Anatomy of a virus call centre scam

I just had a call from a very nice women who appeared to be from the subcontinent and wanted to help me remove viruses from my computer. Normally I’d dispense of such callers in a pretty quick, ruthless fashion but given the nature of this one I thought it was worth recording and sharing. It all unravels and the gig is finally up at the 23 minute mark. Enjoy!

TL;DR: Here are the steps they wanted followed:

  1. Open the event viewer then establish there are errors and warnings (there as viruses).
  2. Open the Windows prefetch folder and establish there are files in there (these are infected with the aforementioned viruses).
  3. Claim my Windows license needed to be renewed and that it would cost $315 Aussie.
  4. Open and run their remote desktop software with the code 226841.

Clearly this is where I stopped. LogMeIn (the provider of the remote desktop service), is a perfectly legitimate organisation and I’ve contacted them to report the incident and the code used.

This is obviously a pretty organised scam. They put me through to three different people and you can hear a lot of call centre activity in the background. Given the generally well organised nature of the scam I’m surprised I kept them going for nearly half an hour (there were a few minutes before I started recording), but I guess it’s all part of establishing the FUD. Nasty stuff.

Update: A lot of people were wondering what the scammers would have done had they gained access to the machine - so I called them back. Watch the whole thing in my post about Scamming the scammers – catching the virus call centre scammers red-handed.

Security Scam
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals