May 7, 2020

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.

The fraudulent message tries to seem more official by listing what are supposed to be the recipient’s IP address and MAC address. The latter term stands for “Media Access Control” and refers to a unique identifier assigned to a computer’s network interface.

However, this address is not visible to others outside of the user’s local network, and in any case the MAC address listed in the scam email is not even a full MAC address, which normally includes six groups of two alphanumeric characters separated by a colon. Also, the IP address cited in the email does not appear to have anything to do with the actual Internet address of the recipient.

Not that either of these details will be obvious to many people who receive this spam email, which states:

“We have found instances of child pornography accessed from your IP address & MAC Address.
IP Address: 206.19.86.255
MAC Address : A0:95:6D:C7

This is violation of Information Technology Act of 1996. For now we are Cancelling your Windows License, which means stopping all windows activities & updates on your computer.

If this was not You and would like to Reinstate the Windows License, Please call MS Support Team at 1-844-286-1916 for further help.

Microsoft Support
1 844 286 1916”

KrebsOnSecurity called the toll-free number in the email and was connected after a short hold to a man who claimed to be from MS Support. Immediately, he wanted me to type a specific Web addresses into my browser so he could take remote control over my computer. I was going to play along for a while but for some reason our call was terminated abruptly after several minutes.

These kinds of support scams are a dime a dozen, unfortunately. They prey mainly on elderly and unsophisticated Internet users, walking the frightened caller through a series of steps that allow the fraudsters to take complete, remote control over the system. Once inside the target’s PC, the scammer invariably finds all kinds of imaginary problems that need fixing, at which point the caller is asked for a credit card number or some form of payment and charged an exorbitant fee for some dubious service or software.

What seems new about this scam is the child porn angle, which I’m sure will worry quite a few recipients. I say this because over the past few weeks, someone has massively started sending the same type of sextortion emails that first began in earnest in the summer of 2018, and incredibly over the past few days I’ve received almost a dozen emails from readers wondering if they should be concerned or if they should pay the extortion demand.

Here’s a hard and fast rule: Never respond to spam, and certainly not to any email that threatens some negative consequence unless you respond. Doing otherwise only invites more spammy and scammy emails. On the other hand, I fully support the idea of tying up this scammer’s toll-free number with time-wasting calls.


83 thoughts on “Tech Support Scam Uses Child Porn Warning

  1. Daniel

    This sounds like an ideal job for YouTube’s KITBOGA!!!

  2. David Williams

    This is a variation on the tech support scam. As mentioned the idea is to get you to allow them to log in to your computer where they will steal anything obvious and watch you log into your bank. They are all in India BTW. There are some great youtube videos of computer geeks scamming the scammers, funny as hell. The shared desktop works BOTH ways. Even some Russian hackers destroying their computers and voip phones with malware. Even got some webcam shots, LMFAO.

    1. Zeno

      Nobody is daring to say it, so I do it: “the king is naked”.
      Sure there are some youtubers who contribute limiting scammer’s damage by wasting their time.
      But those videos of scammers wiping out scammers’ computers are fake. I would love if they really could delete data on scammers pc, but they are not. Look carefully at their videos. Where do you see that they actually make any damage to scammer’s computer? They claim they did it by showing some emptied folder on their OWN computer, they verbally irritate the scammer which starts deleting their data, while they film and laugh at his efforts, since he is deleting useless data on a virtual machine.
      These anti-scammers have found a great business model: a sort of symbiosis with the scammers: thanks to ads on their videos, they make money legally, without being in any way accomplices of the crooks. And I wouldn’t be surprised if some watchers even decide to fund them.

  3. Aarhan Sharma

    there’s a lot I don’t understand in the comments, but I have learned so much from Brian and all of you.

  4. dorthey

    Am I allowed to send emails on child porno?

  5. Sam Hendricks

    Have any one of you heard about KitBoga?
    Watch him in twitch, he bait these tech scammers really hard, quite enjoyable!!

Comments are closed.