Slashdot Mirror
The Unstoppable 'Tech Support' Scam
Barence writes "A pernicious new type of scam is targeting British computer owners, reports PC Pro. The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise. The spoof site behind the scam is approved by McAfee's Site Advisor and bears Microsoft logos, something which both companies have failed to act upon. Meanwhile, an assortment of British regulators have said there is nothing they can do to stop it."
God, there are some real scumbags in the world.
"I bless every day that I continue to live, for every day is pure profit."
You can only do so much to save the end-user from themselves.
How dumb do you have to be to fall for this one? The kind of people falling for these must be same ones who fall for the "suspicious activity in your bank account" scam.
Nothing to see here, move along.
Summation 2
The only thing you need to stop this unstoppable scam is for people to be unwilling to shell out a significant sum of money to some c**t who calls them up out of the blue.
I mean, £185, when you didn't know there was anything wrong with your computer in the first place? You'd need to have more money than brains to shell out for that.
It's like the one where some dubious company persuades you to install some new version of their operating system claiming that it's super fast and totally secure, etc. etc. and then after six months your machine crawls to a halt unless you give them more money for the next version which is faster, more secure, etc. etc.
Oh wait...
Once I was a four stone apology. Now I am two separate gorillas.
What is the difference between this and the tech support offered by most companies?
slashdot troll = you make a compelling argument I do not like the implications of.
Perhaps they could get the people who have been scammed to report the telephone number and work with the teleco's to find out where the scammers are hiding?
This worked in my city when Scammers would steal wallets and purses and then call later claiming to be the police, and to meet them in "unmarked white police vans".
It's true, you can't fix stupid - but the smarter ones can... you know... at least provide useful information aiding in the capture.
Its funny how much creativity goes into these scams - they're more elaborate than any morally acceptable way of making money! I'm sure that creative energy could be used in a more positive way. However its probably the case that these scams feel easier than positive work.
It's hard enough to remember my opinions, never mind the reasons for them..
This does provide yet another argument against the camp which thinks that understanding the tools they use is not important.
The message I get from all this is that computers really aren't ready for prime time. They're more like automobiles from the first decade of the 1900s.
For justice, we must go to Don Corleone
I get calls once or twice per month that start out like this. I usually just yell "NOOOOO" like I'm dying into the phone and promptly hang up. It's good for a chuckle.
But seriously, warn all your normie friends about this. My parents were surprised such a thing would be a scam, and my mom's sister even got popped for $90 by these people. Of course, after I told her about it and she tried to call them back, the number was "no longer in service".
Education about the scam is the only way to avoid it.
... and tells them that Microsoft has detected a virus on their PC
Believing that Microsoft knows or cares if your machine has a virus is flat out ignorant. Being okay with the idea that Microsoft could monitor you is even worse.
Never mind shelling out hundreds to an stranger for doing nothing -- how many people are really so dense?
Sounds exactly like a telephone scam now happening here in Chile.
:-)
They call old people telling them that their grandson is involved in some sort of a car accident, and need money for bail or pay the affected part for the damages, anyway they tell them that if they don't get the money his/her beloved grandson will be in jail for a long time
Then, they ask for the address to send a messenger to pick up the payment, in terms of cash, LCD TV, Blu-ray, etc.
And people fell for it... even the ones without a grandson
How exactly does open source prevent social engineering scams?
I believe what they meant by that comment is that there is nothing regulators can do to stop people for falling for social engineering scams. In what way do you presume them to be able to do so?
How so?
People still don't understand cars and if ANYTHING goes wrong with them, they don't know why.
Consider, also, that a computer's software is custom to each person as they add in more software packages and settings.
That's roughly akin to someone buying a car and having custom parts put on without knowing much of what they do. They still have no clue when something goes wrong.
How many people can do much more maintenance on their car than fixing a flat tire? That's not much different than someone knowing how to run an antivirus once in awhile, imo.
Just like the poster you're replying to was saying, it is important to understand the tools we use so we know how the things we use work.
If we don't understand that then we're just as much in the dark be in computer trouble or car trouble.
So you think an automobile scam along similar lines today wouldn't work? Get the list of automobile type ownership from the licensing authority (most sell this information, or its easily available elsewhere), cold call the owner and inform them that a voluntary safety notice has been issued on their vehicle, would they like priority booking for just $99 over the phone...
Uninformed people are still uninformed, regardless of how long the technologies been around.
Are you implying that there are no dishonest garage-men who charge $700 for replacing a $35 part? And that there are no car enthusiasts who spend their free time tinkering?
The spoof site behind the scam is approved by McAfee's Site Advisor and bears Microsoft logos, something which both companies have failed to act upon
Spammers have been doing the same thing for years. The "Canadian Pharmacy" sites always claim to be "verified by visa", "hacker safe", "bbb approved", etc... Any half-wit knows how to copy the logos from some other web page and use them to make your page look more legit than it really is.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
The message I get from all this is that computers really aren't ready for prime time. They're more like automobiles from the first decade of the 1900s.
The message I get is that users really aren't ready for prime time. They're more like prehistoric monkeys.
Sacamer: Hi this is M$, we have detected a virus on your PC.
Callie: Really? What version of winblows am I using right now?
Scamer: Windows XP.
Callie: Try again there buddy, I use Linux. (click)
"Anyone who trades liberty for security deserves neither liberty nor security" --Benjamin Franklin
To counter with an example from the real world just look at the malware infections of people installing screensavers for ubuntu. Where was the magic open source pixie dust to stop them. Oh yeah it doesn't exist.
My mother-in-law had a call like this last year - they told her to type "temp spyware" and "prefetch unwanted" into the Run box on her PC to prove it was infected..
The actual site mentioned is thenerdsupport.com
I ran them through our SiteTruth system. Here's what comes out. "Rating: "Site ownership unknown or questionable. No Location. ... This certificate identifies the domain only, not the actual business.
No street address found on the site."
Compare the SiteTruth results for Geek Squad. Street addresses found, found in the US business directory, found in Open Directory.
It's not that hard to sort out the phony business sites from the real ones. You have to check business databases, not just the Web, for business legitimacy. If you just look at the web, you get bogus results like this: McAfee SiteAdvisor: "We tested this site and didn't find any significant problems." The site itself doesn't try to attack the user, so McAfee says it's good to go.
Actually, they kept calling me for weeks, every couple of days. Here's what actually happens.
It's a Bangladesh call centre.
They call up and say that a problem on my computer has been reported to them. Of course, I know this is not true. But one time, I went along with it to find out what they were up to.
They actually talk you through getting the windows event log up on the screen - and make you count the "error" entries. Of course there are error entries.
So, they say, that proves you have a problem. My parents, for example, would be completely convinced at this point.
Then they make you go to a web site, and download a remote control application. At that point I hung up. There is no way I'm giving control of my PC over to some whackjob on the phone.
They kept calling for about two weeks, every couple of days. We're on the do not call list - which in the UK means its illegal for them to call us. And they call asking for "Mr Bruce" after I answer - my wife's name and mine are different, and the phone is in her name.
The last time they called I asked to speak to their "manager" and I told them to look out the window because the police are coming to get them. What else am I going to do? Then they finally stopped calling.
Such scams are at least tried. I've had two calls to my house in the last year telling me that my car's warranty is due to expire and if I want to continue it I have to renew before the expiry date or it will cost more then twice as much to renew after that date. Would I like to renew now by card over the phone? I do not own a car and have never owned a car.
On both occasions I asked played concerned for a moment and asked "which of the cars?" at which point they hung up - obviously anyone asking any questions just makes them run as they don't have any real data other than name and phone number. Once you ask a questions about something they should know if they were who they hope the intended victim thinks they are their "cover" is blown, but they only need a few people who are not cynical/careful enough to check details in order for the operation to be profitable and said victim is no wiser until they try claim on the warranty by which time the scammers have long gone and covered their tracks.
Scammer: Microsoft detected a virus on your PC.
Callie: OMG, Microsoft ssh'd to my box, guessed a login name and password, and then escalated from that user's privileges to the point where they had read access to everything, thereby allowing them to scan my whole filesystem hierarchy for viruses?
Scammer: Yep.
Callie: Holy crap, that means I'm compromised! How do I close the hole that Microsoft used?
Scammer: Download this program, chmod +x it, and sudo run it.
Callie: Ok!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Meanwhile, an assortment of British regulators have said there is nothing they can do to stop it.
Yes, there is something that we can do to stop this kind of activity. Find the people who are doing it and kill them. That usually stops it.
We don't need the people who are doing this. They don't contribute anything. They won't be missed by anybody. And if it means that their kids will be growing up without a daddy, well, then kill the kids too. They're only children, and the apple doesn't fall far from the tree. Save the future generations grief.
While it sounds extreme and tongue-in-cheek, it's not. I realize that it feels horrible to order and facilitate the extra-judicial execution of financial criminals. But it is a feeling that decreases with each new asshole that we stuff into the wood chipper. It's good for the computer community. It gives faith to the general people that we can police our own industry. We 'take out the trash'. Gangsters do this kind of thing all the time. Plus there are too many people in the world already. These jerks won't be missed.
I don't give out information over the phone. PERIOD. Even companies I pay, if I forget to mail out a check and they ask I make a payment over the phone, I ask them if a bill has been emailed of USPS'ed. If they say yes, I say thank you, I will pay it when I get it. If they ask me to "verify" my account details, I ask them to go first. Like asking for the 3rd set of numbers on my card in question or my first 3 SS numbers. They always tell me they have to verify my identity first and I simply tell them that they called me. Then I point out that I have no way to verify who they say they are, the response is almost always "but we are Bank of America, why would I say I am if I am not, I really am!". Rarely do they understand my point: They called me and are asking for money over the phone.
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
...when I and several other people submitted it to slashdot, complete with links to the PC Pro story that ran in February IIRC.
Thanks for the public service announcement Timothy.
If only it had been put out when it was first starting, hundreds of other people might have been warned.
Grrrrr.
Justin.
You're only jealous cos the little penguins are talking to me.