Slashdot Mirror
Microsoft Customers Hit With New Wave of Fake Tech Support Calls
rjmarvin writes "A new surge of callers posing predominately as Microsoft technicians are attempting and sometimes succeeding in scamming customers, convincing them their PCs are infected and directing them to install malware-ridden software or give the callers remote access to the computer. The fraudsters also solicit payment for the fake services rendered. This comes only a year after the FTC cracked down on fake tech support calls, charging six scam operators last October."
This looks more like an advertisement for sdt.bz than an actual Slashdot article.
Here's the real article:
http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers
I'd go after the AOL market.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
We are detect you having the problem with the Microsoft. We make you no having the problem. Fifty dollars, in rupees if please.
- "Mike"
NOW they listen to the IT guy's instructions?
While that is commendable, user training is more valuable and goes towards solving the problem instead of hiding it.
"Sorry we don't have these windows things you speak of", will be safe but "Why yes, we do have medicare, here is my SSN... " may not be.
---- Booth was a patriot ----
Have gnu, will travel.
unless you're a commercial licensee, then you can't keep them out of the place with guard dogs and crew-served weapons.
cold calls on the phone? scam.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Too bad about the do not call list. It severely cut down my abilities to mess with telemarketers.
First one
"OH thank GOD you called this computer has been a mess for 3 days I can not get rid of this virus" *click*
second one I was busy putting in a AC unit
I was going to go with bringing up a linux VM and seeing how far he got. But the AC needed my attention more.
"its a scam you know it I know it move on" *click*
Third one is my best work so far
"That is totally cool how did you do that?"
"Oh the computer calls in and we reach out to our customers"
"No I mean how did you do that when I have no computers"
"well someone in your household must have one"
"Just me living here"
"there *must* be a computer"
"Nope got rid of the blasted things I hate them"
It was most amusing the guy could not conceive that I did not own a computer.
So far my record for getting them stay online before they hangup is 7 mins.
You don't appear to care that your relatives have been kidnapped, you insensitive clod!
Joke's on you, the FCC doesn't care, though the FTC might.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Hello valued customer. Remember last year when you called our help desk and then sat on hold for 25 minutes before hanging up?
We're very sorry about that and we're just now getting through our backlog and would like to fix your computer now...
or
Hello valued customer. With our brand-new AlwaysOnMonitoringTool (TM), we amazingly smart computer geeks in the cloud are able to see you are having some problems with your computer but we cannot see all of the problems and need some help getting in and fixing it....
I can easily see novices, grandmothers and wannabe CEOs falling for crap like that. Computing is magic to most people and if you don't sound like Voldemort, then you must be one of the good wizards.
In fairness, this has nothing at all to do with Microsoft, other than most people have it, and most people aren't really tech savvy.
This is just social engineering. Some guys calls up, claims to be from "tech support" or "the Windows Service Provider" and tells you a little techno-babble that sounds scary.
They don't actually have any information about you, and if pressed couldn't even tell you your IP address or even your name -- it's just a blanket approach.
But then they tell you to follow some steps to give them access to your computer, and they make some mumbling about how bad it is and attempt to either steal your files, or convince you that you need to buy some extra services.
A friends father in law got scammed with this a few years ago, and my friend was somewhat livid because he'd explicitly told them about such scams and to hang up on anybody who is telling you that. But people don't know that Microsoft doesn't really have your phone number and aren't monitoring your system.
If you know that 80% of everyone is running Windows, and most of them don't really have a good understanding of what's going on, all you think is some friendly guy is contacting you to solve problems you didn't even know you had. It's just like spam, hit enough people and some fraction will fall for it.
I've actually spent the last 5+ years explaining to my parents how to spot a scam, why they should never trust someone who calls them, and to be generally skeptical of such things. I've managed to turn my parents into somewhat skeptical, and a lot more street smart people by hammering home some of this stuff. But I had a great aunt who was a lot more trusting and got scammed several times.
And since every time someone tries to implement a Do Not Call list, the lobbyists cry "but what about our business model" and the protections get weakened to the point of being meaningless.
And since everyone can fake their phone number (which to me is a huge part of the problem) people see something on their call display and believe it. Which means some douchebag is whateverthefuckistan can call you and look like anything they want to, and the phone companies and the companies who believe it's their right to call you exploit that.
I've actually set my Panasonic cordless phone to say "Unknown caller id means hang up", "Private caller means hang up". I still get stuff that gets through (when you see a local number and hear a long distance ring) -- but I start out with the assumption that I don't trust incoming callers.
But getting everyone to understand how these scams work is hard. Getting people to overcome a belief that others are honest and good takes work.
Lost at C:>. Found at C.
These people don't have a list of "Microsoft Customers", they simply know that Microsoft is such an 800-pound gorilla of a monoculture that they can call any random phone number, claim to know that you run Windows, and if you don't, that's simply statistical error.
Exactly. It's like the grandma scam.
Hello, Grandma?
If the person on the other end hangs up, no problem. If she says, "Is that you Laura?" then the caller _is_ Laura.
The reason the US Post Office is still hanging on is because actual physical junque mail is still cost-effective at a 1.8% return rate.
It's like a salesman who is only going to sell to one out of a hundred people. The first thing to do is to talk to 100 people and then hard sell the 3 that keep talking to you for more than 30 seconds.
I do technical support, but people have to come to me. I tell all my customers and potential customers that nobody cold-calls you, tells you they "have noticed" that your machine needs repair, and offers to do same. This is guaranteed to be a scam.
Other indications: A heavily accented voice saying: "Hello, my name is Frank and I am from The Microsoft and I am calling because we have noticed that your computer is infested with the viruses." I'm sorry, not only does nobody make that kind of call, nobody talks like that. (I have a friend who works at "The Microsoft", and he has decided he will henceforth be addressed as "The Frank"....) Like anything else these days, scam call centers are typically low paid foreign nationals with poor communication skills who are following a script. They do it this way because (a) the overhead is very low, and (b) it works, at least, often enough to be profitable.
These scams are not limited to fake tech support. I got a robocall a few weeks ago saying "This is a message from Chase bank. We regret to inform you that your Chase bank card has been frozen. To unlock your card, please press one to be connected to our security department". Obviously the helpful, heavily accented person you get when you press one will helpfully take your card number and identity, "unlock your card" and you'll have been robbed.
It's all the same type of scam. People sitting at card tables patiently calling number after number with the same, pre-written script, secure in the knowledge that there will be enough people who buy it to make their pimp happy and maybe they'll get a place to sleep that night.
Never give personal information to a cold call. Never believe anything you hear from a cold call. If you think it could be legit, conclude the call, look up the *real* number of whatever institution purports to have called you, and call them. Real institutions (even creditors) will understand when you insist on doing this. Do I really have to say, do *not* believe a cold call when they give you a number to call back.
Let's be careful out there.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Do the whole world a favor and keep these guys on the line as long as possible. While they are "helping" you, they're not scamming the vulnerable.
I find it's entertaining to talk to them as you imagine your 79 year old grandmother would. Inept but just able to do all that they ask ... after three or four tries.
"Just a minute, I need to start my computer. This might take awhile. I need to put the phone down, don't go away. OK, I'm back. Wait, I need to find my password. Hold on."
They all disowned him.
There are two types of people in the world: Those who crave closure
For the same reason spam is profitable, because 2% or so of people fall for it.
So you've got a whole large number of cheap labor, calling from VOIP lines overseas, who may or may not get told to fuck off 100 times each day. But the two who think you sound like you're legit, well, that's probably your quota anyway.
The economics of this doesn't mean you have a bunch of North Americans hanging around in a call center getting paid decent money. You have hundreds (or thousands) of people in a foreign country who have been coached to learn enough English who just call huge numbers of people and hope for even a modest rate of people falling for it.
Do you know why some of the time you get nobody on the phone? The computers dial a vast amount of numbers, and when one connects they direct to an available operator. There isn't always someone there to answer.
And that's why you can get the same call 10 times in a week. It's purely made up on volume.
After all these years, when my phone rings, unless I know the number, recognize the voice, or can reach a threshold at which I believe that it's a legitimate call (which requires you be able to provide me with information, not the other way around) -- I more or less start out half hostile on the phone. Because some months, as many as 95% of all incoming calls are just scams. At least, before I started blocking "Unknown" and "Private Caller" -- if you won't tell me who you are, I'm not answering.
Lost at C:>. Found at C.
Yes, on linux when things don't work, I just search for my problem on google, find some website with a "fix", and then enter that command that I don't understand with root privs......
I get sick of people and their "I'm not a computer person so it's not my fault" attitude. It's like getting in a car accident, taking your car to the shop, and then proudly declaring "I don't know how to drive!" to the mechanics. If random weirdo walks up to someone and says "You're sick! Bend over and let me give you this suppository!", are they going to do it? And then later say "I'm not a doctor, so how was I supposed to know?" It is beyond ridiculous in a world where computer use is such an integral part of everyday life.
Being a Microsoft customer isn't causing people to be targeted. The callers are posting as Microsoft technicians, making it relevant only to Microsoft customers.
There's a vast difference between the two.
I work for a fortune 500 that uses Unisys in India for our helpdesk. I had 2 outstanding requests with them when I came down with a cold and had to work from home for a few days. When a heavily accented Indian guy called my cell phone telling me he was calling from the helpdesk, and that I could go to logmein.com and he would remote in and take a look, it almost sounded legit.
This could easily have fooled someone since I had outstanding incidents, we use an Indian helpdesk, they do use logmein, and they do have my cell phone number (which they might actually use since I was not at my desk at work). The primary remaining tip-offs were: 1) They didn't know my incident number and 2) My requests were for hardware issues not software. But if I had a problem like being unable to login to Outlook or access a network share, I wouldn't have had much reason to distrust them.
We (my wife and I) haven't gotten a call in a while, but a month ago we were getting daily calls.
We would ask them questions about exactly what part of Microsoft they work for. We would ask them what their real name was and where were they really calling from. We would echo back everything that they said to us. We would note that we only have Mac and (other) Unix systems systems in the house and then give various takes on "how could you be getting warnings from our Windows computer when we have none here". At one point, we had a contest to see how long we could keep them on the line until they got frustrated and hung up.
We haven't gotten a call in over a month.
It's ongoing and it's also inaccurate to say "Microsoft's Customers" since it implies that these guys have a mailing list that they're using. I know a couple people who have gotten the call and they only have Macs. They're just moving from country to country and randomly calling anyone who will listen. I'm sure there are variations on the scam that adjust for specificity vs scope. For instance if I call and say I'm from Dell technical support and you're a Dell customer you're more likely to feel like it's true since they called you and knew you had a dell "how else would they know!". I'm actually pretty surprised that someone hasn't gone "all the way" and crafted the script to be like
"Hi, you called dell Technical Support a couple weeks ago and I'm following up to say that it appears that we didn't correctly resolve your issue."
The odds of getting someone who did call support in the last couple of weeks are low, but if you hit someone who did your chances of them believing you are very high.
This scam works regardless of OS.
Teamviewer (one of the software packages they'll talk you into downloading) is completely legitimate and useful software and is truly cross platform . Not just "maybe it works on Linux" but it works on Linux flawlessly.
Here, go get it and play around.
http://www.teamviewer.com/en/download/linux.aspx
You can't fix layer 8 except through education about best practices, and that's only if the person you're teaching is willing to actually listen - a rarity.
--
BMO
It might be his in-laws you insensitive clod!
I am Bennett Haselton! I am Bennett Haselton!
I'd go one better and setup a VM running Windows 3.1
Come at me bro!
I am Bennett Haselton! I am Bennett Haselton!
A month or two ago, I was getting daily, sometimes twice-daily calls from these clowns in India. I told the first one that I knew it was a scam, and was even explaining exactly how the scam works, when I was interrupted with "I assure you this is not a scam" and practically being ordered to quit arguing and let him fix my PC.
Another time I told the guy "go fuck yourself", which was greeted with a long pause, and then "I'm sorry sir, I'm in an office right now and cannot do that here".
Another time I laid into the guy, lecturing him about being a criminal parasite, and a "worthless sack of shit" among other terms, and we got into this thing where I was cursing a blue streak while he said over and over, almost rhythmically, in that heavy Indian accent "shut up, shut up, you shut up, shut up, shut up, you shut up..."
Another time I asked the guy "do you like to fuck monkeys?", and when he responded with some confusion I explained "I was just wondering, since obviously your father fucked a monkey to make you", and then he just continued as though I had not just insulted him.
Really, it seems impossible to get these shit-filled monkey-fuckers to give up and hang up, no matter how badly you abuse them. But there is one thing I never had the patience to try... I'm not a Windows user, but I do have some Windows VMs, so I've thought that I should fire up a copy of one, follow their instructions, and when the hit me up for payment reply, "nah, instead I think I'll just delete the virtual machine we've been working in". Maybe that would actually piss them off enough to get them to hang up--you think?
Both care, actually. As does your state's Attorney General. I reported shit like this (fake collection company called me re: an account that had a balance when the bank making the loan was bought by another bank -- on my credit report it looked like I just stopped paying, but in reality the creditor just changed) to all three and the only one who contacted me back was the AG.
In the interest of full disclosure, the bank my loan was through was bought by a Native American tribe, after which it was operated on Native American land. The type of loan I had through that bank can only be legally funded or collected by a legal US entity and Native American tribes residing on Native American land are legally foreign entities, so they no longer had legal standing to collect on that loan. They knew this; and so did I, so I stopped paying once they bought the account.
Fast forward 3 years and the original loan still appears on my credit report, with payment history just suddenly stopping and a note that the account was transferred. That's perfectly normal when one creditor buys another (I've had 3 credit cards do that in the past year; thankfully it doesn't affect your credit score if the previous creditor reports it correctly), but usually whoever bought the account will start reporting, as well, which did not happen with this account. Why? Because the tribe that bought it was not legally entitled to own it. So, when I got a call from a debt collector stating that I owed (name of original bank) $2100 for a $700 loan I took out 3 years ago, I asked for (original bank)'s mailing address. When they told me they could not provide that, I said something to the effect of "First of all, Federal law requires that you provide physical contact details upon request before you can collect a penny from me; second, that bank hasn't existed for 3 years now, so they don't have an address. The tribe that bought them has no legal standing to collect and I will be more than happy to have my attorney send you documentation affirming this if you can provide YOUR address" which was met with an "For security reasons, I can't provide that, either". After two weeks of them calling me daily and making vague legal threats, I figured out that it was the tribe who bought the account; I informed them that I knew who they were and where they were calling from and they insisted that I could not. When I told them I was contacting the FCC, FTC, and California AG about calls originating from (phone number they hadn't called from -- but the actual number I used when I called them back for this -- and an address on Native American land, associated with said phone number) perpetrated by (owner ob said phone number) all they said was "good luck with that" and hung up. Never heard from them again, but I did receive confirmation from the AG that my information was correct, along with advice to contact the AG again immediately if I get another call like that.
Since I promised full disclosure... In the years leading up to this, I did have credit problems and I've dealt with (and paid!!) legitimate debt collectors quite a bit as a result of that. There was nothing legitimate about these people and further research revealed that even had I tried to continue paying on that loan after they bought the bank it was through, I could not have done so; they never set up payment processing of any sort. Clearly their intent was to force these accounts into delinquent status and attempt to collect several times the balance (my loan balance was around $350 when they bought it, they were attempting to collect 6x that!!) as a collection company rather than the actual loan amounts as a bank. Fraud, plain and simple. But, since it occurred on Native American land, the US government has to hand it over to the tribe for investigation and prosecution, which of course never leads anywhere, but at least they stopped calling me after I identified them.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I own a computer repair shop, so I see all the random junk at various times. I've had 3 computers come in with this; the first came in because "it had a virus that the Windows guys couldn't fix", and after I explained that "the Windows guys" are a fraud, she decided to bring in her other computer to have me remove their junk as well. The scammer had done A LOT to the computer, changing account permissions so that she coldn't do anything, giving themselves admin access in a separate account, then revoking hers, and had installed 3 different remote desktop applications. While I was looking at it, they connected to it without notice via TeamViewer. I just disconnected it fromt he internet, backed up her files, and wiped it; with how much they'd done, I didn't feel there was any way to be sure I'd gotten it all without starting from scratch. The 3rd was a friend of my mom's; she had falled for the scam and paid $300, then about a month later she saw a bunch of fraudulent charges on her credit card so she cancelled it and got a new number; about a wee later, she got another call from the scammers, telling her that because she uses her computer for games and watching videos, she had to pay another $500 and they would give her extra protection. Thankfully, at that point, she realized they were scammers (she's a little old lady who uses it for email and nothing else, and has no idea how to play any games, or even what YouTube is), and brought the computer to me. The interesting thing is that the scammers had not done as much to her PC as they had to the other customer, which leads me to think that they don't have an automated script, but manually change settings on the computer. That means a lot of time and effort for each mark.
I was in the local computer discount retailer standing at customer service to return a faulty tablet... The guy next to me has his computer on the counter and the lady is helping him with it ... "Yeah; it's just really really slow... I can't even load the google..." She asks "and these toolbars at the top here, did you install those on purpose?" "No, they just appeared. I can't get rid of them. I even paid $250 to have the computer cleaned of viruses and stuff!" "You did? Was it someone online that you paid to do this?" "Yeah! They called me up because they said my computer was causing problems on the internet and I paid them $250 to clean the viruses off of it but it didn't help at all."
I just turned and looked at the guy... It was weird. He didn't look like an idiot. Looked just like some kid's dad...
agreed, once had the micro$oft fairies raid our warehouse, apparently they shipped us more OEM win98 packages than we had paid for... they came in without warning and walked around the entire building with the CEO picking up any unopened copies sitting around... including the one on my workbench which belonged to a customer. that was when I really began to hate them. up until then I was just hating to be cool.
I've dealt with a few of them over the last few years, it can be very entertaining.
The way to do it is to set up a virtual machine with a packet sniffer on it. If you use all the old tricks that you would have learned on the helpdesk, you can even keep them on the phone while you set it up.
Here's a few of the classics to get you started;
"Yes...Ok...right...ok...right..yes...<15 minutes later>...no, sorry, I'll never remember all this. The computers in the other room: If I go in there, would you show me how to do it?...."
"it's a terrible slow old thing, let me start it up <ten minutes later...talking about the grandkids, especially the oh-so-clever favourite who built the computer for you is an excellent way to pass the time> oh, looks like it's frozen, I'll just turn it off and start again..."
"Start button? Oh, he must mean the button on the front of the hard drive! OK...it's shutting down now...OK, it's off, now what?"<20 minutes, easy>
Once you've got it all set up, let them talk you through downloading and running the LogMeIn software on the virtual machine. don't make it too easy for them, now...Did you know the app that you download from LogMeIn is only good for five minutes? If you haven't got it running by then, you'll need to download a new one and try again! Hours of fun and excitement for you both! So, let them connect and then use the packet sniffer to identify the IP address their connection is coming from. Also, here's a fun tip - the local session takes priority over the remote session, so if you are moving the mouse, even just a little bit, they can't! Fun!
Once you've had your fun, and you have their IP address, you can let the authorities know, and their internet connection will become a very interesting place. Briefly.
A friends father in law got scammed with this a few years ago, and my friend was somewhat livid because he'd explicitly told them about such scams and to hang up on anybody who is telling you that. But people don't know that Microsoft doesn't really have your phone number and aren't monitoring your system.
With all of the news coming out about the monitoring done by the government and large corporations (like Google and Microsoft), it will be interesting to see if those on the front line start getting more stories like this.