Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Antivirus Scammers Call the Wrong Guy

Posted by timothy on from the human-engineering-with-phony-humans dept.

ancientribe writes "Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were 'Stone Age' when it came to their tech know-how."

16 of 473 comments (clear)

  1. Bummer is, it works by Toe,+The · · Score: 5, Insightful

    Scammers (and spammers) wouldn't do this stuff if it didn't pay off.

    Even though these guys were idiots, they still manage to scam people. So what does that say about their victims? Ugh.

    1. Re:Bummer is, it works by neonsignal · · Score: 1, Insightful

      That's a bit unfair - the victims may be gullible, but when the public are constantly being being thrown news of real and imagined malware threats, the less knowledgeable ones are at an unfair disadvantage. Remember, these scammers are unashamedly lying and extorting money; their victims are not necessarily stupid, just too trusting of a cold caller. Without trust our society would not function; the fault here lies squarely with the scammers. If you think that the victims need more education, then it is your responsibility to inform them of the risks, not to call them "idiots".

    2. Re:Bummer is, it works by Belial6 · · Score: 3, Insightful

      I would really like to agree with you at least a little bit, but it isn't 1995 anymore. Waving off ignorance as "I don't understand computers" isn't a valid answer anymore. It is basic safety when using a telephone not to give out credit card numbers or any other personal information to someone that calls you. Not typing things into your computer and giving access to someone that calls you isn't "Computer Knowledge" it is "Telephone Knowledge", and the telephone has been in wide use long enough that claiming you don't know how to use it isn't a valid answer either.

  2. Can you blame them? by Anonymous Coward · · Score: 2, Insightful

    Where are the calls coming from? Probably India or some impoverished nation. Some of the people working in those call centers really need the $2.00 a day that they make so that they can feed their family.

    I'd do some shady shit too if I had to in order to survive and so would you. So don't judge too harshly and don't yell or belittle the guy on the phone. Don't hate the player, hate the game...

    1. Re:Can you blame them? by X0563511 · · Score: 5, Insightful

      Don't hate the player, hate the game...

      No. I hate both.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:Can you blame them? by Jeng · · Score: 5, Insightful

      Damn straight I can blame them.

      You don't see me trying to scam Bill Gates or some other bullshit.

      If you are at the level where you are pulling these scams internationally over not only the internet, but also calling your victims, then you are not starving and you are probably a little better educated than those around you. These are the people that are dragging down their societies instead of building them up.

      I not only blame them, I would like to shoot them for the betterment of their communities.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    3. Re:Can you blame them? by Sir_Sri · · Score: 5, Insightful

      You realize that fraud and scamming people in india is a crime too right?

      I don't begrudge and indian guy a job at Infosys or IBM or actual microsoft. You may not like outsourcing, but you can't fault someone for taking a decent job that's a step up from what they have, and you can't expect them to feel bad about taking your job when you get paid 50x as much as they do.

      But you still don't feel bad for the guy trying to rob you on the street in New Delhi. He's as much a criminal by indian standards as by western ones.

      I admit, there *is* a grey area. Not the area you talked about. But there is a grey area. I feel bad for people there who have to pay bribes to buy a train ticket (which is everyone), and I feel worse when they come here and think they have to do the same thing. But there is a matter of different cultures, and pervasive corruption and ciminality that honest people can't avoid. Fine, I'll forgive some of that. But trying to theft is theft, and I have relatively little tolerance for it, and none at all when it's an intentional organized corporate activity.

  3. Re:Question- How did scammers do this? by ArsenneLupin · · Score: 4, Insightful
    On some phone systems (for example Luxembourg during the eighties), only the caller can hang up a line. If the callee "hangs up" it's not really hung up until the caller hangs up as well, and a malicious caller can tie up his victim's line as long as he wants.

    Normally this is not an issue, as in a normal call both parties will hang up. However, back in the day, pranksters figured out that this was an excellent way of annoying call-in amateur ("pirate") radio stations, completely sabotaging their game shows this way...

  4. Not surprising by Baloroth · · Score: 4, Insightful

    Hardly surprising their tech know-how was stone-age. If they were actually competent, they wouldn't be running some lame over-the-phone scam like this. They would either be working a legitimate job or running a large-scale botnet somewhere. The vast majority of criminals are stupid, because smart people either don't get into crime or don't do low-level crap like this.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  5. Re:Sounds familiar by CanHasDIY · · Score: 5, Insightful

    His main takeaway: they were 'Stone Age' when it came to their tech know-how."

    So they're exactly like Norton, McAfee, and CA?

    How did this get modded 'Funny?'

    That shit ain't funny, it's fucking Insightful.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  6. What I do by Mortimer82 · · Score: 4, Insightful

    I say "Okay, hold on a moment please." I then leave the phone call active, put the phone on my desk or something and do something else until they get bored.

    1. Re:What I do by Archangel+Michael · · Score: 4, Insightful

      I do that, except I'll go back every couple minutes or so and say .. can you hold on, I really want to talk to you, but I have to finish this one thing ..

      I keep a log of how long they will hang on ... the current record, for some insurance company, was nearly 35 minutes before they hung up. They did call back three time afterwards ... but didn't hold on much more than a couple minutes.

      My goal, keep them online, but not making a sale for as long as I can. If everyone took 30 minutes for each of these sales type calls and never actually buying, then they would stop calling, as the profit margins would sink.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:What I do by Beardo+the+Bearded · · Score: 4, Insightful

      One time the woman wouldn't take no for an answer.

      "Listen, do you get paid by the hour or by the call?"

      "By the call."

      "So I've told you I'm not interested, why waste your time? Hang up and move on."

      "Well, I..." *lightbulb on sound* "Good night, sir."

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  7. Re:Deplorable by bobbied · · Score: 2, Insightful

    Right, like the script kitties could tell they where dealing with a Mac much less have a workable scam for Mac they could talk the hapless Apple user though over the phone. If it ain't windows, they ain't getting anywhere cause they usually only know windows.

    Before my ISP started blocking port 80,I ran an Apache web server on a stand alone Linux box in my DMZ that had nothing but a single HTML page on it. 99.99% of the access logs where exploits that only worked on Windows products and multiple break in attempts where from the same IP over and over. If they where too ignorant to look at the server type before they tried to break in, or if they somehow figured that what didn't work 15 seconds ago might work this time then it sure fits the view that they are pretty unsophisticated in their approaches when they are trying to break in.

    Just running an OS other than Windows offers significant protection from the bulk of web based attacks. Not that it makes breaking in any harder mind you, it's just that most of the "hackers" out there don't know the difference between Red Hat, Ubuntu or Windows and usually cannot even understand what an IP address is much less a TCP port because they just run the tool somebody else wrote for them. These folks don't scare me.

    Of course there are a FEW folks who don't fall into what I call "Script Kitties" class, and they are really the dangerous ones because they understand that it is not the breaking in, but the exploitation of getting access that matters. Most of these guys/gals are not going to call you on your phone unless they have reason to target you, and you can bet they won't resort to such low tech methods described in this article.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  8. Re:Sounds familiar by hairyfeet · · Score: 5, Insightful

    No shit, I don't know how many times i have had people bring in a machine and complains "Its so slow it has GOT to be a virus" and I find they are right...its a virus called norton or McCrappy. It never fails to amaze me how bad some of these AVs get when it comes to hogging, especially on laptops. I'll give them Avast or Comodo or if they REALLY know what they are doing MSE, but Horton and mcCrap are just fucking terrible! I have been told their enterprise version, at least with Norton, isn't like that so i have to say WTF? why can't you do that with the consumer version?

    But the bitch is it isn't the PC bugs I've seen much of lately, win 7 and a decent AV have that problem pretty well handled, its the mobile scams. If you want to know more check my journal entry here but please folks, remember that many haven't got the exp we have so warn them about the phone scams, because the amount of variants i've seen in just the last week tell me this one is gonna spread and be nasty as all hell.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  9. Re:Sounds familiar by Anonymous Coward · · Score: 2, Insightful

    * experiences with 5+ year old AV software. Hey, Ford is also not making crappy cars so much anymore, but does anyone notice?

    Ford is doing better, but Toyota is doing even better. Why go for Norton, when you can use MSE, which is far far better than present day, consumer edition Norton.

    * a general dislike for software that's designed for non-geeks

    Most of us dont admit, but like software to work of the box. We all prefer software that is degined for non-geeks, like MSE.

    * bias against commercial software and marketing techniques.

    If you look at the technical side of what a company like Symantec is doing these days in the AV space with behavior analysis, reputation data, intrusion prevention and so forth (http://www.symantec.com/theme.jsp?themeid=star), I think most of you would be very surprised with how cutting edge the AV products are (both Enterprise and Consumer, which share the same core technology), how quickly it installs, how small the resource footprint is, and how quickly it goes to the background (http://www.passmark.com/tpsreport12). I can't defend the pop-up offers and whatnot, but for the most part, these aren't the shitty products they used to be.

    I agree they are far better than they used to be, but so is their competition. They suck compared to their competition.