Slashdot Mirror
Microsoft Dumps Partner For Fake Support Call Scam
An anonymous reader writes "Microsoft has broken its relationship with one of its Gold Partners, after it discovered that the partner was involved in a scam involving bogus tech support calls. India-based Comantra is said to have cold-called computer users in the UK, Australia, Canada and elsewhere, claiming to offer assistance in cleaning up virus infections. The calls used scare tactics to talk users into opening the Event Viewer on Windows, where a seemingly dangerous list of errors would be seen. This 'evidence' was used to trick innocent users into believing they had a malware infection, and for Comantra to gain the users' confidence. Duped users would then give permission for the support company to have remote access to their PC, and hand over their credit card details for a 'fix.' Security firm Sophos says that internet users have been complaining about Comantra's activities for over 18 months, and it has taken a long time for Microsoft to take action. Comantra's website still retains the Gold Certified Partner logo, although their details have been removed from Microsoft's database of approved partners."
90% of all users are idiots.
Seriously, they should start thinking about changing business after this.
Same here. They called me and my in-laws, claiming to be from "Microsoft Computer Support". I told them it was a federal offence to falsify caller ID information (The call came from "1-000-000-0000"). They hung up fairly quickly.
Maybe Windows shouldn't have so many errors (even after a clean install).
taking fake antivirus to the next level next time just say you work for best buy / a 3th party for the geek squad.
This has been happening a lot in Australia. Now I can stop giving tech-support for my freaked out relatives after they were scammed.
I've had countless calls from various companies based in India saying they're calling on behalf of Microsoft who have detected a virus on one of my computers and are offering to 'clean' it up. I don't even say anything now. The phone gets put straight down. It's been getting steadily worse these past few months.
In a first thought, as a potential beneficiary of USA software development outsourcing, I would protest about your statement.
But then I remembered when we, on a previous job of my on an embedded gadgets for automobiles industry, outsourced some device drivers to a certain country, well known (now) for some not so orthodox behavior on the Software Industry.
Well, there's nothing else to say except I second that....
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
I trolled them on the 4th time they called in a week.
CS: OK, please click on START on the bottom right...
Me: I have nothing in the bottom right.
CS: Errrrr, then right-click on the status bar at the bottom of your screen...
Me: My status bar is at the top.
CS: Oh, right-click on that, then.
Me: What do you mean by right-click ?
CS: Press the right mouse button.
Me: I only have one mouse button.
CS: Then click on the status-bar.
Me: Sure, nothing happens.
CS: What version of Windows are you running ??
Me: Windows ???? Why the hell would I run a piece of crap Windows ? I haven't had a Windows box in this house for the last decade.
CS:
They called again 2 days later, and I just started screaming in the phone until they hung up. Haven't been called since.
Once upon a time, I had Indian teammates working with me.
They were not rude (normally), au contraire, but their verbal politeness did not, at least on English, cope with ours. We took some time to learn how to communicate each other with (what both sides agreed it was) courtesy.
I take a even worst time with Chinese teammates over MSN conferences (we could not manage to understand our English accents! :-D). Without visual assurance, we never know for sure when we're making a praise for a job well done, or making a joke on a stupid mistake we did! X-P (even worst, sometimes what we thought was a stupid mistake was a well job done not understood at first glance).
Our texts, sometimes, were padded with "(this is a joke)" or "(this is a praise)". I remember at least one "(I still deciding if this is a joke or not)", but I don't remember who shoot that...
Looking in distance, it was hilarious. But at that time, not so much... :-)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
where I wrote "I take", please read "I took".
(yes, English is not my mother language... Sorry...)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
If you follow a link in the article to the original report, you'll find tons of comments about the domain names and the scam... and a few gems interspersed about the companies being so legit and helpful, in pretty broken english, by incredibly generic usernames. Those are some seriously hardcore scammers.
If it is documented that they routinely defrauded people for money, why are they not in jail?
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
I'm hoping this bad publicity puts Comantra out of business, but they'll most likely just disappear and pop up under a different name.
My family members have had calls from a few of these companies and my 84 year old grandpa was recently scammed out of around £85 and had his computer filled with their malware which really pissed me off, he'd just bought a license key for MS Office then a few days later got a call from "Microsoft Windows help desk" or similar saying they've detected a virus on his computer, blah, blah, blah, install our software, pay us money and you'll be fine.
We really need somebody to go after the people who actually process the payments, if the scammers could only accept payment through western union or bit coins it would trigger a lot more alarm bells in their victims heads. Given the right circumstances even intelligent people who are just a little naive can be taken in by these scammers.
Awhile back, I got one of these too. They told me that my "PC was serving malware and it was traced to my IP" or something like that. Since my public IP address is static, I asked them what IP address this supposed malware was coming from. They gave me a bullshit number and hung up.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
Funny. If you ask them to name the virus supposedly serving up something, they also hang up.
Mine too. Sadly my old man didn't think to conference me in to the call...
... wait, what?
There's a lot of things you don't know, clearly.
http://en.wikipedia.org/wiki/Racism#Definitions
That should help.
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
"After spending two hours trying to solve a print problem, I remember co-mantra and with the repeat very patient and competent help, i can now relax. Many thanks co-mantra, I have a felling that it was a good day when i joined your organization."
Yeah, that's about the gist of all the comments on their website. They are all from English sounding names (James Wood) that use constructs nobody would use.
"...repeat very patient and competent help..." yeah, rinse and repeat.
"...felling..." I've got a feeling it's a scam alright
"...i joined your organization..." just to get help support, goodness me, all that traveling
And then you start looking, and find out that nobody of the "commenters" uses uppercase "I" except at the start of sentences. Hmm, might I suggest that all this was written by the same person?
I didn't know "Indian" was a race.
It's as meaningful a racial grouping as any other.
Corollaries are left as an exercise for the reader.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Most computer users aren't geeks, and they don't know how to tell if their computer's infected or not. What they do know, however, is that every single version of Microsoft Windows is full of security holes and that there are millions of viruses, trojans and other malware out there looking for computers to infect. If that weren't true, if Microsoft would clean up its act and put out an operating system that was designed from the bottom up to be secure this type of scam would be impossible.
Good, inexpensive web hosting
This is similar to the car warranty call scams of a couple of years ago. "Hello, your car warranty is about to expire, blah blah blah."
The scammers do not care that you are on whatever DNC registry exists in your country. They call anyway, using false phone numbers. And call multiple times a week.
I used to make a game of it, seeing how long I could keep them on the line.
My best was 30 minutes, ending with "You do realize that the only reason I am talking to you is to keep you from bothering some other person at dinnertime, and that you will never, ever get a dime out of me."
Serious question - if the payments are made by CC, can't you just go to your CC provider, dispute it as fraudulent, and have it charged back? Or are the CC providers of the 'you consented, tough luck sucker' mindset?
They called me and got an earful of abuse, because it was saturday morning, when I like to be asleep.
Them: "Hello sir, I am from " /I hang up
Me: "Never heard of them"
Them: "We have been doing a survey and noticed that there are a large number of virus infections in your area"
Me: "So this is a scam then?"
Them: "No sir this is not a scam"
Me:"Fine, whatever, carry on"
Them: "Sir this is not a scam. We noticed you have a windows computer in your house that connects to the internet"
Me: "So you wake me up on a Saturday morning and lie to me TWICE? F*CK OFF and die you bastard scammers"
Them: "No sir this is not a scam"
Me; "I hope your whole family dies in pain, go fuck yourself"
I may have gone a bit over the top there... but these arseholes phone people who won't realise what's going on and will fall for it. Absolute bastards.
I asked them to tell me which version of Windows I was using (I use a Mac) and then I would give them the access they wanted. They couldn't of course, but I did manage to keep them on the phone for nearly an hour. They said they would tell me the version as soon as I gave them remote access. I got moved up a level to a supervision who continued to stay "on script". I offered to transfer $1000 into his personal bank account immediately if he could correctly tell me the OS version. This offer got them VERY excited but they eventually gave up after the first guess was made. It still amazes me anyone could fall for this crap.
That's what I did for my dad (and upgraded him from XP to 7 at the same time) when he fell for the scam a while back. Luckily he wasn't out any money because the company's accounts got shut down before his payment was processed.
Even if it wasn't necessary it certainly drove home the "Never listen to cold callers" lesson when he had his work laptop offline for a couple of days.
Mum and I both got called as well, after I hung up on them I called mum immediately to tell her what to expect, she called back (I had to leave a message) and said they had already called, she could tell it was a scam. I taught her well. :D
how is babby formed?
Then again, it's possible that the minimum wage staff in their call centre honestly believe that the script they're following is legit.
From the calls I've got myself and the ones reported by others, it really sounds like the callers truly believe what they're saying and don't know much better.
Holy Mackerel. My mother-in-law actually got one of these calls. She said someone with a nearly unintelligable accent had called saying he was from her ISP and he could see that her computer had a dangerous infection.
Now, mother-in-law is one of the most internet-savvy non-geeks I have ever met. Her first response was "how? the computer is turned off." He babbled something about how they could still tell and insisted she turn it on right now and follow his instructions very carefully. She said he was very excited and talked very forcefully and urgently.
She told him no, she didn't think that was necessary, her son-in-law does all her administration and she was pretty sure her computer was safe. He abruptly hung up. She immediately called me and told me about it. I asked her to boot up, logged in remotely, poked around and started a virus scan. Nothing. Obvious scam.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I like these calls. If it comes in an evening and I have nothing to do I try and drag them out for as long as possible. The enjoyment hearing the reaction of the person at the other end when you finally tell them you work in IT, know it is a scam and that you were dragging the call out so that they had less time to call other people is priceless. Think the longest was a bit over an hour before I got bored with it.
You should have said windows 3.1, or windows for workgroups. Just to see what the hell they would do.
My rights don't need management.
taking fake antivirus to the next level next time just say you work for best buy / a 3th party for the geek squad.
I am not familiar with this 3th, is it some kind of drink?
</sarcasm>
Same here. The tosser said that my IP address was 192.168.1.100, which probably is true for the inside LAN of many of the victims they try to scam, but a bold faced direct lie anyhow, because you don't see the internal address through a NAT - that's the whole point.
Anyhow, I hope these guys will end up on FBIs list, and if they ever set foot on US soil, that they'll rot in jail. Those who got tricked? Don't give them a dime back; consider it a stupid tax.
How about never trust a cold caller?
What does the race have ANYTHING to do with it. A cold caller wants your money and doesn't know you from a bar of soap.
AMMYY is a remote desktop program (http://www.ammyy.com/en/solutions.html) and it makes sense why they'd try to get someone to install it.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
i wonder why this got modded down?
though it's not a completely fair model of outsourcing, the only part it misses is that quite often the standard of living is improved in the country outsourced to (not just the top 1%).
of course, that corresponds to a subtle drop in living standard in the country outsourced from...
i wonder if those free market types are aware that they have the same goals as communism?
I actually had these calls, and it's much more sinister than this article makes out. The first couple of times I got the call I just told them to go screw themselves, but by the third time I found myself interested in what the scam was. I booted up a VM and played along with their whole Event Viewer deal, and gave them access via their remote support tool. They asked for my card details, which I responded to with fake details. It seems they didn't actually try to put any payment through immediately, though, because they weren't alerted by the fake info. A little worrying, because it implies that they were "saving them for later".
Here's the part the article misses out - what they install as a "fix" is in fact spyware, which collects browsing information and Outlook emails. I got in touch with the phone company and found the company name and, upon discovering that they were a Gold Partner, immediately reported it to Microsoft along with a copy of the spyware. The response I got was rather generic and bland, so I can't tell if Microsoft knew about the malware side of it beforehand, or were just discovering it. Maybe the scam didn't initially involve the spyware, I don't know.
This was about a month ago, so I can't help but feel that the added threat of spyware is what tipped it for them. I just don't understand why they didn't drop them over a year ago when the issue was first raised.
Scam artists do the same thing in many specialized fields--stock-based Ponzi schemes, cherry picked or badly reported statistics (typically surveys, often with ignored error margins), crap new age philosophy promising wealth based on quantum physics, Nigerian prince bank transactions, etc. Sometimes they can be recognized from general principles, like when they come to you instead of you coming to them, or when the things they say are too good to be true. Other times it's really hard to sort out the truth from plausible fiction, like that old line that 75% of all people who have ever lived are alive now. Statistics are particularly bad in this way. They're wonderful in skilled and honest hands, but they're terrible in the hands of a novice or a manipulator.
A lot of older people just aren't used to dealing with scams. I imagine scams like these will need to become significantly more sophisticated as more tech-savvy generations age.
You should have said windows 3.1, or windows for workgroups. Just to see what the hell they would do.
Next time they ring I'm planning spend 20-30 minutes doing something like this.
A computer running slow? Oh yes I have I'm really glad you called... I'll just boot it up.... (sound FX of me wandering round the house) turn it on.. Oh its not working... (more faffing round) Oops it was unplugged... OK Booting ... booting...
OK I've got the prompt w... i... n.... OK its starting ... starting .... starting Argh Its bluescreened its a very poorly puppy I'm glad of your help. I'll try again (on the third attempt) OK I'm in windows just start up Mosaic it sometimes takes a couple of minutes... whats the weather like at your end? (after a few other network problems) OK I've downloaded your program double clicked on it Oh I've got an error saying that this is a 32 bit program and won't run on a 16 bit system ... do you have one that supports Windows 3.1?
If you look at the image of the Comantra web site in the PCPro article you may notice that they copied the KMail icon for step 1 and step 2 shows a copied Macbook icon (for a Windows "support" site)
Unicode in Slashdot
I know NOTHING about cars.
But if a stranger phones me up in the middle of the night claiming to be from "Ford Motor Company", telling me that they need me to send them the car keys, or leave the car unlocked so they can come and "fix" it, I will be inherently suspicious and won't part with anything for anything short of a court order.
They could claim to be "recalling" my car - that would be fine. I'd hang up, phone Ford's and check if that's true (as well as checking news stories). It's not difficult if they are REALLY genuine, they will let me do that, on the number that *I* choose (i.e. the actual Ford service department number taken from their website or a phone directory). I bet you Ford would never have heard of them.
If a bank phone me up claiming that I need to pay them £1000, that's fine. You tell me my account number, you give *ME* my details. No? I'll just have to hang up and go through my bank's telephone support lines then to see what the problem is.
(I have seen people answer a ringing phone only to then IMMEDIATELY give out their bank security details on the basis that someone who knew their name said that it was the bank calling about a problem and "could you just give me the 3rd and 4th characters of your password..." Er. No. Because I have *NO* idea who you are. You tell me my secret question / other details first and then we'll talk. Or else you give me your name/department and ***I*** will ring the main bank switchboard and ask to be put through to you.)
Just because you're not literate in a subject does not mean you should be stupid about it. I have absolutely zero qualifications in car repair - but I know if someone is trying to rip me off. This is the equivalent of someone on the street asking for your car and keys for 48 hours in order to clean your tyres.
Even if I had zero knowledge of computers, I would be inherently suspicious that someone "knew" what my machine was doing.
First off, it would be illegal for them to know such things (you KNOW what programs I'm running on my personal computer and decide to contact me about it? Nope), secondly, I would need to know who they are and how they got my phone number (which, again, would be illegal unless I'd given it to THAT named company - which would be highly unlikely), thirdly they have absolutely no business interfering with my personal machine (no matter what they say), fourthly as soon as they start giving me instructions (actually ORDERS on things for me to do) they will be hung up on. Your phone company don't ring you and say "Can you just pop outside and hook your phone line back up for us?". You want it fixed? You come and do it.
Fifth, if they had an INCREDIBLY convincing story about why I needed to buy their service, that's fine. I'll buy it from a vendor that *I* want and won't give you my credit card details over the phone.
At worst, being very gullible, you'd make me unplug my machine (because I might be "breaking the Internet" or something, and that's why you phoned me, I don't know) and either get someone of MY choice in to look at it, or at least ask someone knowledgeable their opinion on the phone call. Why do I know that's what sensible people would do? Because perfectly-sensible, non-computer people ask me about things like this ALL THE TIME.
It's only the idiots that do what they are told, and hand over their computer/credit card to a complete stranger without checking that are the problem. It has NOTHING to do with computer literacy.
Tip: Ask what company they work for. If you haven't heard of them, hang up. If they claim to be acting on behalf of "your" phone company / energy company / ISP, ask them to name it. Ask them for your customer number. In all the scam calls (and even people knocking on my door) that I receive for these things, nobody has yet passed that test. Even if they COULD, I still won't let them do anything without knowing they work for the company (it's easy, after all, to pick up an old bill from the tra
My elderly neighbour got scammed by this lot. They actually knew some information that could have only have come from a previous support call to her ISP -an ISP that has a call centre in the same Indian city. I've since learnt that a number of Indian call centre firms are selling data to scammers, and that the Indian authorities don't give a damn since it's bringing in foreign revenue.
Taking a stand like this should just be the tip of the iceberg, but unfortunately, this is only to bring up stock prices temporarily. MS has a long way to go before they do the right thing all around. Many companies associated to them have practices resembling this....
I suspect you got modded down by someone who profits from outsourcing on the buyer's side. The CIO who chooses outsourcing often gets some nifty perks and -- best of all -- a happy landing if he/she gets fired when the outsourcing strategy goes into epic fail mode. In the short run, it scores brownie points with CFO and CEO types while maintaining one's membership in the executive golf committee. When things go wrong, a smart executive knows how to get paid for failure. I know of several CIOs who bungled major outsourcing initiatives. Each of them landed a job with the outsourcer or a nifty promotion to another company where the same outsourcer already had a big presence. Nothing can propel your career like a well-managed failure. There is money to be made by properly managing a cycle of fail.
Below the executive level, you have the entire food chain of outsourced employees, who do the same jobs that conventional employees did before. Remember that many companies have dreadful salary scales for IT. In a past life, I had arguments with my HR department's treatment of IT positions. In many cases, they "require" a BSCS or above, while offering a salary less than an executive secretary. Sometimes outsourcing is the only way a company will allow itself to get a halfway intelligent person to work in IT. The stereotype is that good paying jobs are cut and cheapie temps take over. Employers love the concept, but reality can be a different story. The temp jobs are not always temporary and the hourly rates can be several times what a "permanent" employee would cost. But you won't find that in the brochure.
And lets not forget the additional people who work in the overhead departments of outsourcers. You have accounting people, a large well-paid sales department, and various executives that form the basis of a corporate management team that would not even exist if companies managed IT internally. If any of them are reading your post, they'll mod it down too!
Sometimes employees get screwed by outsourcing, but at least half the time it's the customer who gets fleeced. If you can't be part of the solution, there is money to be made by prolonging the problem.
Wasting 10 minutes of their time on the phone is a good start, but teledroids don't cost enough for the scammers to worry about.
Your throwaway VM idea is interesting. I wonder if you can get into any trouble by launching an attack against someone who is trying to scam you. Who are they going to call? These phony helpers might be more fun than a trip to Disney. My guess is their environment is not prepared for everything a bunch of angry Slashdotters might try. If they get clobbered, it will take a lot longer than 10 minutes to get back online.
howzabout not giving confidential information, like your credit card number, any Jim, Lakshmi or Boris that calls you up ?
Doesn't matter if there's a compootor involved or not.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
He will, but only if their company hijacks 4 planes, blows up 2 buildings, attacks the pentagon with one of the hijacked planes, and kills a few thousand civilians.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
I've had the same experience with Indian and Chinese coworkers. You did a good job describing it despite using a non-native language. I never thought to explicitly state my mindset in order to avoid misinterpreting each other, what a good idea! (this is a praise)
Man, you really need that seminar!
Yeah there was a couple of month when Mobilicity and Wind customers were getting random calls from India and some strange people were trying to talk them into wiring money somewhere. That was really bizarre, 'cause people who called had heavy accents and were really, really rude - not a good way to scam at all. :) Glad that problem is now solved.
Immigration to Canada