Windows Secrets Newsletter: Scammers & Windows’ Event Viewer

windows secrets

By Woody Leonhard/Windows Secrets Newsletter

Most of the Windows utilities we talk about in the Windows Secrets Newsletter help you work faster or better or smarter, but Windows Event Viewer doesn’t fall into that category.

A powerful diagnostic tool, Event Viewer is now being used by online support scammers who make big bucks preying on people’s fears.

As I explained in my Feb. 3 Top Story, scammers are cold-calling people in North America, Europe, Australia, and other locations, claiming to be Windows support technicians — in some cases, gaining access to users’ PCs and personal information.

The con I discussed back in February described how a caller, possibly from India, contacted a Windows Secrets reader in the U.S. and claimed to be working on behalf of Microsoft support. My reader had posted a support question on what he thought was a Microsoft site. It was a very good con: the scammer knew the reader’s name, phone number, and the fact that he was having a problem with Windows XP. He cleverly convinced the reader to open Event Viewer and look at all the red and yellow flags indicating a malware attack. The con almost worked.

Of course, any phone call to a household in North America stands a good chance of striking pay dirt when the topic is some sort of Windows problem. Call ten people in your town at random, and say you’re calling on behalf of Microsoft (and sound like you know what you’re talking about), and I bet at least one or two of your neighbors will take you up on the offer. In my neck of the woods, it would probably be closer to nine out of ten.

In the case of my nearly duped reader, the scammer first tried to get money for the support, claiming the Windows warranty had expired. The reader was almost convinced to give the con artist direct access to the reader’s home computer via Windows Remote Access. Fortunately, the intended victim smelled something fishy and cut off the conversation. But how many other people that day got snookered by that same wily scammer?

It could be many. Lately, I’ve received a rash of messages from people who have been approached in similar ways. There’s even a post about it on the Windows Secrets Lounge. So be aware of this malicious con. To help you understand how it works, I’ll dissect this specific scare technique — used to make you believe you need their help. It all hinges on Windows’ Event Viewer, which I talked about briefly in my March 4 Top Story on the Windows Reliability Monitor.

Here’s the rest of the story.

This post is excerpted with permission from Windows Secrets.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

How to Fight a Malware War


A tip-filled conversation with Andrew Brandt, director of threat research at Solera Networks, reveals some of the ways hackers sneak malware into PCs.

Read More

Tech Support-call Cons


“Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection.” The call is a scam — an extremely prevalent one. Here’s how it works and what you need to know to stay out of the trap.

Read More