Slashdot Mirror
Microsoft Dumps Partner For Fake Support Call Scam
An anonymous reader writes "Microsoft has broken its relationship with one of its Gold Partners, after it discovered that the partner was involved in a scam involving bogus tech support calls. India-based Comantra is said to have cold-called computer users in the UK, Australia, Canada and elsewhere, claiming to offer assistance in cleaning up virus infections. The calls used scare tactics to talk users into opening the Event Viewer on Windows, where a seemingly dangerous list of errors would be seen. This 'evidence' was used to trick innocent users into believing they had a malware infection, and for Comantra to gain the users' confidence. Duped users would then give permission for the support company to have remote access to their PC, and hand over their credit card details for a 'fix.' Security firm Sophos says that internet users have been complaining about Comantra's activities for over 18 months, and it has taken a long time for Microsoft to take action. Comantra's website still retains the Gold Certified Partner logo, although their details have been removed from Microsoft's database of approved partners."
these tards called my parents. As soon as my old man confrenced me in they dropped. What a shocker. ..
90% of all users are idiots.
Seriously, they should start thinking about changing business after this.
Maybe Windows shouldn't have so many errors (even after a clean install).
taking fake antivirus to the next level next time just say you work for best buy / a 3th party for the geek squad.
This has been happening a lot in Australia. Now I can stop giving tech-support for my freaked out relatives after they were scammed.
I've had countless calls from various companies based in India saying they're calling on behalf of Microsoft who have detected a virus on one of my computers and are offering to 'clean' it up. I don't even say anything now. The phone gets put straight down. It's been getting steadily worse these past few months.
In a first thought, as a potential beneficiary of USA software development outsourcing, I would protest about your statement.
But then I remembered when we, on a previous job of my on an embedded gadgets for automobiles industry, outsourced some device drivers to a certain country, well known (now) for some not so orthodox behavior on the Software Industry.
Well, there's nothing else to say except I second that....
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
I've been dealing with customers calling my IT dept all week asking if it was us. Maybe now our calls will chill a bit
TIB
Typical Indian Behaviour
Wow, way to be blatantly racist, there. Good job.
My partner and a number of my family and friends have all had this exact call, even I did. When I received the call I played dumb a$$ and let them play around for a while whilst I learnt their scripting behaviour. It wasn't until they tried getting me to go through logmein rescue that I called their bluff and let them have it.
The thing I don't get is how logmein can allow this kind of activity to continue. Ultimately it is an easy and seemingly legitimate way for a remote user to get 'support'. I think logmein should be held equally as accountable for providing a black market interface as should be Microsoft for letting this go on for a long time.
In my 'support' call it was going to cost me $275 to finalize with the 'technician' the removal of any malware. Can you imagine a call center teeming with paki's or curries with no conscionable objections to their actions being task mastered into this and the total figures this would have amounted to over 18months?
Shame on you Microsoft! Shame shame shame.
A new low has been reached I'm affraid, and Balmer that tool wont acknowledge this I am sure...
Once upon a time, I had Indian teammates working with me.
They were not rude (normally), au contraire, but their verbal politeness did not, at least on English, cope with ours. We took some time to learn how to communicate each other with (what both sides agreed it was) courtesy.
I take a even worst time with Chinese teammates over MSN conferences (we could not manage to understand our English accents! :-D). Without visual assurance, we never know for sure when we're making a praise for a job well done, or making a joke on a stupid mistake we did! X-P (even worst, sometimes what we thought was a stupid mistake was a well job done not understood at first glance).
Our texts, sometimes, were padded with "(this is a joke)" or "(this is a praise)". I remember at least one "(I still deciding if this is a joke or not)", but I don't remember who shoot that...
Looking in distance, it was hilarious. But at that time, not so much... :-)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
I didn't know "Indian" was a race.
Basically it was some girl who sounded foreign with bad english but obviously trained in a few complicated sounding sentences... she said she was calling from "Microsoft" and that there had "been complaints in my neighbourhood" regarding some new kind of super virus. I told her to F off and hung up. She kept repeating every now and then "Sir is your computer on?" "Sir please turn on your computer" ETC so she could check that if I'd been infected by this new kind of super virus.
I'm sure they earned some money with this but you'd have to be rather demented to fall for it because this isn't exactly an english professor calling and it's not quite clear what to think/do when there have been "complaints in your neighbourhood" even if you're normally the person who falls for scams, it'd be harder if you cant understand how your supposed to get scammed.
Also the VOIP call on her end wasn't great, some of that maybe she didn't callibrate her $2 china microphone properly.
where I wrote "I take", please read "I took".
(yes, English is not my mother language... Sorry...)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
If you follow a link in the article to the original report, you'll find tons of comments about the domain names and the scam... and a few gems interspersed about the companies being so legit and helpful, in pretty broken english, by incredibly generic usernames. Those are some seriously hardcore scammers.
If it is documented that they routinely defrauded people for money, why are they not in jail?
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
I'm hoping this bad publicity puts Comantra out of business, but they'll most likely just disappear and pop up under a different name.
My family members have had calls from a few of these companies and my 84 year old grandpa was recently scammed out of around £85 and had his computer filled with their malware which really pissed me off, he'd just bought a license key for MS Office then a few days later got a call from "Microsoft Windows help desk" or similar saying they've detected a virus on his computer, blah, blah, blah, install our software, pay us money and you'll be fine.
We really need somebody to go after the people who actually process the payments, if the scammers could only accept payment through western union or bit coins it would trigger a lot more alarm bells in their victims heads. Given the right circumstances even intelligent people who are just a little naive can be taken in by these scammers.
I am a computer tech in Alberta and many customers have come in describing this scam. Its been going on for months. Does anyone know if their computers are somehow compromised permanently? Is a format and re-install an appropriate response to someone who has been duped by this scam?
ah! so those were the vulgar assholes that kept calling! Dumping was too easy, whole lot of them should have been hung.
No. It might be cute to think so, but the answer is "no."
...collecting money from companies running Linux?
There's a lot of things you don't know, clearly.
http://en.wikipedia.org/wiki/Racism#Definitions
That should help.
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
"After spending two hours trying to solve a print problem, I remember co-mantra and with the repeat very patient and competent help, i can now relax. Many thanks co-mantra, I have a felling that it was a good day when i joined your organization."
Yeah, that's about the gist of all the comments on their website. They are all from English sounding names (James Wood) that use constructs nobody would use.
"...repeat very patient and competent help..." yeah, rinse and repeat.
"...felling..." I've got a feeling it's a scam alright
"...i joined your organization..." just to get help support, goodness me, all that traveling
And then you start looking, and find out that nobody of the "commenters" uses uppercase "I" except at the start of sentences. Hmm, might I suggest that all this was written by the same person?
I didn't know "Indian" was a race.
It's as meaningful a racial grouping as any other.
Corollaries are left as an exercise for the reader.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Most computer users aren't geeks, and they don't know how to tell if their computer's infected or not. What they do know, however, is that every single version of Microsoft Windows is full of security holes and that there are millions of viruses, trojans and other malware out there looking for computers to infect. If that weren't true, if Microsoft would clean up its act and put out an operating system that was designed from the bottom up to be secure this type of scam would be impossible.
Good, inexpensive web hosting
This is similar to the car warranty call scams of a couple of years ago. "Hello, your car warranty is about to expire, blah blah blah."
The scammers do not care that you are on whatever DNC registry exists in your country. They call anyway, using false phone numbers. And call multiple times a week.
I used to make a game of it, seeing how long I could keep them on the line.
My best was 30 minutes, ending with "You do realize that the only reason I am talking to you is to keep you from bothering some other person at dinnertime, and that you will never, ever get a dime out of me."
Serious question - if the payments are made by CC, can't you just go to your CC provider, dispute it as fraudulent, and have it charged back? Or are the CC providers of the 'you consented, tough luck sucker' mindset?
I have had lots of these and last time I said I didn't have a PC, then they asked if I had a smart phone, so I said no, then they asked if I had a smart TV, again I said no. but I did add helpfully that I had a calculator... they hung up
Normally telescammers will drop the call as soon as it's obvious you won't bite. Neither of these guys did. I berated one for a whole 5 minutes (calling him a scammer, asking him why he was still on the line, etc.) before he dropped me, with him trying the whole time to convince me he was legit. The other guy stayed on while I joked around, pretended on-and-off to be paying attention to him, and again told him I knew he was a scammer. Either they're not allowed to hang up, or they're very very optimistic.
Then again, it's possible that the minimum wage staff in their call centre honestly believe that the script they're following is legit.
From the calls I've got myself and the ones reported by others, it really sounds like the callers truly believe what they're saying and don't know much better.
Holy Mackerel. My mother-in-law actually got one of these calls. She said someone with a nearly unintelligable accent had called saying he was from her ISP and he could see that her computer had a dangerous infection.
Now, mother-in-law is one of the most internet-savvy non-geeks I have ever met. Her first response was "how? the computer is turned off." He babbled something about how they could still tell and insisted she turn it on right now and follow his instructions very carefully. She said he was very excited and talked very forcefully and urgently.
She told him no, she didn't think that was necessary, her son-in-law does all her administration and she was pretty sure her computer was safe. He abruptly hung up. She immediately called me and told me about it. I asked her to boot up, logged in remotely, poked around and started a virus scan. Nothing. Obvious scam.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I got one of these calls, as soon as he mentioned where he was from (he said Microsoft), I told him that I was more qualified than he was and he hung up on me. Next day my sister got the same call, and she actually started following their instructions and whenever she got annoyed they would change operators. They got into her PC and started getting her to fill in personal details, they were already had remote desktop, they just needed her to fill in the blanks, which she was uncomfortable with (and SMS'd me at the same time). I rang her quickly and told her to unplug it from the wall and power off the machine ASAP, and tell them where to go (not a nice place of course). This company continued to harass her with calls trying to finish what they started. They got her to install a program called "AMMYY". I did my best to disinfect her PC, but am still worried they might have got something passed me.
For all the non-tech savvies out there, do what I've trained my mother to do; tell them her spouse or child is a computer technician and will be home shortly to sort it out. They don't ring back. Call their bluff even if they know your name, this is easy to get now-days. It's a pretty safe bet for them to ring a number at random and find someone that has windows on their pc.
I like these calls. If it comes in an evening and I have nothing to do I try and drag them out for as long as possible. The enjoyment hearing the reaction of the person at the other end when you finally tell them you work in IT, know it is a scam and that you were dragging the call out so that they had less time to call other people is priceless. Think the longest was a bit over an hour before I got bored with it.
taking fake antivirus to the next level next time just say you work for best buy / a 3th party for the geek squad.
I am not familiar with this 3th, is it some kind of drink?
</sarcasm>
I've had them ring me on numerous occasions and it's become sport in my house to waste their time. Because they usually start off by saying your ISP has asked them to ring because they noticed we have viruses, so we just have to ask them questions like "who is my ISP?", "which computer as I have several?", or sometimes it's taken 45 minutes for my computer to start up while they're waiting, but my youngest son (age 11) stops them cold with, "but I have an apple computer". We have a good laugh at their expense.
Just tell them at the end you are Chris Hansen (in your best Hansen voice) with Dateline NBC, also a partner of Microsoft and we are going after scammers ripping people off over the phone and ask them if they have anything else to say before we hang up.
This is also an example how cheap and inflated that title is. A scam in itself. You do not have to co-develop WIndows OS. To get it it is enough to fill a questionnaire or have someone in your organization with a Microsoft certificate. Besides that you may be a scammer or whoever else.
When they rang me I pushed the button to go through to an 'advisor', he started the sales patter then I interrupted him and said "I'm an IT security expert, any chance you can take me off your list because your scam won't work with me".
He said "Oh yeh sorry about that I'll do that now for you".
I haven't had a single call since.
I also told absolutely everyone I know and work with to just take the call and then tell them they had paid support with another company, that also stopped all their calls.
btw, 90% of users are NOT idiots, if IT isn't your specialisation then you don't understand it you just want it to work, not understanding IT doesn't make you an idiot.
How about never trust a cold caller?
What does the race have ANYTHING to do with it. A cold caller wants your money and doesn't know you from a bar of soap.
AMMYY is a remote desktop program (http://www.ammyy.com/en/solutions.html) and it makes sense why they'd try to get someone to install it.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
i wonder why this got modded down?
though it's not a completely fair model of outsourcing, the only part it misses is that quite often the standard of living is improved in the country outsourced to (not just the top 1%).
of course, that corresponds to a subtle drop in living standard in the country outsourced from...
i wonder if those free market types are aware that they have the same goals as communism?
I actually had these calls, and it's much more sinister than this article makes out. The first couple of times I got the call I just told them to go screw themselves, but by the third time I found myself interested in what the scam was. I booted up a VM and played along with their whole Event Viewer deal, and gave them access via their remote support tool. They asked for my card details, which I responded to with fake details. It seems they didn't actually try to put any payment through immediately, though, because they weren't alerted by the fake info. A little worrying, because it implies that they were "saving them for later".
Here's the part the article misses out - what they install as a "fix" is in fact spyware, which collects browsing information and Outlook emails. I got in touch with the phone company and found the company name and, upon discovering that they were a Gold Partner, immediately reported it to Microsoft along with a copy of the spyware. The response I got was rather generic and bland, so I can't tell if Microsoft knew about the malware side of it beforehand, or were just discovering it. Maybe the scam didn't initially involve the spyware, I don't know.
This was about a month ago, so I can't help but feel that the added threat of spyware is what tipped it for them. I just don't understand why they didn't drop them over a year ago when the issue was first raised.
Scam artists do the same thing in many specialized fields--stock-based Ponzi schemes, cherry picked or badly reported statistics (typically surveys, often with ignored error margins), crap new age philosophy promising wealth based on quantum physics, Nigerian prince bank transactions, etc. Sometimes they can be recognized from general principles, like when they come to you instead of you coming to them, or when the things they say are too good to be true. Other times it's really hard to sort out the truth from plausible fiction, like that old line that 75% of all people who have ever lived are alive now. Statistics are particularly bad in this way. They're wonderful in skilled and honest hands, but they're terrible in the hands of a novice or a manipulator.
A lot of older people just aren't used to dealing with scams. I imagine scams like these will need to become significantly more sophisticated as more tech-savvy generations age.
If you look at the image of the Comantra web site in the PCPro article you may notice that they copied the KMail icon for step 1 and step 2 shows a copied Macbook icon (for a Windows "support" site)
Unicode in Slashdot
These clowns have rung our house at least 6 times. They always said they were calling from the "IT department." When I told him my house didn't have an IT department it didn't deter him in the slightest! Everyone I know has been called at least once here (in NZ). One time I strung the guy along for a while. I kept getting f and s confused when he was trying to get me to type stuff. Eventually I told him he ought to be ashamed of himself participating in a scam and that he ought to quit and go do something he could be proud of. I guess the 20 mins I'd wasted fumbling around in the event viewer with him had taken a greater toll on his patience than he could bear because he flipped out and swore at me!
I've had dozens of these calls. And decided it was time to take action.
These guys are in it for a business. Their business model relies on getting through a number of calls per day and getting the credit card details every time.
So hit them in the wallet.
I keep them on the phone now, play dumb, agree to what they say. But DONT actually do it!
The more time they are on the phone with you, the less time they have to rip someone else off.
For the more adventurous of you... Start trying to catch them out :)
I asked what version of windows he thought I had... I'm actually on a macintosh.
I asked what IP address did he think I had.. He made a good guess and got close to my 192.168 internal IP, but claimed 'another team' would know my public facing address.
I asked for details on what he was going to do...Wasnt willing to tell me.
So I started talking about what was on TV, what I was having for Dinner.
Eventually he told me to fsck off and hung up on me. Time elapsed about 10mins.
Next step..I'm thinking a throw away VM machine with a 'Department of CyberSecurity' desktop background and let him remote onto that. Then start running some tracert and netstat dialogues while he's connected. Just to see if I can feak them out abit.
My elderly neighbour got scammed by this lot. They actually knew some information that could have only have come from a previous support call to her ISP -an ISP that has a call centre in the same Indian city. I've since learnt that a number of Indian call centre firms are selling data to scammers, and that the Indian authorities don't give a damn since it's bringing in foreign revenue.
I've employed a few responses, including:
1. Immediately putting the phone down.
2. Letting them rabbit on, trying to convince me that I'm in danger of nasty viruses. (ok if I've 15 minutes to spare)
3. Letting them identify themselves then blowing a mountain rescue whistle down the telephone mouthpiece.
The problem with putting the phone down is that they seem to be able to defeat the phone hangup signal and stay on the line for several minutes. If they're not still jabbering away, its possible to hear office chatter and other voices trying to convince people that they have a virus. Playing them along is fun to a certain extent, particularly if you impersonate a clueless user but if you've been called away from a meal then it loses its charm. The whistle is a hoot. It certainly clears the line, they even hang up quickly!
What does Slashdot think about retributative action? I'm inclined to set up a honeypot system so I can follow their instructions and connect to their malware/virus computer; see if there is a way to inject some pain back into their lives?
Should be fun, eh? :-)
Taking a stand like this should just be the tip of the iceberg, but unfortunately, this is only to bring up stock prices temporarily. MS has a long way to go before they do the right thing all around. Many companies associated to them have practices resembling this....
I suspect you got modded down by someone who profits from outsourcing on the buyer's side. The CIO who chooses outsourcing often gets some nifty perks and -- best of all -- a happy landing if he/she gets fired when the outsourcing strategy goes into epic fail mode. In the short run, it scores brownie points with CFO and CEO types while maintaining one's membership in the executive golf committee. When things go wrong, a smart executive knows how to get paid for failure. I know of several CIOs who bungled major outsourcing initiatives. Each of them landed a job with the outsourcer or a nifty promotion to another company where the same outsourcer already had a big presence. Nothing can propel your career like a well-managed failure. There is money to be made by properly managing a cycle of fail.
Below the executive level, you have the entire food chain of outsourced employees, who do the same jobs that conventional employees did before. Remember that many companies have dreadful salary scales for IT. In a past life, I had arguments with my HR department's treatment of IT positions. In many cases, they "require" a BSCS or above, while offering a salary less than an executive secretary. Sometimes outsourcing is the only way a company will allow itself to get a halfway intelligent person to work in IT. The stereotype is that good paying jobs are cut and cheapie temps take over. Employers love the concept, but reality can be a different story. The temp jobs are not always temporary and the hourly rates can be several times what a "permanent" employee would cost. But you won't find that in the brochure.
And lets not forget the additional people who work in the overhead departments of outsourcers. You have accounting people, a large well-paid sales department, and various executives that form the basis of a corporate management team that would not even exist if companies managed IT internally. If any of them are reading your post, they'll mod it down too!
Sometimes employees get screwed by outsourcing, but at least half the time it's the customer who gets fleeced. If you can't be part of the solution, there is money to be made by prolonging the problem.
howzabout not giving confidential information, like your credit card number, any Jim, Lakshmi or Boris that calls you up ?
Doesn't matter if there's a compootor involved or not.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
He will, but only if their company hijacks 4 planes, blows up 2 buildings, attacks the pentagon with one of the hijacked planes, and kills a few thousand civilians.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
I've had the same experience with Indian and Chinese coworkers. You did a good job describing it despite using a non-native language. I never thought to explicitly state my mindset in order to avoid misinterpreting each other, what a good idea! (this is a praise)
Man, you really need that seminar!
Spent almost 1/2 hour of their time. Kept asking them to repeat everything.(disabled my internet connection first) and got to the Event Viewer. ... other calls I simply say "are u still trying to pull that scam?" and hang up.
Read of ALL the error reports to him even though he kept trying to interrupt me.
Finlay got to the "supervisor" and told her I had had fun , wasted enough of my time and theirs , and hung up.
BTW it was Saturday AM and I was feeling in the mood
But the problem here isn't computer savvyness. The problem here is people trusting a stranger on the phone coming up with some vague story about their computer. Anyone with half a brain would (should at least) be suspicious of that, computer knowledge or not.
I've had 2 recent dealings w/ this. 1 from my Aunt in NB, running a MAC & 1 a client, here in Calgary, running a PC w/ Win XP. BOTH said (to themselves) this doesn't smell right & called me BEFORE & W/OUT following through by giving money or any personal info. Saddly others will & do follow through w/ such criminals.
Always REPORT these things, if & when they happen to you!
Yeah there was a couple of month when Mobilicity and Wind customers were getting random calls from India and some strange people were trying to talk them into wiring money somewhere. That was really bizarre, 'cause people who called had heavy accents and were really, really rude - not a good way to scam at all. :) Glad that problem is now solved.
Immigration to Canada