Scammed by Fake PayPal Tech Support? Here's What to Do

Infopackets Reader Kathleen S. writes:

" Dear Dennis,

I really need your help! I have been scammed by fake PayPal technical support.

Here's how it happened: beginning some time in March, 2019, I received invoices from PayPal claiming that I paid for some kind of technical support for my computer. I have no recollection of this, so up until now I've kept deleting the emails, thinking they were sent in error. Flash forward to January 8, 2020, and I received another message stating that if I don't pay the original invoice ($399), I'm going to be charged an additional '$500 late fee,' and subsequent 'fees' if I don't take immediate action.

That's when I decided to call PayPal. The people I spoke with had a very thick Indian accent. From there, 'PayPal' connected to my machine and then had me login to my account. After that, they started asking questions about my bank and credit cards. This went on for over an hour. At this point, I figured something wasn't right and so I hung up the phone.

I then realized that the phone number I called (displayed in the fake invoice email) wasn't the real PayPal, but scammers in India. In the last 24 hours, the scammers have tried to purchase $1800 Australian dollars worth of cosmetics from a website I've never heard of, and a $250 Home Depot gift card. Life Lock has also alerted me that they also tried to open a credit card in my name!

After coming across your article on Easy Net Experts, I am scared to death that the scammers still have access to my machine and all my financial information. I've already called the real PayPal and they reversed the charges, but now I need to have the remote access removed from my machine as it's my life line. As an elderly lady, I can't get out and need to use this machine. I've also tried to access my credit cards online, but I keep getting an error in my web browser. Something is definitely not right! Can you PLEASE help!? "

My response:

This is yet another twist on the Microsoft tech support scam; this time, scammers in India are posing as PayPal agents. Of course, the real PayPal will never, ever ask to connect to your machine in order to login to your account to "check things over."

Unfortunately, the email that Kathleen received was incredibly convincing. The mistake she made was calling the phone number in the email, where she got in direct contact with scammers instead of PayPal. From there, they were able to acquire all her financial information, including her bank accounts and credit cards attached to her PayPal account.

But, as I've mentioned many times before - this scam goes much deeper than that!

Here's What Really Happens When You Let Cyber Criminals into Your Machine

Based on my experience in dealing with this scam and similar scams like it over the last 6 years, it goes WAY deeper than handing over your PayPal login and financial information to scammers.

Here's what really happens:

When you call the fake PayPal technical support, they will ask to connect to your machine to "check things over". When this is done, they will then tie you up on the phone for as long as possible (sometimes for hours), switching you in between "agents", claiming they are "examining the problem".

The most obvious part of this scam is to get you to login to your PayPal account and/or ask for your password. When they have this information, they can use your PayPal account / bank account / credit card to rack up unauthorized charges. This usually happens immediately.

What most people don't realize is that while you're being tied up on the phone, scammers are rifling through your machine (remotely) for financial information, including tax and bank statements, passwords to important websites, and similar. They can do this without you even seeing what's happening (using an administrative command line via SSH secure shell). They then download as much of your information to their servers for later processing. I've mentioned this many times in my tech support scam articles, including the latest one by Easy Net Experts.

The pain doesn't end there, however.

Scammers will also install multiple remote access backdoors on your machine, so they can get back in whenever they want in order to monitor your activity. They can do this without you even knowing they are connected to the machine. They will also install malware that is capable of recording your keystrokes, which means any passwords you use to access financial institutions goes right back to them - even after you've changed your passwords.

The remote access backdoors and malware that are placed on the PC / laptop must be removed PRIOR to having the bank or credit card company issue you new cards, otherwise you'll be feeding this new information right back to the scammers.

With the remote access enabled, scammers will also infect your machine with a fake virus alert. The alert may not appear right away, but two days, two weeks, or two months later you'll be on Amazon.com's webpage, when suddenly a red screen will appear, claming your PC has been hacked. The fake alert will then prompt you to call a 1-800 number to "fix" the "problem". This will inevitably lead you more scammers that will try and sell you fake tech support for ridiculous amounts of money - usually hundreds or thousands of dollars. This scam will repeat indefinitely until you run out of money, your bank accounts are drained, or you wise up.

Scammed by PayPal Technical Support? Here's What to Do

Now that we know what's really happening, here's what you need to do.

1. First, power down the machine and do not use it until it can be properly cleaned. If it's powered off, scammers cannot connect to it.
   
   In terms of having the machine cleaned: you are free to take your PC or laptop wherever you prefer, though please be advised that most computer geeks / computer stores have absolutely no clue where to look to undo the damage caused by the scammers.
   
   As a senior systems administrator (view my resume here), I've been dealing with this scam for over 6 years. I can tell you that based on my experience, the scammers don't make it easy to remove their remote access backdoors on purpose - they want your money and will do everything in their power to get it.
   
   With my experience, I know exactly where to look to undo the damage caused by these scammers; I will also advise you on how to keep your money safe. The same is not true if you take it elsewhere. Oftentimes it's a crapshoot as to who is working on your machine - this is especially true if you take it to Best Buy (Geek Squad), for example.
   
   I had one client take his machine to Best Buy and specifically asked them to remove the remote access and malware. It didn't cost him anything extra because he had already paid for a yearly service to Geek Squad. When he got it back, I connected to the machine and looked at it. Geek Squad missed 5 remote access backdoors, and they didn't even remove the malware that was still on his desktop. He was no better off than before he gave them the machine to work on! You have been warned!
    
2. If you hire me: once the machine is cleaned and remote access backdoors have been removed, I will consult with you on how to retrieve your funds and secure your accounts. If you don't hire me, you won't get this service - that's because Geek Squad and similar places simply don't have this knowledge or years of experience like I do in dealing with this scam.
    
3. Don't answer the phone if "PayPal" calls you back - and believe me, they will!
   
   Based on my experience in dealing with tech support scams, scammers like to do fake follow up call to make sure you're happy with their fake technical support services. This is all part of the illusion to make you feel like you've been in contact with a legitimate firm. If they call you - don't answer the phone, even if the name says it's PayPal, because they can spoof the caller ID to make it look like the call is coming from "PayPal".
   
   The only time you should be in contact with the real PayPal is when you call them using PayPal's website via the "call us" button. It's also worth mentioning that scammers also flood search engines with fake 1-800 numbers and fake websites in hopes of duping people into calling them - for example: "paypaltechnicalsupport.com", or such. Please understand the difference here - you should ONLY get in touch with PayPal via the paypal.com website and none other - (the link is here if you need it)!
    
4. Also be advised that your name and phone number will be shared with other scammers. Don't be surprised if the "IRS" calls you in the next few weeks, claiming that your account has been hacked and they need the last 4 digits of your bank account to "prove your identity". This is yet another scam! If the repeated harassing (scam) phone calls bother you, consider changing your phone number.

Moving forward, never, ever give ANY financial information over the phone and certainly don't let anyone connect to your PC / laptop to perform "technical support services" - especially if it's someone with an Indian accent!

Update 20200221: There are two more twists on this scam: (1) scammers are making calls from 866-292-7999, posing as "National Recovery Group" (a legit collection agency), stating that you have/had a paypal account and you owe money on an outstanding balance. They will then ask to connect to your machine and have to login to your PayPal account and/or have you go buy gift cards (Amazon, Walmart) to "pay off the debt." (2) If you search Google for "paypal contact" or "paypal technical support" (for example), you may come across pages that provide a fake PayPal phone number which is actually direct contact with PayPal scammers, such as 888-221-1161.

Feeling Overwhelmed? I'm Here to Help

If you're reading this right now and you've been scammed by fake PayPal technical support scammers - don't worry, you're not alone. I have been helping clients with this scam for over 6 years and can help you recover your funds, make your machine safe to use, and advise you on any concerns you may have.

If you need help, simply send me a message briefly describing the issue. Don't forget to include your phone number and I'll email or call you back as soon as possible - typically after 1 PM EST as I'm on the midnight shift, busy helping my many clients around the world.

"But, Dennis - How do I know you're Not a Scammer, too?"

I've been publishing online since 2001 and have written 6 books on MS Windows, Internet and Security - that's how you found this article. I get emails all the time about this scam and other scams like it; some people even ask me "How do I know you're not a scammer, too?" My response to this is that you can read my articles I've published over the last 19 years and also review my resume. I can also provide legitimate photographic evidence that I am who I say I am.

Based on that, you should be able to understand that I am in fact legitimate, compassionate, and am more than willing to lend a hand - simply contact me, briefly describing the issue and I will get back to you as soon as possible.

About the author: Dennis Faas

Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.