Three weeks ago, Jack Friedman got a call from a man with an Indian accent claiming to be from the Windows technical team at Microsoft. Friedman, a Florida resident who is my friend Elliot's grandfather, was told by "Nathan James" from Windows that he needed to renew his software protection license to keep his computer running smoothly. "He said I had a problem with my Microsoft system," Friedman told me. "He said they had a deal for $99, they would straighten out my computer and it will be like brand new."

Friedman's three-year-old Windows Vista computer was running a bit slow, as many PCs do. Friedman is often suspicious of unsolicited calls, but after talking with Nathan on the phone and exchanging e-mails, he says, "I figured he was a legitimate guy." Friedman handed over his Capital One credit card number, and the "technician" used remote PC support software to root around his computer for a while, supposedly fixing whatever was wrong with it.

"I could see my arrow going all over the place and clicking different things on my computer," Friedman said. But that $99 Capital One credit card charge turned into a $495 wire transfer. Then Bank of America's fraud department called Friedman, and said, "somebody is trying to get into your account." Whoever it was had entered the wrong password multiple times, and as a precaution Friedman's checking account was shut down.

Capital One restored his lost $495, but the hassles didn't end there. Because of the action Bank of America took, Friedman's checks started bouncing. He's had to change passwords on all his accounts, get new credit cards, and pay a real computer technician $75 to clean out all the junk installed by the scammer.

Friedman is one of thousands of people hoodwinked by this Windows tech support scam, which authorities say has bilked unwitting PC owners out of tens of millions of dollars. Friedman's story shows that the scam is alive and well even though the Federal Trade Commission shut down a bunch of the companies allegedly doing the scamming, as we reported in early October. The FTC filed six lawsuits against more than 30 defendants, a number of whom are in settlement talks with the FTC to end litigation.

Those lawsuits show that the Windows tech support scammers are often just as likely to fall for a good con as anyone else.

To catch a thief: One phone call is all it takes

The Windows tech support scammers all follow the same general script. There are nuances and differences, but the process of convincing people who answer the phone that their PCs are riddled with viruses never changes too much.

You might think that if you spent your whole day calling people on the phone to scam them, if your paycheck depended upon fooling the gullible, that you'd be pretty good at detecting a scam yourself. But ultimately, the people doing the scamming aren't likely to be the masterminds. They're just the work-a-day drones doing their employer's bidding—perfect targets for the undercover investigators at the FTC.

When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn't spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.

Declarations and transcripts FTC agents filed in US District Court in Southern New York show just how the operations went down. These documents were filed along with the initial complaints, but for whatever reason they did not make it onto the Public Access to Court Electronics Records (PACER) system.

“Did you just call me?”

In a typical Windows tech support scam, the scammer calls up a random person, informing them that their computer has been hijacked by viruses and that the scammer knows this because as a member of the Windows technical support team they can track any computer connected to the Internet. Next, the scammer directs the victim to look at the Windows Event Viewer, a standard part of the Windows operating system that displays mostly harmless error logs. From there, the scammer convinces the victim that these error logs are signs of serious infections and that they need to pay some cash to make the infections go away.

They couldn't even verify whether they had previously called the number used by the undercover FTC agent.

We previously regaled you with the tales of angry and creative citizens of the Internet who turned the tables on the scammers by performing elaborate trolls , and also of Ars editor Nate Anderson’s experience playing along with a scam call in order to document what happened.

But that requires waiting for one of the calls to come. What if it doesn’t? The FTC’s strategy of gathering evidence involved having trained agents go undercover as helpless consumers. No surprise there. But instead of waiting for a call, the FTC’s investigators called up the scammers themselves, using undercover identities not associated to the FTC.

"On or about February 14, 2012, when I dialed (888) 408-6651, a representative answered, ‘Thank you for calling tech support. My name is Victor. How may I help you?’ I said that I had a received a call, the caller had said something about my computer and Microsoft, and that I wanted to know what this was about."

So begins one of the meaty parts of a declaration by FTC investigator Sheryl Novick, who conducted the stings along with FTC paralegal specialist Jennifer Rodden. Novick hadn't received any call—she just called one of the numbers that appeared in numerous consumer complaints. Novick's statement comes from a case against Zeal IT Solutions, but most of the stings went down the same way. Novick's declaration continues:

Victor said they were a tech support company, providing service mainly to Windows users. He told me the name of the company was "Support One Care" and later said they were located in the Eastern part of India. After taking my information, Victor explained that I got a call because they were doing a check-up call for the computer. He asked if my computer was facing any problems but I told him I wasn't sure. He said he was with the technical department and that he'd have to connect me with the registration department and they would call me back. He said I could view their website at ‘www.supportonecare.com’ to see the details of the services they provide. We hung up because he said he would call me from his number to show me the computer's infections. But he called me back shortly after to tell me someone else would be calling me soon. I received a call back that same day from someone who identified himself as Robin Wilson from the computer technical department of Support One Care. He said they were calling me "because from the past two months, whenever the Windows user have been going online, at that point of time, some malicious infections are automatically getting downloaded... 90 percent of the Windows user have these malicious infections in their hard drive." He said they were calling to make me aware of the infections.

And the trap was sprung. Although the scammers typically tried to hide their identities and locations by using voice over Internet protocols, they didn't do much else to protect themselves. Windows tech support cold callers have told some victims they have a massive database notifying them each time a computer connected to the Internet is infected. In reality, they're not so omniscient. They couldn't even verify (or just didn't bother to verify) whether they had previously called the number used by the undercover FTC agent. The scammers took the FTC agent's statements at face value and played along more than enough to get shut down and hauled into court.