Slashdot Mirror
TechCentral Scams Call Center Scammers
An anonymous reader writes "At TechCentral, we get on average called at least once a week — sometimes far more often — by a friendly sounding Indian national warning us that our Windows computer is infected with a virus. The call, which originates from a call centre, follows exactly the same script every time. Usually we shrug them off and put the phone down, but this week we thought we'd humour them to find out how they operate. As this week's call came in, the first thing the "operator" at the other end of the line tried to establish was who was owner of the Windows computer in the household. I'd taken the call. It was time to have some fun. I told the scammer that I was the PC owner. He proceeded to introduce himself as "John Connor." I laughed quietly as I imagined Arnold Schwarzenegger's Terminator hunting down this scamster in the streets of Calcutta. Perhaps he should have come up with a more convincing name."
It's not harmless stringing them along like that. What you're really doing is giving them invaluable experience and training in responding to people who might simply be on the cusp of getting taken.
I kept the guy online, playing dumb, for about 15 minutes, until he finally gave up and told me to call Microsoft.
At which point, I asked him if I should tell them I was running Linux.
His reaction was priceless...and unprintable!
All the best scams make you feel as though they are helping you... Also, there are greater quantities of users who lack the standard knowledge to be able to see through these. That's the problem with making computing so main stream... it dilutes the depth of knowledge of the system.
I told him I needed to know which of the 8 PCs in the room he wanted me to turn on. He replied "your Windows computer, sir". I reiterated that I needed him to tell me WHICH one of the 8 Windows computers in the room he wanted me to turn on. He went silent - he had no answer for it and he hung up.
This article isn't particularly well done, their scam of the scammers was extremely limited and provided little to no additional information on this well known fraud. They also fail to realize that many of the people that work in these calls centers believe they are working valid jobs to some degree or another. They don't realize what they are doing is outright fraud and malicious (in some cases).
Is this the weekly article about people who decide to "take the call" and "investigate" and "make fun of the scammers" ?
We've seen this MANY times...
I was taking my boys out bowling last summer when I got a call from my father telling me that "Windows" had called him and told him his computer was infected with a virus. I immediately told him it was a scam and to just hang up. At first, he didn't want to "just in case they were telling the truth", but he eventually hung up on them. They had gotten him to go to a website but not run a program. I told him that even opening a website could infect him and to treat his computer as if it was infected. Later, when I examined the website and his computer, I concluded that the website was a simple page that linked to remote access tools. These were perfectly valid tools (e.g. TeamViewer) from the company's own servers, but obviously being used for nefarious purposes. Running these tools themselves wouldn't have been a problem - except for the scammer on the other end of the connection. The fact that he stopped short of running their tool saved him.
The same scammers (or others running the same scam) called him back a few times since. My dad might not be the most computer savvy, but he does learn. He's not going to fall for the same thing twice and now that he knows it's a scam he berates the person for a few seconds before hanging up on them.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
This is the most boring story ever. "I talked to him, gave him access to a clean computer with nothing of value and yanked the network connection before they did anything". I've had more fun and entertainment myself, such as them getting autodisconnected at their end after 15 minutes and then calling back to be strung along a while longer as I had them wait for my computer to boot or for me to answer the door etc. I even got escalated once because their script wasn't working, but I was bored by that stage so when the "supervisor" finally asked if I was using Windows or OSX and I told him it was Linux he just hung up.
"This scam can have serious repercussions, but considering the frequency of calls we get in the office, those behind it must have a reasonably high success rate."
Thats the problem here, the reason these scams are so common is because they dont need a high success rate. If their success rate is only 1% its still worth doing.
The author is overselling himself. You haven't scammed a scammer until you've got them to send a bag man from Nigeria to a remote Scottish Island to collect your investment in cash.
2-3 times per week usually its for SEO placement in google. I accept the call and wait for the person to start talking. Just as they do I say "Google Canada, how may I help you?" Then usally I hear "What" "Ummm" "Shuffle" and a "Sorry what was that" and I say "You reached Google Canada, how may I help you"? Then slience.... and they hang up fast
A few times ago the girl sound hot so I decided to be nasty. I said "Hold on let me ask you this. Do you take it in the ass?" There some silence there. So I say "So I can assume that since you haven't hung up yet that, that is a yes?" I can hear people in the background as she still hasn't hung up the phone whlle I proceeded to tell her I'll buy the service if she takes it in the ass. After a bit she hung up.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
And wasted their time. Told them I have Linux, they handed the phone to the tier 2 tech, still didn't know what Linux was but insisted my PC had a windows virus. They never called back after the next trick I pulled on them.
I had one of these fookers once and decided to have a little bit of fun. I played myself off as an absolutely dumb user with very, very short term memory and kept asking the representative to repeat himself. I strung them along for 30 minutes before finally revealing that I was using Linux. I got yelled at and then they slammed the phone down. I hate these pond scum predators.
It's called International Wire Fraud, report it to the FEDs as well as your local phone company to have that number (or block of numbers) blocked.
and you fucked it up
you aren't getting contacted by a Nigerian 411 scammer with some dead relative or something or other and trying to deposit a magical sum of money in your account.
and therefore i know there's no viruses.
at this point in time is when i loudly tell the scammer to do horrible things to their family members.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
In my experience, most do 'semi' legitimate work, using normal tools for disinfection and optimization. These tools are things like hitman, MBAM, ccleaner, etc. Unfortunately, the techs do not seem very skilled, sometines causing damage, and more importantly they lie in a very convincing confidence game to get payment info and perform service. While I have yet to see anyone have extra fraudulent charges placed on them, the initial bill is fradulent given that the work never needed to be performed.
Also, if these "services" are so unethical as to lie to get you to pay, it is a small step to later using that payment information or selling it to third parties.
The worst one I saw is from a personal friend who called one of these services for assistance, paid 300 dollars for 3 years of remote assistance. One onthe to the day later, another company cold called him (he thought it was the first company). He allowed them remote access, and then when they wanted payment and he realized it was not the first company he asked them to disconnect. He was emotional and turned off his surge protector when they became pressuring and refused to disconnect. He left the room failing to realize it was a laptop and still on. The 'tech' then proceeded to delete most of the recently dated files in his user profile. These were very important files, and I was only able to recover about 85% with file recovery tools.
Unfortunately all these companies need to operate is a phone number and a simple VOIP system..maybe a quick templated website and domain. They can be set up in a very quick time, and exist outside of any willing jurisdiction to fight them. Education is the ONLY way at this time.
Silence is a state of mime.
Best way to annoy these guys is get them to call my grandma. She has 15 year old computer with 64MB ram that somehow runs xp. It literally takes 10 minutes to boot the pc. She also barely knows how to turn on the monitor. These guys were talking to my grandma for about 50 minutes when finally she said "maybe you should talk to my grandson he is in IT support", they promptly hung up after that.
She asked me if it was legit I said no, never ever listen to what these guys say because they will try to scam you and get your money. Unfortunetly sometimes she has a bad memory and 2 years later she fell to the exact same scam. I got her to call her credit card company to halt/cancel any payments, and I told her to buy a new pc because there was no way in hell I was reformatting a 64MB xp box. It took me over 2 hours just to backup documents.
A frustrating friend of mine who periodically calls me for computer help but will argue with any help I offer got nailed by one of these guys. Except that he argued with them the whole time and wouldn't follow their instructions. The only thing that ended up being changed was that he deleted his browser icon from his desktop.
agreed, this belongs on Redit or another similar place.
happy trials
LOL https://www.youtube.com/watch?...
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
A co-worker of mine told me that he called Netgear tech support for some help setting up a wireless router and his call got routed to these guys, or people almost exactly like them. From the description of the call, it looks/sounds like the exact same script/ploy. They asked him to run some command and said that the results of that command indicated that he had vulnerabilities on his machine. They'd need to remote in to install some stuff. He didn't fall for that last part, thankfully!
It's absolutely insane that a call to a well-known company's tech support line is getting sent to a scam like this. Yay outsourcing!
I usually get 1 of these calls per month.
I like to see how long it takes before they swear at me and hang up.
One time i started the conversation with "I like pie", and spent the next 20 minutes telling this guy about all the pies i have eaten in my life.
My favorite of all time was a lady with a very attractive voice. Every time she told me to do something, i made up a bullshit error message. She was sounding very confused when she finally asked me what version of windows i was using and i told her windows 19.
She tried to explain to me that the latest version of windows was windows 7, but about halfway through my story about how i wanted a very fast computer, so i built a time machine to go buy a new computer in the future, she started using some very colorful language, including a few words that i have never heard before, and i can swear in 17 languages.
Every time i get bored, i watch the phone and hope for another call from them.
Death has been proven to be 99% fatal in lab rats.
Here's some more interesting and informative articles, even:
https://blog.malwarebytes.org/...
http://arstechnica.com/tech-po...
http://www.howtogeek.com/18051...
These scumbags have a knack for calling seniors - old people - with great accuracy.
I'd like to know how they are getting the names and numbers.
Is AARP selling them a list of people and phone numbers? Everyone who has been hit by this are also AARP members; which isn't much of a correlation but what other organization would sell this information?
Are they somehow getting Social Security or Medicare lists?
Who is supplying the telephone numbers?
Here is a 419 (Nigerian scam) back-and-forth. It is quite a bit funnier...
This scam can have serious repercussions
Yes and thats why no one should do it. aside from dicking around with foreign scammers you're also making a very bold assumption that theyre not part of an organized criminal syndicate capable of learning from this mistake, gathering more information about you, and directly targeting you or your family members for not only clowning around with them, but publishing an article on the hubris of your interation. Antispam researchers are absolutely familiar with everything from death threats to kilos of drugs and explosives mailed to their personal address.
Good people go to bed earlier.
I know noone does, but seriously?
They didn't scam anyone back. They played along, then chickened out before the scammer could do anything bad - not even wasting his time in the process.
What the fuck is that? Clickbait, that's what.
The trouble is how to hit back at them. Normally the most that you can do is to waste their time & phone bill -- but your time is more precious than that. I wanted to try to get some of them to stop scamming and, to a limited extent, succeeded.
I had a phone call from one of these crooks claiming to be from Microsoft security center trying to tell me about a problem on my MS Windows machine (I run 100% Linux). After a few seconds I interrupted him and asked him if he was a religious man. He was puzzled and, after a couple of prompts, said 'yes'.
I told him that I was worried about his eternal soul ending up burning in the fires of hell because he was trying to steal money from people while he was alive. I asked if it was really worth it spending billions of years burning in hell for the sake of making some money in the few short years that he is alive. None of us is alive for many years compared to the billions of years in heaven or hell after we die.
I asked him to think about it before he went to sleep tonight. Where did he want to spend eternity ? Should he be doing the job that he is doing ? Is it worth it ? How will he be judged by God ? He was by now sounding a very different man from the one who started the 'phone call a few minutes earlier. Thanked me for being concerned about him. The call continued for another minute or so, me laying the eternity bit on very thick. Him getting quieter, before quietly thanking me again before the call ended.
I don't know what long term effect this will have on him, but hopefully he will decide that he ought to get another job. I did this a few times, some just laughed, then I got bored with the game.
What happens if they end calling the cops, FBI, power plants, ECT Will they be tracked down?
He proceeded to introduce himself as "John Connor." I laughed quietly
It's part of the scam. Disarming misdirection. For a while, part of you was favorably disposed toward the scammer and you were thinking about the ridiculous name instead of screaming in your head "This is a SCAM!".
http://itslenny.com/
.
Prisencolinensinainciusol. Ol Rait!
He asked if I owned a computer, so I said "You tell me" and he hung up.
I know two elderly people, both bilked out of $300. I see dozens of stories in this thread about how so many of us have been called and how you like to string them along and frustrate them. I've been called at least a dozen times. We need something other than just frustration to battle them. How can we prepare tools and tactics to respond and try to stop this?
If they haven't told you how much it is going to cost you, then you can always just use a visa gift card with a fixed amount on it of, say, $10 or so.... Of course, any purchase amount over the limit will be promptly declined, and it cannot actually impact your own credit score.
It should read "TechCentral almost got scammed by call center scammers". He had to pull the plug on the wireless router to disconnect the scammer.
I always tell them, in tones of fearful concern, that my brother, who lives next door, is a forensic technician for the Attorney General's CID, and ask them to hang on the line while I get him to come over and collaborate with their highly trained security professionals to repair this alarmingly dangerous breach. More fun than blistering the ears of the 10th sleazeball bill collector in a row asking for a post-dated check to pay the same 15 year old bill disputed with somebody else. Ends the phone call quicker, too.
If you converse with these people, never utter the word "yes" to them, especially if they want to "confirm" your CC#. Especially if they already have it. Audio editing is even easier than photoshopping.
Best thing to do, though, is just hang up.
Normally those do not hear what you read. And so no problem. Different thing is if you are looking "pictures" of those and children sees your screen.
I wonder if banks have some sort of honeypot credit card numbers, which one could give to a known scammer to help catch them in the act. I clearly have no idea what I'm talking about, but there ought to be some way to turn the tables on the scammers here. (And yes, I've heard about the elaborate ways people have trolled 419 scammers, I'm thinking of something a little less time-consuming.)
These scammers also have web pages that offer "AOL technical support," "PC technical support," and so on, with 800 numbers prominently listed. So if an un-aware person (like my Aunt . . . ) hunts for help via Google they'll often end up getting in touch with these jerks.
I have a couple of variant responses worked out:
"So, in India, do they use the term 'con artist' or 'confidence trickster'?"
"So, does your mother know what you do for a living? Did she teach you to be a crook or did you go bad on your own?"
"Sorry, I only have Linux machines. I don't think you'll know how to fuck them up."
"Oh, good, I was waiting for your call. Let me go to the server room and pick up there."
"Oh, good, I was wondering what was happening. Let me turn the computer on." (Put down receiver, wait.)
i received a few of these calls and had some fun. one time there was a girl trying to help me and i played along downloading the client. but during that i stalled the whole time waiting for the download to complete. I kept having to tell her that I had only a dial up modem and the download was really slow. I would update her on the status of the download with slowly increment percentages.
The scams also try and use any of the available remote desktop solutions that exist. One site caught onto them using their software and put up a warning that this was happening.
Oh, what really messes with them is when I try to explain that I was using Linux the whole time.
Last century, I worked for a magazine sales company that did telephone soliciting. We loved it when people slammed down the phone because it meant no wasted time. The worst was when someone wanted to chat. One time a kid answered the phone and I asked for the dad. She said, "He's out in the garage under the car" and ran off to fetch him. It was a dillemma what to do next. Hang up? wait?. Another time the person on the other end kept repeating only the word yes during my sales pitch and then 5 minutes in switched to "can you please speak chinese". Even when I said "goodbye".
These days, I tell them I'm really glad they called and I need to move to the phone by the computer so I can purchase what they are selling. Then I set the phone down and go about what I was doing.
Some drink at the fountain of knowledge. Others just gargle.
I'm not surprised that these scams work. People will readily give their bank and credit card details to random strangers in the street, with clipboards, and wearing colourful vests with logos on, who claim to be collecting subscriptions for charities. How do you find out if they're legit?
I took a call from one of these guys.
I happened to have a VM I use for testing up and running and I snapshotted it and figured I'd follow along with him just to see what he wanted done. This VM is on its own VLAN and behind its own firewall and public IP, but I kind of got cold feet about creds that could be on the machine or connectivity to my production LAN so I stopped before anything got installed (and I reverted to the snapshot, too).
Anyway, after I quit playing along I started to gently question who he said he was and the guy became really abusive and threatening, like he was going to save up for a plane ticket to fly to the US and beat me up or something if I didn't keep going. I was really kind of surprised at how far he took it.
At that point I figured dishing it out was fine, so I went full-on nasty with him and again I was surprised at his willingness to keep it up, especially considering I was pretty harsh.
Just a reminder that scambaiting sites are generaly NSFW. Some have explicit phontos and situations, and some simply due to the race isses. I got in trouble mentioning a 419 scam at work because it disparages a non white race only due to the country with the 419 Penal Code in the name of the scam.
Save scambaiting for off work hours if your complany is super PC sensitive. Do study the scams to prevent being a victim. Do educate your co-workers against Advance Fee Fraud. Don't call it 419 or mention Nigerian law. That could be a PC issue at work.
The truth shall set you free!
The best revenge I heard was someone spinning up a VM of Windows 7, and having 2 folders on it: Personal, and Finances. The Finance folder was full of infected files, while Personal had some very nasty porn. Then he let the scammers get access to the VM, and watched them donwload the files.
Windows is on its way out, and soon everyone will be using a Mobile OS -- the scammers will IM you and claim they need to connect to your tablet or phone to remove malware.
Or have I just come up with the next great thing(tm)?
If telephones are outlawed, then only outlaws will have telephones.
A while back I tried to turn the tables on a scammer who royally pissed me off.
I posted an ad looking for a roomate and I got interest from someone claiming to be relocating from spain with moving costs paid by her company. Sounded good to me....after a quick exchange I took down my ad and a day later got the bad news "I will be sending a money order, can you cash it and forward on the difference too...."
I immediately recognized the scam and put my ad back up, but I was mad.
So I said "Sure sounds good".... the money order came, I said "never got it, when is it coming?"....got another one.... then I decided to have fun with it.... I sent a url for some pictures on my webserver and asked questions that would requiore looking at them to answer...about the room of course.... soon as I had an IP, I looked it up and told "her"
"I have seen better fakes, you wont fool me" I told "her" and that I knew she was somewhere outside Lagos Nigeria. Suddenly she admitted to being a he, and had a new tune.... he was trying to recruit me. Too easy.
Pretty quickly it shaped up what he wanted...someone with a US addrss to remail packages. I would get a package of papers to send out, all I had to do was put them in envelopes, slap postage on, and that would be $500 for me, each time.
So I figured....no way I am helping this scammer who tried to scam me, but, lets see if I can scam him out of $500 by getting him to pay up front. He mentioned counterfit bills, so I was like yes, cool, I will take counterfit bills, then I can report you directly to the Secret Service oooh fun.....
in the end we could never work out a deal that sounded good to him and I was willing to burn him on so, it never happened. Oh well.....
"I opened my eyes, and everything went dark again"
They did, won't tell you how. Hint... it's up the post a bit.
I guess I should save some of those used gift cards instead of tossing them. This sounds like a great idea.
Time to offend someone
50s, as in, in her fifties, not 50's. Will you Germans NEVER learn!
Me: "Does your mother know you are an Internet scam artist for a living?"
-click-
I am not interested in articles about life extension advancements.
Sometimes I ask them which specific machine they have in mind, as there are several. That usually addles them fairly well. Alternately, I tell them all our machines run Linux.
My collage roommates friend from what I am told did something similar quite often, when he received a call from a telemarketer/scammer he would sometimes make a game out of small talking them until they hung up on him, I think the record was about 45 minutes. Not exactly a good use of ones time but I suppose you could do a lot worse.
I never get these calls, so I miss out on the fun. Just as well - I am pretty busy, so I don't have a lot of time for hijinks..
Tell them that the only way you will pay is if they take Bitcoins. Hmm, they might actually take that. Maybe Dogecoins instead.
Is a national different from a citizen? I know the difference between a legal alien/immigrant and citizen but not national. Guess I'm confused because I haven't heard of an American National before.
If you converse with these people, never utter the word "yes" to them, especially if they want to "confirm" your CC#. Especially if they already have it. Audio editing is even easier than photoshopping.
Agreed. Unfortunately, many older people answer their phones with "Yes?" Then the scammer can just hang up and go hog wild.
So that would include getting married.
talk about his mother
they come completely unglued when you describe the things you do with their mother
if his calls were monitored the things he said to a potential customer/victim should get him fired
I had a Nigerian coworker who was stunned (nearly offended) to find out that the rest of the world refers to it as a 419 scam. She then showed me a video of a crowd of people stoning an accused thief to death, while the police watched unable to stop it. So.... I guess she didn't call HR on me. :-)
My brother and I have used the Seinfeld approach for years. Its extremely fun and can lead to a person begging for you to stop. For those who have never seen the episode it goes like this: Scammer calls: Hello Sir, I'd like to talk to you about X Me: Oh man I am SOOO glad you called I am REALLY interested in hearing more about X but right now is not a good time. Can I get your name and home phone number and I'll call you back? Scammer: I'm sorry I can't do that. Me: oh why not? You don't want people calling and bother you at home while your trying to eat or spend time with your family? Scammer: Yes Me: Well now you know how I feel *Click One possible twist is that they actually give you their number (VERY rare). My brother was able to do this with a guy. He proceeded to call him relentlessly at all hours of the day. Leading to the man begging my brother to stop calling. It was a nice piece of justice even if in a small way.
We received one of these calls a couple of months ago. My wife answered, and told them to speak to me. She handed me the phone, but I had no idea who it was when I said, "Hello?"
... but that's where the thought came from. So I just accused him of doing drugs and calling people. I figured the call would end quite abruptly, but it didn't. He said he wasn't doing drugs, and then almost apologized, fumbling all over himself. Now the call intrigued me.
All I can say is, when I heard the line about "I am calling you from Windows", I got angry. I figured you'd have to be doing drugs to believe that I would fall for this scam. Of course, HE didn't know that
"Yes you are. I know when someone is doing drugs and talking on the phone! And you sir, are doing drugs, and that is illegal!"
"Oh no sir, I am not doing that."
"Do you think I am lying to you!?!? I know what I'm talking about. How would your mother feel if she knew you were doing drugs!?"
"She would not like that."
"Well, do I have to call her? I will you know. I will call your mother and tell her that you are doing drugs and making phone calls for Windows!"
"Oh no sir, don't do that.
Really dude? At this point my wife is beginning to slide on to the floor. Anyway, I told him never to call me again and I hung up. Call didn't last a full minute, but it was absolutely hilarious. Never got a return call either.
Lou
I came across a guy who used his own customised audio responses to lead one of these callers down the garden path, he even told them up front "This is a recorded message"
Any one point me in the direction where I can listen to this?
I don't believe it. Indians stealing money from white people? Never!
I cant believe more people aren't pointing out how potentially dangerous what the TechCrunch author, Regardt van der Berg, did was. He gave a potential unknown attacker a beachhead inside the TechCentral network, even if only for a few minutes. That is long enough for someone to potentially have compromised other machines on the network.
The article says: "We have a spare PC in the TechCentral office that has been newly installed and that contains no personal information. I used this machine for the next part of the ploy. I installed the Support.me application and provided "John" with the access details. ... Because I did not furnish my PayPal or credit card details, the scammers turned nasty and proceeded to my documents folder. I saw the engineer poking around in some folders, but I promptly disconnected the office Wi-Fi connection. After some research, I found out that they'll delete system files and users' personal documents. Fortunately, I disconnected before they managed to delete files on the dummy PC -- not that there was anything of value for them to delete."
At that point, regardless of what was done to that specific PC, they have to assume the attacker could compromise every machine on their network by exploits launched immediately from that machine in the background at all other computers on the network, like through potentially zero-day exploits such as for unpatched Microsoft issues relating to local workgroup file sharing or other services. They cant assume they knew everything the attackers were doing. That's why it's been said that firewalls, like some lollipops, are "crunchy on the outside and chewy in the middle". The article author does not say he re-imaged the PC either. Granted, his informative article that may help many other potential victims was maybe worth the risk, but he should at least make clear to his readership what those risks are and that he understood them and accepted them on behalf of helping his readership.
Contrast with what your setup, where the VM was on its own virtual LAN and so presumably could not get to other machines on your local network. And as a snapshotted VM, you can easily roll it back. Still, if you had installed software, how risky that was would also depend on the exact network configuration and how that VM's VLAN interacts with your gateway to the internet -- as in whether the VLAN to gateway interface via whatever virtualization software you were using was set up like guest networking with isolation from other guests. One mistake somewhere in configuration (or even with no mistakes and buggy virtualization software), and your production network could have been compromised. And as you said, there could be credentials on a test machine like SSH keys and such. You did the right thing by not installing anything.
Granted, it doesn't sound like these examples of scammers are doing internal network attacks, but you never can know for sure what they really intend...
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
You should have introduced yourself as Robert Patrick. To save yourself the trouble next time I suggest upgrading your phone to the T-Mobile 1000 package, they offer protection that never stops.
your IP address, your tablet, and your Prius!
Yeah, I never got to the installation phase of anything because as you say I began to worry about what MIGHT get installed as this VM can get to my production network. They are on separate subnets but not for security reasons; I run this VM for connecting to client systems when they want VPN software installed, which is why it has its own unique public IP. A dumb subnet scanner wouldn't hurt, but something smart might.
I am tempted to spin up a special VM on a totally isolated VLAN with connectivity to anything but a dedicated firewall which would pick up a NAT address from the cable modem (and thus not compromise any of my statics, I think it gets NAT'd to my static range gateway address). I'd probably skip the snapshot and just set the disk to independent/non persistent so changes would be long-term impossible between boots.
It's still not perfect, there are potential security risks in the hypervisor, but a patched ESXi 5.5 doesn't scare me like an OS hosted hypervisor would.
What they did was crazy -- access to a live PC on their internal network? What do you bet there were cached admin credentials on it from cloning or initial setup, too.
Had them troubleshooting my imaginary Commodore 64 while I was shopping with the spouse. :)
They kept asking me if I saw the "Windows Key" and I kept saying that it looked like a C key.
They thought I might have a weird keyboard and asked what brand it was, "Commodore 64".
Finally, they asked me what was on the screen, so I rattled off the boot screen text from memory and told them that I had a flashing cursor.
At this point they wanted to know if I could connect to the Internet, so I informed them that the Commodore 64 was never designed for the Internet.
If there was a way to take over the TeamViewer client they use to login to your box, and get "reversal of control"..... Might be the most cost effective way to shut these guys down.
so why has it not been shut down by the FBI if it is a front for criminals?
Even if he had spelled it right it still would have been a complete fuckup of a post.
Years ago I had a counter scripts for the common scam script. Does anyone have a site with some that fit the current scams?
There is also chance that something was dropped on the network drivers and often data can be deleted from those networks drives by domain connected computer (if that is being used, as I assume is the normal set-up in those environments). It is not only stupid, it is highly dangerous. It should never be done and as you say, this type of stunt should only done in VM, but I recommend only on VM using Linux or *BSD as host Os for added security (where it is possible to run the whole thing inside an choort for added security). It would also be more added security to have that computer on its own LAN (own gateway and so on) disconnected from every other computer in the house.
As for the VM, drop some extra viruses in it in zip files or something that might get the scammers to copy it to there own network and let it burn to the ground in the IT sense of the word. They at least are never going to call you back after that.
I have received this type of call, but I don't have zombie VM with Windows XP or a secure set-up at the moment. So I just hang up on them when they call me.
Fire up your VM and let them connect to it. Get the IP address of their internet connection. Inform the appropriate authorities Watch their internet connection go "away".
N/t
They seriously make my blood boil.. worthless shites. Especially those that pretend to be educated, become a partner and hassle the fuck out of you to solve their problems when they can't even operate a mouse.
Why can't the US find some excuse to bomb the shit out of them and solve many problems in one go ?
I've had them call my parents before and sadly my mother let them on. My parents of course, had me setup my own remote connection to the PC long before so that I can help with technical problems easily. So the scammer happened to actively be on the computer system still, as I was called after the call ended with the scammer, as they were trying to get money from my parents, which most definitely not about to occur. Anyway, I connected in and naturally the scammer didn't disconnect. We exchanged a few words of bravado while he tried to tell me he had more control of the system than I did. As to which I ensured I got the last word in before dropping his ass into oblivion, because, yeah, no. I think not. His shitty little service were one of those if you move the mouse he loses control, and my remote program didn't have that functionality. I assure you fun ensued prior to me disconnecting him. Wish these folks were local, I'd like to do bad things to them.
It is very doubtful these were Netgear or HP, the scammar lie when they call and claim to be from all sorts of Companies, I've had them claim to be Microsoft, BT and Google.
If you type practically any brand name plus the word support or help into search engines you get the adverts for these scammers at the top of the results.
Try it, it works for "HP Printer Support" and "Netgear Router Support" in Google. Moving the adverts from the right to the top of the organic search result list has just played into these scammers hands.
"John Connor"... indeed... a Terminator SHOULD hunt down them marble mouth scum drippings... If I answer the phone and hear one of those sing song marble mouth's , I just hang up immediately.
I got one call telling me the woman on the phone was calling from Microsoft, and there was a problem with my computer ... and I was too tired/bored to bother, so announcted "I use Linux".
Her response was shocking: she apologised for wasting my time and hung up!
I was stunned to say the least.
Don't blame me, it's usually 2 in the morning when I post
I tell them I have several computers, and ask them to please give me the IP address of the problem machine that they have magically detected.
*Click*
Makes me want to start a reverse scamming scheme. Call people up and try and get remote access, if you succeed completely disable their internet access. Bonus points if you can burn out their network card to make the fix permanent.
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
Same experience here. Needed help with my router, and got diverted to "support engineers" who wanted to charge me money ($50, IIRC) to remotely detect and fix the problem. They told me there was no other alternative except to buy a new router.
So my expensive Netgear router was a piece of worthless junk in a couple of years. Needless to say, I won't be buying anything else from them.
I live in the Netherlands and have received the last few months more than a dozen phone calls from abroad of people telling me there's something wrong with the computer and they want to help me to get it solved. ;-)
Usually they tell me they're from Microsoft. Obviously I do not follow their instructions.
Although they speak fairly good English, I can hear they have an accent that sounds like coming from India. Before they open their mouth I already know it's them, due to the noise of their calling environment, which always precedes their voice. Since I really get bored with these calls, lately I answer in Dutch and tell them that I don't speak English. Then they end the call within a few seconds without any further comment.
I guess there are no computer problems for people who can't speak English in this world.