Slashdot Mirror
Microsoft Customers Hit With New Wave of Fake Tech Support Calls
rjmarvin writes "A new surge of callers posing predominately as Microsoft technicians are attempting and sometimes succeeding in scamming customers, convincing them their PCs are infected and directing them to install malware-ridden software or give the callers remote access to the computer. The fraudsters also solicit payment for the fake services rendered. This comes only a year after the FTC cracked down on fake tech support calls, charging six scam operators last October."
This looks more like an advertisement for sdt.bz than an actual Slashdot article.
Here's the real article:
http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers
I'd go after the AOL market.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
We are detect you having the problem with the Microsoft. We make you no having the problem. Fifty dollars, in rupees if please.
- "Mike"
NOW they listen to the IT guy's instructions?
Have gnu, will travel.
unless you're a commercial licensee, then you can't keep them out of the place with guard dogs and crew-served weapons.
cold calls on the phone? scam.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Too bad about the do not call list. It severely cut down my abilities to mess with telemarketers.
First one
"OH thank GOD you called this computer has been a mess for 3 days I can not get rid of this virus" *click*
second one I was busy putting in a AC unit
I was going to go with bringing up a linux VM and seeing how far he got. But the AC needed my attention more.
"its a scam you know it I know it move on" *click*
Third one is my best work so far
"That is totally cool how did you do that?"
"Oh the computer calls in and we reach out to our customers"
"No I mean how did you do that when I have no computers"
"well someone in your household must have one"
"Just me living here"
"there *must* be a computer"
"Nope got rid of the blasted things I hate them"
It was most amusing the guy could not conceive that I did not own a computer.
So far my record for getting them stay online before they hangup is 7 mins.
You don't appear to care that your relatives have been kidnapped, you insensitive clod!
Hello valued customer. Remember last year when you called our help desk and then sat on hold for 25 minutes before hanging up?
We're very sorry about that and we're just now getting through our backlog and would like to fix your computer now...
or
Hello valued customer. With our brand-new AlwaysOnMonitoringTool (TM), we amazingly smart computer geeks in the cloud are able to see you are having some problems with your computer but we cannot see all of the problems and need some help getting in and fixing it....
I can easily see novices, grandmothers and wannabe CEOs falling for crap like that. Computing is magic to most people and if you don't sound like Voldemort, then you must be one of the good wizards.
In fairness, this has nothing at all to do with Microsoft, other than most people have it, and most people aren't really tech savvy.
This is just social engineering. Some guys calls up, claims to be from "tech support" or "the Windows Service Provider" and tells you a little techno-babble that sounds scary.
They don't actually have any information about you, and if pressed couldn't even tell you your IP address or even your name -- it's just a blanket approach.
But then they tell you to follow some steps to give them access to your computer, and they make some mumbling about how bad it is and attempt to either steal your files, or convince you that you need to buy some extra services.
A friends father in law got scammed with this a few years ago, and my friend was somewhat livid because he'd explicitly told them about such scams and to hang up on anybody who is telling you that. But people don't know that Microsoft doesn't really have your phone number and aren't monitoring your system.
If you know that 80% of everyone is running Windows, and most of them don't really have a good understanding of what's going on, all you think is some friendly guy is contacting you to solve problems you didn't even know you had. It's just like spam, hit enough people and some fraction will fall for it.
I've actually spent the last 5+ years explaining to my parents how to spot a scam, why they should never trust someone who calls them, and to be generally skeptical of such things. I've managed to turn my parents into somewhat skeptical, and a lot more street smart people by hammering home some of this stuff. But I had a great aunt who was a lot more trusting and got scammed several times.
And since every time someone tries to implement a Do Not Call list, the lobbyists cry "but what about our business model" and the protections get weakened to the point of being meaningless.
And since everyone can fake their phone number (which to me is a huge part of the problem) people see something on their call display and believe it. Which means some douchebag is whateverthefuckistan can call you and look like anything they want to, and the phone companies and the companies who believe it's their right to call you exploit that.
I've actually set my Panasonic cordless phone to say "Unknown caller id means hang up", "Private caller means hang up". I still get stuff that gets through (when you see a local number and hear a long distance ring) -- but I start out with the assumption that I don't trust incoming callers.
But getting everyone to understand how these scams work is hard. Getting people to overcome a belief that others are honest and good takes work.
Lost at C:>. Found at C.
I do technical support, but people have to come to me. I tell all my customers and potential customers that nobody cold-calls you, tells you they "have noticed" that your machine needs repair, and offers to do same. This is guaranteed to be a scam.
Other indications: A heavily accented voice saying: "Hello, my name is Frank and I am from The Microsoft and I am calling because we have noticed that your computer is infested with the viruses." I'm sorry, not only does nobody make that kind of call, nobody talks like that. (I have a friend who works at "The Microsoft", and he has decided he will henceforth be addressed as "The Frank"....) Like anything else these days, scam call centers are typically low paid foreign nationals with poor communication skills who are following a script. They do it this way because (a) the overhead is very low, and (b) it works, at least, often enough to be profitable.
These scams are not limited to fake tech support. I got a robocall a few weeks ago saying "This is a message from Chase bank. We regret to inform you that your Chase bank card has been frozen. To unlock your card, please press one to be connected to our security department". Obviously the helpful, heavily accented person you get when you press one will helpfully take your card number and identity, "unlock your card" and you'll have been robbed.
It's all the same type of scam. People sitting at card tables patiently calling number after number with the same, pre-written script, secure in the knowledge that there will be enough people who buy it to make their pimp happy and maybe they'll get a place to sleep that night.
Never give personal information to a cold call. Never believe anything you hear from a cold call. If you think it could be legit, conclude the call, look up the *real* number of whatever institution purports to have called you, and call them. Real institutions (even creditors) will understand when you insist on doing this. Do I really have to say, do *not* believe a cold call when they give you a number to call back.
Let's be careful out there.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Do the whole world a favor and keep these guys on the line as long as possible. While they are "helping" you, they're not scamming the vulnerable.
I find it's entertaining to talk to them as you imagine your 79 year old grandmother would. Inept but just able to do all that they ask ... after three or four tries.
"Just a minute, I need to start my computer. This might take awhile. I need to put the phone down, don't go away. OK, I'm back. Wait, I need to find my password. Hold on."
For the same reason spam is profitable, because 2% or so of people fall for it.
So you've got a whole large number of cheap labor, calling from VOIP lines overseas, who may or may not get told to fuck off 100 times each day. But the two who think you sound like you're legit, well, that's probably your quota anyway.
The economics of this doesn't mean you have a bunch of North Americans hanging around in a call center getting paid decent money. You have hundreds (or thousands) of people in a foreign country who have been coached to learn enough English who just call huge numbers of people and hope for even a modest rate of people falling for it.
Do you know why some of the time you get nobody on the phone? The computers dial a vast amount of numbers, and when one connects they direct to an available operator. There isn't always someone there to answer.
And that's why you can get the same call 10 times in a week. It's purely made up on volume.
After all these years, when my phone rings, unless I know the number, recognize the voice, or can reach a threshold at which I believe that it's a legitimate call (which requires you be able to provide me with information, not the other way around) -- I more or less start out half hostile on the phone. Because some months, as many as 95% of all incoming calls are just scams. At least, before I started blocking "Unknown" and "Private Caller" -- if you won't tell me who you are, I'm not answering.
Lost at C:>. Found at C.
Yes, on linux when things don't work, I just search for my problem on google, find some website with a "fix", and then enter that command that I don't understand with root privs......
I get sick of people and their "I'm not a computer person so it's not my fault" attitude. It's like getting in a car accident, taking your car to the shop, and then proudly declaring "I don't know how to drive!" to the mechanics. If random weirdo walks up to someone and says "You're sick! Bend over and let me give you this suppository!", are they going to do it? And then later say "I'm not a doctor, so how was I supposed to know?" It is beyond ridiculous in a world where computer use is such an integral part of everyday life.
Being a Microsoft customer isn't causing people to be targeted. The callers are posting as Microsoft technicians, making it relevant only to Microsoft customers.
There's a vast difference between the two.
I work for a fortune 500 that uses Unisys in India for our helpdesk. I had 2 outstanding requests with them when I came down with a cold and had to work from home for a few days. When a heavily accented Indian guy called my cell phone telling me he was calling from the helpdesk, and that I could go to logmein.com and he would remote in and take a look, it almost sounded legit.
This could easily have fooled someone since I had outstanding incidents, we use an Indian helpdesk, they do use logmein, and they do have my cell phone number (which they might actually use since I was not at my desk at work). The primary remaining tip-offs were: 1) They didn't know my incident number and 2) My requests were for hardware issues not software. But if I had a problem like being unable to login to Outlook or access a network share, I wouldn't have had much reason to distrust them.
We (my wife and I) haven't gotten a call in a while, but a month ago we were getting daily calls.
We would ask them questions about exactly what part of Microsoft they work for. We would ask them what their real name was and where were they really calling from. We would echo back everything that they said to us. We would note that we only have Mac and (other) Unix systems systems in the house and then give various takes on "how could you be getting warnings from our Windows computer when we have none here". At one point, we had a contest to see how long we could keep them on the line until they got frustrated and hung up.
We haven't gotten a call in over a month.
It's ongoing and it's also inaccurate to say "Microsoft's Customers" since it implies that these guys have a mailing list that they're using. I know a couple people who have gotten the call and they only have Macs. They're just moving from country to country and randomly calling anyone who will listen. I'm sure there are variations on the scam that adjust for specificity vs scope. For instance if I call and say I'm from Dell technical support and you're a Dell customer you're more likely to feel like it's true since they called you and knew you had a dell "how else would they know!". I'm actually pretty surprised that someone hasn't gone "all the way" and crafted the script to be like
"Hi, you called dell Technical Support a couple weeks ago and I'm following up to say that it appears that we didn't correctly resolve your issue."
The odds of getting someone who did call support in the last couple of weeks are low, but if you hit someone who did your chances of them believing you are very high.
I'd go one better and setup a VM running Windows 3.1
Come at me bro!
I am Bennett Haselton! I am Bennett Haselton!
A month or two ago, I was getting daily, sometimes twice-daily calls from these clowns in India. I told the first one that I knew it was a scam, and was even explaining exactly how the scam works, when I was interrupted with "I assure you this is not a scam" and practically being ordered to quit arguing and let him fix my PC.
Another time I told the guy "go fuck yourself", which was greeted with a long pause, and then "I'm sorry sir, I'm in an office right now and cannot do that here".
Another time I laid into the guy, lecturing him about being a criminal parasite, and a "worthless sack of shit" among other terms, and we got into this thing where I was cursing a blue streak while he said over and over, almost rhythmically, in that heavy Indian accent "shut up, shut up, you shut up, shut up, shut up, you shut up..."
Another time I asked the guy "do you like to fuck monkeys?", and when he responded with some confusion I explained "I was just wondering, since obviously your father fucked a monkey to make you", and then he just continued as though I had not just insulted him.
Really, it seems impossible to get these shit-filled monkey-fuckers to give up and hang up, no matter how badly you abuse them. But there is one thing I never had the patience to try... I'm not a Windows user, but I do have some Windows VMs, so I've thought that I should fire up a copy of one, follow their instructions, and when the hit me up for payment reply, "nah, instead I think I'll just delete the virtual machine we've been working in". Maybe that would actually piss them off enough to get them to hang up--you think?
I own a computer repair shop, so I see all the random junk at various times. I've had 3 computers come in with this; the first came in because "it had a virus that the Windows guys couldn't fix", and after I explained that "the Windows guys" are a fraud, she decided to bring in her other computer to have me remove their junk as well. The scammer had done A LOT to the computer, changing account permissions so that she coldn't do anything, giving themselves admin access in a separate account, then revoking hers, and had installed 3 different remote desktop applications. While I was looking at it, they connected to it without notice via TeamViewer. I just disconnected it fromt he internet, backed up her files, and wiped it; with how much they'd done, I didn't feel there was any way to be sure I'd gotten it all without starting from scratch. The 3rd was a friend of my mom's; she had falled for the scam and paid $300, then about a month later she saw a bunch of fraudulent charges on her credit card so she cancelled it and got a new number; about a wee later, she got another call from the scammers, telling her that because she uses her computer for games and watching videos, she had to pay another $500 and they would give her extra protection. Thankfully, at that point, she realized they were scammers (she's a little old lady who uses it for email and nothing else, and has no idea how to play any games, or even what YouTube is), and brought the computer to me. The interesting thing is that the scammers had not done as much to her PC as they had to the other customer, which leads me to think that they don't have an automated script, but manually change settings on the computer. That means a lot of time and effort for each mark.