Software architect and Microsoft MVP, you’ll usually find me writing about security concepts and process improvement in software delivery.
I just had a call from a very nice women who appeared to be from the subcontinent and wanted to help me remove viruses from my computer. Normally I’d dispense of such callers in a pretty quick, ruthless fashion but given the nature of this one I thought it was worth recording and sharing. It all unravels and the gig is finally up at the 23 minute mark. Enjoy!
TL;DR: Here are the steps they wanted followed:
- Open the event viewer then establish there are errors and warnings (there as viruses).
- Open the Windows prefetch folder and establish there are files in there (these are infected with the aforementioned viruses).
- Claim my Windows license needed to be renewed and that it would cost $315 Aussie.
- Open www.support.me and run their remote desktop software with the code 226841.
Clearly this is where I stopped. LogMeIn (the provider of the remote desktop service), is a perfectly legitimate organisation and I’ve contacted them to report the incident and the code used.
This is obviously a pretty organised scam. They put me through to three different people and you can hear a lot of call centre activity in the background. Given the generally well organised nature of the scam I’m surprised I kept them going for nearly half an hour (there were a few minutes before I started recording), but I guess it’s all part of establishing the FUD. Nasty stuff.
29 comments:
They tried the same thing with me, unfortunately I didnt have my wits about me otherwise I would asked them call back while I booted up a Windows 95 machine to see how they would react !
Nice work!
This really is scary stuff!! I haven't had it personally, but my parents have gotten the call, but they were savvy enough to hang up the phone. Hopefully LogMeIn (a service I have used for a long time) will be able to do something to put an end to it!
Love the way you kept them going......................alright
Thanks for confronting them in the last few minutes Troy, sounds very similar to calls I have had except I took the 'clueless user' persona. I am only 'moderately clueless' in real life.
I wonder if they will come and listen to the recording. For training and quality purposes of course.
Good stuff, I love the comment at around 18 minutes about the hold music. Serious issue, I think all IT people should just keep them on the line for this amount to stop them scamming other people.
You could have a VM for them to run that software and see what they do to the computer when they have access. :)
Should have booted up into my Windows 8 dev preview - that would have been interesting!
I've had these guys call me three times. Apparently MS identified one of it's partners pulling this scam http://nakedsecurity.sophos.com/2011/09/21/microsoft-dumps-partner-telephone-support-scam/
If you do this, make sure you hide any tray/tool icons that might give away the fact that it's a VM.
Alternatively, just speak really quietly for a bit, ask them to turn their earpiece up so they can hear you better, then blast an airhorn into the phone.
This happened to me a couple of time including one call yesterday. In two different calls I pretended to be a moron and gave them access to my computer (the computer was an XP virtual machine). In the first call I toyed with them for about 1/2 hour and yesterday it was 21:48 before they hung up on me!
Haven't listened to it yet but good on you for taking them to task. I have a Windows for Workgroups 3.11 VM but I doubt I could get Trumpet WinSock running :P It was hard enough when it was current.
Interesting - what did they actually do once they were in? I'd love to see, but it ain't happening on my primary OS!
Hilarious, but very serious. Funny how they couldn't deal with such a simple question at the end.
I am a security software specialist...what does the event log do... WHAT DOES THE EVENT LOG DO?.....haaaaaaaaaaa nice work. Got em TH!
They phoned my Grandma and she laughed at them, she has no mobile phone let alone a computer... :) Great finish I am pleased you kept them on the phone, good work.
That was excellent. I love the way you pulled them along, got their hopes up and then. BOOM! The event log question was the topper! I wish you well. Its great that you spent the time putting this up!. RC
Just watched this troy, and man, kudos to you... I've no idea how you kept your cool, I was snikering and giggling all the way through the video.
I had one of them call me a few weeks back, but only kept it going for about 10 mins before I tore them a new one, I would have recorded it but it simply turned to blue for publication.
Good job, and thanks for posting, I'm gonna spread it as far and wide as I can, so that people who are not in our game are aware of it and know what to look out for.
Cheers
Shawty
Commantra gave me a call this morning. I smelt a very large rat They are based in Newcastle, and here is their telephone number. They gave it as 0191 645 1644.
Keep up the good work, as I can see how plauseable the scam is.
Hey, thanks for that, I just called the number and started down the same path as last time. Think I'm going to set me up a little sting and do a redux of this post :)
I have heard of family members and friends here in Australia receiving calls from a similar (or the same?) group. They claim to be from Microsoft, and say they have detected viruses on the owner's computer, then presumably run them through the same process they did for you. Lucky, my family and friends haven't fallen victim to it. They know something's suspicious when "Microsoft" calls you about viruses.
Troy: thanks for sharing this. We all know that scammers in all shapes and form are out there, and their getting more and more "creative". Pretty scary.
This scam has been around for years, here's a post I made over 2 years ago about it...
http://forums.moneysavingexpert.com/showthread.php?t=2019895
I had this happen twice, the first time they claimed to be from Microsoft and needed to clear viruses from my computer. I objected and said I didn't believe them. He said if I didn't do what he said the screen would go black.
I started to wonder whether I was wrong and went along with it for about 30 mins then they asked me to put in my code and told me how to find it on the computer. At this point I asked to speak to his supervisor, someone came on and still insisted I follow their instructions. I put in the code and fortunately it didn't work so I then put the phone down and contacted my son in Asia. He said it was a scam and how it then compromises all your personal banking info etc.
I called our local police and talked to the fraud dept. While she was talking to me another call came through for her but another technique being used. She said these activities should be reported as they follow up on them all.
A few months later I had the same call and told them so and that I informed the police, they slammed the phone down.
Our friends teenage age daughter got caught and gave them access, so tell all all your kids about this.
Yeah, we get them regularly. "Hello I'm from Windows". I ask where they got my contact details from and they say "from Windows". The only "Windows" in our house are double glazed. But they continue to call us. Glad I have a mac.
You can see what happens when they connect in the video here:
http://www.symantec.com/connect/blogs/technical-support-phone-scams
You should have let it run on a VM. You would know immidiately what their true intentions were, and what they were doing. No harm to the machine, and you can take over whenever you want to.
I've got one ready for next time :)
I've done the "moron" thing as well - I've just got to try to stop myself from laughing out loud!
Just got my first call from these idiots, so decided it was time for some fun....
The best bit for me was when they couldn't understand why I couldn't find the Windows key. I was actually tempted to boot my MacBook into OSX to see how they performed!
Post a Comment