Slashdot Mirror
When Antivirus Scammers Call the Wrong Guy
ancientribe writes "Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were 'Stone Age' when it came to their tech know-how."
I got a similar call to the guy in the article. So I hung up.
They called back, and I hung up again except the phone didn't hang up. I even held down the "on hook" button but the call would not terminate. Any ideas how the scammers accomplished this?
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
These "Dave from Houston" fuckheads have called my house repeatedly. Unfortunately, I haven't been home to screw with them. Even my wife felt bad for these pitiful lamebrains when she told them none of our computers run Windows. And then these disorganized half-wits can't remember the FAILED on their previous calls, so they call back again.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Now see this would be fun, fire up a VM with Ubuntu 11 on it and let them have a go.
Or better yet, a windows Skinned XFCE. it looks right but nothing is right......
Do not look at laser with remaining good eye.
I had one of these guys on the line a while back. Coincidentally while I was fixing some issues with the PC at my computer-illiterate parents' house. Apparently they called a few times before but they only spoke english (with a very heavy indian accent) and my dad wouldn't even know how to order a beer in english, so their "conversations" ended without any harm done.
They directed me to try all different kinds of command line tools that would display long lists of errors (which is was supposed to do on a healthy system). I checked everything he told me to do by first searching on google and within a few minutes I got to a webpage detailing the phone script the scammers were using.
Oddly enough I told him that I was checking everything on Google first and even told him I found this website, but we still went on for nearly 15 minutes or so (he was paying for the phone bill, I could see no harm in making it expensive). I kept asking him questions and calling him out on his lies (literally calling it lies), but still he kept going. At some point it was all some morbid curiosity trip for me, eager to find out how far this could possibly go. He even kept talking after I told him I had enough fun and was going to hang up. I can't quite understand why he kept wasting so much of his time when I identified him as a scammer after the first two minutes and told him so.
I can understand how they could fool a less informed computer user though.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Their goal is to sell the "product", not recover the machine. As soon as they have the victim's money, their job is finished.
I once worked for a place that was going through a bankruptcy. Even though all creditors had theoretically been dealt with, there were still a couple collection agencies that chose to not understand that. Because I'm not intimidated by veiled lawsuit threats (or unveiled ones, for that matter), I wound up being "the guy who screens calls". I got quite good at stalling, getting "interrupted" and generally dragging out calls. This eliminated most of the collection calls with a couple of weeks of this treatment. However, there was one collector who, despite getting worked into a frothing rage on a regular basis, kept calling. Eventually, after he had raged for a bit and was catching his breath (I like to think I shortened his life by several years), I explained my tactics to him. At first, he didn't get it, but after I explained that I knew about call time metrics and that I was messing his up on purpose, he REALLY freaked out. After another 5 minutes or so, I pointed out that keeping on the line with me wasn't improving his numbers. He never called back after that.
Just remember: at a certain point, they aren't wasting your time - they are wasting their own time and amusing you in the process.
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
Three months ago i got a similar call, recorded the conversation (me playing the silly user and him trying to scam me) and forgot to put it online.
So here it is slashdot, i created this page just for you:
http://barrystaes.nl/scambait/
(click the AMR file, its the original file my Android phone recorded and 10x smaller)
Hivemind harvest in progress..
http://egbg.home.xs4all.nl/counterscript.html
Don't fight for your country, if your country does not fight for you.
These guys are dumber than that. The guy uses his personal email id for the payment gateway. His email is kunal_smart22@yahoo.in (Feel free to email him). He left is photograph at http://www.askmefast.com/categorydetail.php?cmd=ulist&userid=967853. He has even posted a question "Can i use this payment gateway for my call center which provide online technical support to usa,canada? " in the forum. I can also point out some security holes in his website, but I guess, I would doing more harm than good. So I will leave that out.
I have been told their enterprise version, at least with Norton, isn't like that so i have to say WTF?
One of my (Fortune 100) clients has McAfee enterprise and I can vouch for the fact that it's horrible there too.
Just an example; what they call "Wasted Wednesday" has nothing to do with substance abuse, and everything to do with mandatory virus scans that make computers unusable for hours.
"I've got more toys than Teruhisa Kitahara."
This is why i think words like "sheeple" or "corporate lemmings" is perfectly legitimate in certain contexts. because if an idea is bad and many do it...it is STILL A BAD IDEA and having many morons follow that bad idea doesn't magically make it good! I have dealt with Comodo Enterprise for some of my SMB customers and frankly it has everything except the crazy support costs, and unlike those other AVs you can actually get shit done while its running without it feeling like its tied a damned boat anchor around your machine.
I have always believed in using what you recommend and I've been running Comodo for a couple of years now with ZERO hassles or bullshit, hell I even have it on my kid's gamer boxes. When i went to show them how to turn off services in Comodo for when they game they said "What for? We just tell Comodo we want to run it and that's it" which frankly blew my mind because if there is one thing an AV will usually do its slow the hell out of gaming but nope, even with games it just didn't bog down their systems.
Contrast this with norton and mcAfee where I have yet to see it on a system that didn't feel like the entire system was running in slo mo. This is why I have been handing out Comodo to all my business customers and have started handing out to home users as well, because what damned good is an AV if it makes the whole system a royal PITA to use? To me the ultimate AV should ask you as few questions as possible and should only bother you when it has something important it needs your attention for and that's Comodo in a nutshell. the only time I hear from it is if it has blocked a site for having a malicious script or if i launch a program for the first time it asks whether or not I'd like it sandboxed, that's it. I just tell it what i want the default behavior to be for that program and it never asks again, it just does what its told.
How anyone can put up with a boat anchor AV is beyond me, I set up a test bed and tried all the different AVs simply because the AV I had been using (AVG) had become bloated and felt like a boat anchor. If you can't use the damned machine, what good is having it clean?
ACs don't waste your time replying, your posts are never seen by me.