. Regardless, I gave him an address quite some way out in the country, and said I would pay the taxi fare for the technicians when they arrived.

    But Mark then gave me a 20-digit ID to write down, presumably for some money transfer. He asked if I could get to the bank, and I said I could but not till the morning. He said he would ring, although in the afternoon (probably because he was in a different time zone and wanted to sleep during the night). I said I would be out in the afternoon, and that he would have to ring me in the morning. Eventually he agreed to that.

    Mark then asked if I could not tell anyone about this, in order to allow his team some time and privacy to be able to track down the hackers. I said like hell, and that I was calling in the police because I wanted these scammers to go to jail. No, no, he said, there’s no need to call the police because he and his team will look after it. I thanked him and his team for his help, but insisted on getting the police involved because these scammers were despicable people and deserved to go to jail.

    He asked again if I could leave out the police and just wait for his call in the morning. I thanked him again and said I looked forward to his call and that while I appreciated what his team were doing, I was indeed going to have the police with me when he called.

    Mark said ok, albeit with a somewhat resigned tone, and wished that God would bless me for the night.

    Tomorrow I will await his morning call…

    1. I received the phone call the next day (actually, have had a lot more from them…they must have believed they were onto something).

      Basically it was more of the same. Lots of pressure to go to the bank, immediately, to pick up the $2,000 he had just deposited in my bank, while he went to work on connecting to the fake TimeViewer ID & Password I gave him.

      He rang again later to find out what happened at the bank, and I told him no money had arrived. He asked again for the TimeViewer ID & Password, and said he would put the money in again, and that I had to race off to the bank to pick it up, so that he could help clean the hackers out of my computer.

      Then later, for some mysterious reason (perhaps autocall was set up?), I received a call and there was no-one on it. However, I could hear people in the scam center in the background. It pretty much sounds like a cold-calling job…I could hear them in between calls having a chat and laugh with each other, then they got back on the phone for the next victim. I imagine they do that for 8hrs each day, till they either make enough or tap out.

      Anyway, I recorded about 1:30 hours with my phone of the scammers at work, including chattering in their own language and hopefully providing some useful private details.

      I’m waiting for them to call back, so that I can explain how the Police had put a tracking device in the phone and play them back some of the recording to show proof that it was working. I’ll explain that my local police are working with the Indian police (eg. in Mumbai or Bangalore), and am kinda hoping that will give them a bit of a cold sweat for a while.

      Maybe it won’t, but in the meantime hopefully I’m tying up a decent bit of their time…

  13. Just had the same – believe I was called a wh*re or something similar in Spanish and then Russian (the guy on the phone was trying several languages until I understood the insult) – not the best start to my day….He then said he was cutting off my internet and was sorry, and told me he loved me – LOL!

  14. Exact same guy called me from 844-809-3436. Said his name was Sam Johnson and was from Dell Support. R as in “romeo” gave him away.

  15. They have been in my phone today, a fairly lengthy conversation, (16 mins) said they were from Talktalk (not had them as suppliers for 2 years!) and knew my name, quoted my address to me in full and an account number. (Lots of calls in the past, all ignored, so thought I would ‘go along’). Switched on the lap top, took ages to get a signal!, then put onto a ‘supervisor’ with a British name who sounded Indian. He asked me to do the ‘eventvwr’ bit (I didn’t but made him repeat it all a few times). I The told him I wasn’t an idiot and refused to do it. He really ‘fell out’ with me then and told me he would personally cut my internet access, a female about 6 weeks ago also told me the same – it’s still working…….

  16. A guy with a heavy Indian accent called 7/8/17 from (616)7 73-1587 and gave me a story about my computer sending out a lot of error messages and that he a certified technician working for “Windows Service Center” and was authorized to fix the problem. I asked him which of my computers that sent the errors since I have two and he said it did not matter which one I would use to fix the issue (interesting). I wrote down the “EVENTVWR” on paper and did not enter anything in to the Run window. I asked him what problems I would experience if my computer continued to send these errors. He said that my computer will start freezing up more and more and finally get “frozen forever”. By this time I did not trust this guy – I told him my computer is not freezing up, and if it does in the future I’ll call Microsoft myself – Good bye! I later Googled “EVENTVWR” and came across this scam. Apparently it has been going on for a long time and all over the world.

  17. Video is too funny.

    OMG, just got this same call from 214-641-1352. My husband fancied the lady with conversation and it was kind of funny.
    Husband: “Let me get this straight, you want to show me how to break my computer and then you want to charge me to fix it?”
    Lady: “Yes!”
    My husband eventually got transferred to a “higher level of technical support”. After a while it became pretty hilarious that they thought we would actually run some kind of script or give them access to the computer. I work in technology so I couldn’t resist after about 5 minutes. I had to take the phone and just go off the deep end to let them know how ridiculous they were. I truly hope they are not successful in getting novices to do what they say.

  18. I had a few of these calls during the last weeks. Officially from different countries like Pakistan, UK, and today from the US.

    The guy from Pakistan was funny: I told him that in my country cold calls were forbidden at all. He offered me a CallBlocker service which should have cost me 10 Euro. He was heavily asking me for online banking, paypal etc. while I was heavily insisting on not paying anything for getting my phone number removed from their list. In the end he was trying to become my friend and telling me how much they earn (on salaries) in Pakistan and so on… But in the very end he said he would remove me so they wouldnt call me again.
    Just the next morning somebody from UK called and that call was very short. I dont remember exactly, why it was so short.

    Today, just two hours ago, I had a call from US (++1251…). A first woman asked me to turn on my computer and forwarded me right away to a senior. To shorten it for them, I truthfully said my computer was already running. Even though she said they would be willing to wait for me to turn on my computer. -> 1st agent level: get the victim to the computer
    The second woman asked me to press win+r and type eventvwr and enter. Of course I did since the eventviewer system tool is harmless by itself. — I have 10+ years of professional experience which I told her later in the call when she was three times asking me for my age since I would sound like a minor. — For reasons they were not able to find out (I do not use Windows at all, I have a Linux system :-D), the run dialog gave me an error when trying to run eventvwr (on my linux box)… “file or directory not found.” Since that didnt work out for them, they asked me to go to http://www.support.me, supplied me with a 6-digit code and asked me to download that file and open it. I did since not much could happen on my linux box with a windows executable ;-). After the download finished (here I let them wait a bit claiming my internet connection to be slow), I double clicked on the file and – since my linux box does not know what to do otherwise with an .exe – the file was opened in a plain text editor. -> I told her what happened. That the file opened in a text editor and that despite the file size of over 2 megabytes I could only see two letters (MZ) and a special character. She asked me again, and I told her again. (at that point she asked me for my age). Her knowledge & training was insufficient to handle this problem – I even told her that the file did not “execute” in the way she expected, since it opened only in a text editor. [note: *all* regular windows executable files start with the two letters MZ. back in the old days of DOS, all files had a header section classifying the file type, like GIF89a for .gif files etc.] She transfered me to another senior, a male person which was not as polite as the two women before and who had a strong accent, while I could understand both women clearly. –> 2nd agent level: handle standard cases.
    That guy who already knew from that 2nd female agent that I (truthfully) claimed to have over 10 years of professional experience in IT, asked me again for my age (WTF), and asked me to go to teamviewer.com. He asked me if I knew teamviewer which I confirmed but I told him I would not run it on any of my home computers for over 5 years now. — I never dared to get teamviewer for linux since it is not in the official repositories and I use, except for the steam client, only software from the default repositories of my linux distribution. — He did not even try to convince me to use / download teamviewer in this special support case but rather preferred to ask me whether I want this help or not since he would have other people in the back who’d want his help. Before letting me answer he hang up. –> 3rd agent level: badly trained in handling the real issues.
    Total calling time: some 14 minutes. 3 persons involved on their side.

    It was a bit of amusement for me today again, since today I followed their requests for the very first time instead of rejecting from the start on in one out of many different ways.
    I wonder if I should offer them a teamviewer session somewhen on a virtual machine or on that one (spare) thin client which I dont use at all (still running linux, not windows).

  19. I heard recently about the perfect reply to one of these remote access scammers – the computer owner asked for $2000 and the scammer’s credit card details. He told the scammer that, since it was a problem only for the person who rang, it must be worth that for him to fix the problem!

  20. I just got a call too from a lady with this number : 747 282 2166 and it was not an indian accent but a foreign one that i couldn’t place. And she asked me todo the same.

    When i played along for a bit, she said she is a smart lady and knows whats she’s doing.
    I told her to find a better job but she said, this one’s perfect.

    So i guess they are making good money doing whatever they wanted.
    I want to report this. but not sure who to report to.

  21. I got this same scam call today from 212-824-3102. I played along with typing in the run command while I was googling “call from windows technical help scam”. When he asked if I typed it in, I said yes. Then he asked “what do you see” & I said “I am looking at google search results for “call from windows technical help” and this scam is all over the internet so I’m not going to be running that command until I can call windows technical center myself. He just hung up.
    I wish they would catch and prosecute these guys. This is about the 5th scam that I have personally received calls about. Some scams call me day after day. While I have never fell victim to them, I think about those who might. How it impacts their wallet/life.

  22. Just got the same call myself. From a 1 800 917 9821. Nothing has changed in their script either. I’m a computer engineer and this is ridiculous. I live in Ohio and this is the first time I’ve heard of this.

Comments are closed.