Scammer identifies “viruses” in a brand new Windows Azure VM then asks to be bought porn

I thought I’d seen it all when it comes to cold call virus scammers, you know, the guys who call you up from “Windows” because they’ve had reports of viruses from your machine? I’ve recorded their audio, recorded their video, antagonised them, interviewed one of the blokes behind it, tried to tell them I was Dutch and even convinced them that I was Mick Dundee.

But this was the first time one of them asked me to buy him porn. After showing it to me. The whole thing was recorded (and then appropriately censored) and is available for your education and amusement here:

For those that don’t want to sit through the entire thing, the key points in the timeline are:

  1. 06:30 – Got through to the first scammer
  2. 23:00 – They take remote control of the machine
  3. 52:30 – They ask for my personal info
  4. 56:30 – I pull the pin on the facade
  5. 1:03:30 – It all descends into porn

Some of the key info, highlights, lowlights and things they lied about or did to the machine include:

  1. The number I called them on was 03 9016 3613 (Australia) which was provided to me by a friend who had been called by them
  2. Told me on multiple occasions that they were from Telstra (a local Aussie telco) and this was related to my broadband connection (I am not with Telstra for broadband)
  3. Asked me to stop swearing (it was very mild) as Telstra were recording the call
  4. Escalated me through three different scammers
  5. Explained how errors and warnings in the event log are viruses
  6. Searched for all .pnf files and claimed they were “the corrupted files”
  7. Ran a “tree” command from the DOS prompt
  8. The string “dopeyscammers” appears many times in the window they are able to see
  9. Pasted a message about “SYSTEM DAMAGE…” into the command prompt and claimed it showed viruses
  10. Tried to get my driver’s license and credit card info (the former is more than just financial theft)
  11. Began deleting system files when they realised they’d been had
Azure Scam
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals