Avoid getting scammed by criminals who use UltraViewer remote access app
Written by Tomas Meskauskas on (updated)
What is "UltraViewer Tech Support Scam"?
"UltraViewer Tech Support Scam" refers to technical support scams facilitated through the use of the UltraViewer application.
UltraViewer is a legitimate remote access software which allows users to connect and control systems over a distance. Tech support scammers rely on such programs to gain access/control over their victims' devices. It must be stressed that the developers of this software are not associated with scams; cyber criminals abuse these apps for their own malicious goals.
Technical support scams are promoted on deceptive websites, and they typically involve claims about users' devices being infected but recoverable by calling "expert technicians", "technical support", etc.
How do scammers use UltraViewer?
As mentioned in the introduction, UltraViewer is a legitimate application that offers remote access/control functionalities for single/multiple devices, file sharing, chatting, etc. This program is operational on Windows XP all the way to the Windows 11 operating system version. However, like many other remote access tools, UltraViewer is misused by cyber criminals to facilitate their scams.
Tech support scams require remote access so that the scammers could variously abuse victims' devices/data for revenue - under the guise of providing "technical support" services. This is achieved through the use of software like UltraViewer.
Remote app developers are aware of the potential abuse of their software and tend to use a variety of security measures to counteract it. To connect with another device using UltraViewer, the user needs to give their UltraViewer ID and password to the connecting party. The program aims to prevent repeated access by generating new passwords for each session, which the user can terminate at any time. UltraViewer also employs preventative measures against brute-force attacks - to stop cyber criminals from forcibly obtaining said passwords.
However, there is a feature that allows for custom passwords to be set, which do not change after the session is terminated. At the time of writing, our testing revealed that it is possible for the party remotely controlling a device to set a custom password on UltraViewer.
Hence, scammers do not need to walk their victims through multiple steps on how to create such a password, as they can do so themselves upon initial access. This means that a device can be reaccessed repeatedly without requiring the user to provide their password consecutively - one instance is enough.
Furthermore, UltraViewer has an "unattended access" functionality, which the connected party can configure on the remotely accessed device. Therefore, the cyber criminals can eliminate the necessity of any user interaction past the initial one by using this function. They could then turn on the device (a feature available on certain Windows versions) and control it at any time without user consent.
As an additional measure, remote access software often displays warnings when a user is about to allow a connection from regions rife with scammer activity. Alternatively, some remote apps use geoblocking to prevent connections from specific regions/countries outright. However, UltraViewer's official website states that it uses no geographical restrictions.
We strongly advise extreme caution with any remote access software; only allow trusted parties to connect to your devices.
Note that no website can detect threats on your system, and no genuine company (e.g., Microsoft, McAfee, Norton, etc.) uses such warning sites and demand you to allow "technicians" to access devices remotely. Hence, if a page makes such claims and encourages you to call provided numbers and/or permit remote access - know that it is a scam.
Technical support scams in general
Technical support scams are promoted on rogue websites. This deceptive content warns visitors of various fake threats present on their systems. Common themes include: trojan/virus/malware infections, detected hacker activity, computer blocked for security reasons, pirated software/OS found, etc.
These fraudulent messages are often disguised as alerts from legitimate entities like Microsoft/Windows, McAfee, Norton, etc. For example, the screenshot of a tech support scam above mimics Microsoft's official website and overlays the disguise with fake threat alert pop-ups.
These scams urge users to call the provided helplines to resolve nonexistent issues. Afterwards, the scammers instruct victims on how to download/install remote access software. Once the ID/password of such a program is given to the cyber criminals, they connect to the victim's device. How the scam progresses from that point on may vary.
Typically, the scammers continue with the charade of being support/technicians and perform hoax system scans, bogus malware removal, etc. In most cases, these fake services and/or yearly/lifetime "support subscriptions" cost exorbitant amounts of money.
Criminals tend to use difficult/impossible to trace currencies (e.g., gift cards, pre-paid vouchers, cryptocurrencies, cash hidden in packages and shipped, etc.) to avoid persecution and prevent victims from retrieving their funds.
Technical support scammers can cause severe damage to devices, e.g., disable/remove genuine security software, install fake anti-viruses (require purchase, yet are nonoperational), or infiltrate trojans, ransomware, and other types of malware.
Cyber criminals usually target highly sensitive data, which they can obtain by tricking victims into revealing it (e.g., over the phone, typed where scammers claim they cannot see, through phishing sites/files, etc.) or by downloading it from the device (possibly with the aid of malware).
Information of interest may include: account log-in credentials (e.g., online banking, money transferring, e-commerce, emails, social networking, etc.), personally identifiable details (e.g., names, addresses, occupations, etc.), credit card numbers, and so on.
What is more, successfully scammed victims are often targeted repeatedly. To summarize, by trusting a tech support scam - users can experience multiple system infections, data loss, severe privacy issues, significant financial losses, and identity theft.
What to do if I have encountered/trusted a technical support scam?
If you cannot close a scam page, use the Windows Task Manager to end the browser's process. Keep in mind that the previous browsing session must not be restored when reopening the browser - since that will also open the deceptive website.
And if you have disclosed data to scammers: in case of log-in credentials - change the passwords of all potentially exposed accounts and inform their official support; for other private data (e.g., ID card details, passport scans, credit card numbers, etc.) - immediately contact the corresponding authorities.
If you have fallen victim to a technical support scam and allowed cyber criminals to remotely access your system: first, you must disconnect your device from the Internet. Secondly, uninstall the remote access software the scammers used (e.g., UltraViewer, TeamViewer, AnyDesk, etc.) since they may not need your permission to reconnect. Lastly, use an anti-virus to run a full system scan and eliminate all detected threats.
|Name||UltraViewer pop-up scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Various. Device is infected, hacked, blocked, holds pirated content, etc.|
|Disguise||Various. Typically legitimate entities: OS/ OS developers (Windows/Microsoft, Mac/Apple, etc.), anti-virus (McAfee, Norton, etc.), miscellaneous (Amazon, Google, eBay, etc.)|
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Technical support scam examples
We have analyzed thousands of online scams; "Your Windows Got Corrupted Due To Virus", "Pirated Windows Software detected in this Computer", "DRIDEX..Malware detected - Error Code: DXRW2:#19X80XD", "MICROSOFT WINDOWS With Pre-installed Mcafee" are just some examples of technical support scams.
Various scam models are used to deceive users; they range from fake virus alerts to hoax prize giveaways. The Internet is rife with deceptive and malicious content. Therefore, we highly recommend being vigilant when browsing.
How did I open a scam website?
Deceptive sites can be force-opened the moment you enter a webpage that uses rogue advertising networks. The latter can also cause redirects to scam pages when hosted content is clicked (e.g., buttons, text input fields, ads, etc.).
Spam browser notifications and intrusive advertisements promote online scams as well. Mistyping a website's domain (URL) can also result in a redirect (or a redirection chain leading) to a dangerous site. Additionally, adware can display ads that endorse scams or force-open their sites outright.
How to avoid visiting scam websites?
Scam websites are mainly accessed via redirects caused by pages using rogue advertising networks, misspelled URLs, spam browser notifications, intrusive adverts, or installed adware.
We advise against visiting/using websites that offer pirated software/media or other questionable services (e.g., Torrenting, illegal streaming or downloading, etc.) since they are usually monetized through rogue advertising networks. Pay attention to site URLs and be careful when typing them.
To avoid receiving unwanted browser notifications, do not enable suspicious webpages to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). We recommend ignoring or denying notification requests displayed by such pages (i.e., clicking "Block", "Block Notifications", etc.).
To prevent untrustworthy/malicious programs from infiltrating your system - download only from official/verified sources and approach installation with caution.
We must emphasize the importance of having a reputable anti-virus installed and kept up-to-date. This software must be used to perform regular system scans and to remove detected threats/issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Example of a technical support scam (GIF):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is UltraViewer pop-up scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Pop-up scams are messages designed to trick users into performing specific actions, e.g., calling fake support lines, allowing remote access to devices, disclosing private data, downloading/installing and/or purchasing software, making monetary transactions, and so forth.
What is the purpose of a pop-up scam?
Pop-up scams aim to generate revenue at victims' expense. Cyber criminals profit primarily by obtaining funds through deception, abusing or selling private data, promoting software, and proliferating malware.
Why do I encounter fake pop-ups?
Pop-up scams are run on deceptive sites, which are rarely accessed intentionally. Most users enter them via redirects caused by webpages using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive ads, or installed adware.
I cannot exit a scam page, how do I close it?
If you cannot exit a scam page, use the Windows Task Manager to end the browser's process. Take care not to restore the previous browsing session when reopening the browser, as doing so will open the deceptive webpage as well.
I have allowed cyber criminals to remotely access my computer, what should I do?
If you have allowed cyber criminals to remotely access your device, you must first disconnect it from the Internet. Afterwards, remove the remote access software that the scammers used (e.g., UltraViewer, TeamViewer, AnyDesk, etc.), as they may not need your consent to reconnect. Lastly, perform a full system scan and remove all detected threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you've provided log-in credentials - change the passwords of all potentially compromised accounts and inform their official support without delay. If the exposed data is of a different personal nature (e.g., ID card details, passport scans, credit card numbers, etc.) - immediately contact relevant authorities.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner is designed to scan systems and eliminate threats. It can detect visits to scam/malicious websites and restrict all further access to them. Combo Cleaner is also capable of eliminating practically all known malware infections. It must be mentioned that since sophisticated malicious software usually hides deep within systems - performing a complete system scan is essential for its detection.
▼ Show Discussion