Thursday, 13 October 2011

Anatomy of a virus call centre scam

Thursday, 13 October 2011

I just had a call from a very nice women who appeared to be from the subcontinent and wanted to help me remove viruses from my computer. Normally I’d dispense of such callers in a pretty quick, ruthless fashion but given the nature of this one I thought it was worth recording and sharing. It all unravels and the gig is finally up at the 23 minute mark. Enjoy!

TL;DR: Here are the steps they wanted followed:

  1. Open the event viewer then establish there are errors and warnings (there as viruses).
  2. Open the Windows prefetch folder and establish there are files in there (these are infected with the aforementioned viruses).
  3. Claim my Windows license needed to be renewed and that it would cost $315 Aussie.
  4. Open www.support.me and run their remote desktop software with the code 226841.

Clearly this is where I stopped. LogMeIn (the provider of the remote desktop service), is a perfectly legitimate organisation and I’ve contacted them to report the incident and the code used.

This is obviously a pretty organised scam. They put me through to three different people and you can hear a lot of call centre activity in the background. Given the generally well organised nature of the scam I’m surprised I kept them going for nearly half an hour (there were a few minutes before I started recording), but I guess it’s all part of establishing the FUD. Nasty stuff.

Update: A lot of people were wondering what the scammers would have done had they gained access to the machine - so I called them back. Watch the whole thing in my post about Scamming the scammers – catching the virus call centre scammers red-handed.

Tags:

comments powered by Disqus

Leaving comments is awesome, please do. All I ask is that you be nice and if in doubt, read Comments on troyhunt.com for guidance.