Turning the Tables On "Phone Tech Support" Scammers

← Back to Stories (view on slashdot.org)

Turning the Tables On "Phone Tech Support" Scammers

Posted by timothy on Friday September 12, 2014 @12:52AM from the mouthwatering-shadenfreude dept.

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

14 of 210 comments (clear)

Min score:

Reason:

Sort:

External IP by tomhath · 2014-09-12 00:55 · Score: 5, Insightful

Providing your own IP address to a criminal so you can trash their computer just doesn't sound like a good plan to me.
1. Re:External IP by Noryungi · 2014-09-12 01:01 · Score: 5, Insightful
  
  ... Depends if your IP address is dynamic or not. In my case, all I have to do is reset the DSL modem/router and, presto ! New IP!
  I am more concerned about the legality of it. Running a live exploit on their network may make some ISPs fidgety. Also not sure about the position of law enforcement agencies...
  
  --
  The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
2. Re:External IP by Luthair · 2014-09-12 02:00 · Score: 4, Insightful
  
  I'm not advocating for it, but one assumes it would be pretty unlikely they'd complain to anyone. They probably aren't in the same country and they are engaged in a variety of illegal activities.
Love reading about it by gnasher719 · 2014-09-12 01:03 · Score: 2, Insightful

I will love reading about anyone who managed to destroy a call centre of these scammers and get them out of business.

Myself, I would fear bad legal consequences if I did it, because hacking into their computers isn't going to be legal just because they are scammers.

Now telling them that you just hacked into their computers and asking them to open log files to show evidence, that would be fun.
1. Re:Love reading about it by stealth_finger · 2014-09-12 01:36 · Score: 4, Insightful
  
  I will love reading about anyone who managed to destroy a call centre of these scammers and get them out of business. Myself, I would fear bad legal consequences if I did it, because hacking into their computers isn't going to be legal just because they are scammers. Now telling them that you just hacked into their computers and asking them to open log files to show evidence, that would be fun.
  There's not really anything they can do apart from try to get revenge on your machine. "Hi international police, well we we're trying to scam this guy and he somehow managed to switch the flip and gutted our entire organisation........please stop laughing"
  
  --
  Wanna buy a shirt?
  https://www.redbubble.com/people/stealthfinger/shop?asc=u
How about by BringsApples · 2014-09-12 01:09 · Score: 4, Insightful

THEM: Hi this is Microsoft and...
US: hang up

Done. Fuck this war.

--
Politics; n. : A religion whereby man is god.
1. Re:How about by Anonymous Coward · 2014-09-12 01:54 · Score: 4, Insightful
  
  I managed over an hour and a half the other day. I had to look up the different messages from Windows XP from online help pages. Basically imagine you are really really clueless but you have an IT expert son who has set up your Windows computer so you don't have the administrative privilages to do yourself any damage and all running of hacking software is blocked by some obscure anti-malware software that you don't understand yourself. It also helps if you are too clueless to use your mobile phone at the same time as typing on the computer.
  You should manage to do at least 10 minutes of mindless work between each time you talk to them.
  Never admit you are scamming them; the aim is to teach them to hang up on truely clueless people themselves depriving them of some of their most important audience.
2. Re:How about by gstoddart · 2014-09-12 03:02 · Score: 4, Insightful
  
  Finally told him I had to go pick up my daughter and that I'd been screwing with him. He called me a "miserable son of a bitch" and hung up.
  You know, the amazing thing is they feel they have a right to be angry.
  Dude, you called me with the express intent of scamming me ... you seriously expect me to treat you like a human being?
  I don't think so.
  
  --
  Lost at C:>. Found at C.
3. Re:How about by CohibaVancouver · 2014-09-12 04:06 · Score: 2, Insightful
  
  You know, the amazing thing is they feel they have a right to be angry.
  You're using a western mindset.
  
  He's some impoverished guy in India desperate to make a few rupees from someone who, in his eyes, is very wealthy.
  
  The 'wealthy' person has wasted his time, so he's angry. His 'boss' will probably yell at him for being unsuccessful, so he's angry.
  
  It's not cut-and-dry like you might think.
4. Re:How about by BringsApples · 2014-09-12 04:07 · Score: 2, Insightful
  
  Never admit you are scamming them
  How are you scamming them?
  
  the aim is to teach them to hang up on truely clueless people themselves depriving them of some of their most important audience
  Again, I don't get it. What are you teaching them? To hang up on true suckers? Silly, that's what they're after.
  
  If everyone would just accept that it's impossible to 'get a call from microsoft out of the blue' or any other 'I'm just calling to help you' bullshit, then this whole thing would end. So rather than spend 30, 40, or 50 minutes on the phone, "scamming" these people, spend 10 or 15 minutes calling all of your friends and family that would probably be scammed, let them know what's happening, and go back to your regular day, then the world can proceed. But it's your own time, do as you wish. Thinking about it in the same terms that advertisers do, however, you will find that giving them (the scammers) your attention (your time) will probably only make them feel that it's working, and worth the troubles of calling another potential candidate.
  
  --
  Politics; n. : A religion whereby man is god.
5. Re:How about by gstoddart · 2014-09-12 04:53 · Score: 5, Insightful
  
  You're using a western mindset.
  He's some impoverished guy in India desperate to make a few rupees from someone who, in his eyes, is very wealthy.
  Well, that's NMFP ... he knows damned well that what he's doing is illegal, and would have no sympathy for me if I fell victim. He is certainly aware of the fact that he's not offering me a useful service. You couldn't possibly train someone to do that scam without explaining it to them.
  So, he may well have convinced himself that there's no harm if he scams us a little.
  But, I don't actually give a crap about his feelings.
  If what he's doing is so noble and justified, call someone in India, see if they are interested.
  From me, he gets a big "fuck off".
  If he's expecting me to say "oh, gee, the poor cute little Indian is just trying to make a buck", he's sadly mistaken, and should expect the kind of animosity he gets.
  
  --
  Lost at C:>. Found at C.
Re:What spam calls? by Scutter · 2014-09-12 02:04 · Score: 4, Insightful

Scammers, by definition, do not follow the law. What makes you think they'd concern themselves with something as petty as a Do No call law?
And yes, you should consider yourself lucky. These kinds of calls are becoming more frequent and MUCH more aggressive. I had one scammer call me back over a hundred times in one day when I hung up on him. I eventually just routed all incoming calls to my fax machine.

--

"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
What Microsoft could do by Jesrad · 2014-09-12 02:11 · Score: 3, Insightful

One thing Microsoft could do easily and cheaply, which would eventually end this "Calling you from Windows and you have a virus" scam, is to have a short mention about this being a scam on the front page of their website. A single sentence would suffice.
When you get called by the indian call center employee, who for most of them believe they are working for a legitimate business, mention how the caller is NOT really affiliated with Microsoft because their website say it's a scam. "See for yourself !" and hang up.
The actual pirates can probably not do the mass phone call themselves and still rack up enough money, which is why they hire call centres to do it for them, and why they also take precautions to show them some pretense of legitimacy. If the call centres stop working with them they'll go away.

--
Maybe we deserve this world ?
Re:What is wrong with people? by Bowlich · 2014-09-12 02:33 · Score: 4, Insightful

Reading over your comment it just occurred to me that a lot of novice users could very well potentially have an argument for why they would believe that Microsoft "knows" of their problems -- every time Windows XP had some process crash it would pop up a modal asking if you wanted to send a crash report to Microsoft. Pretty much every OS I've worked on does this, Ubuntu will even ask if you want to report a problem.
If I never used, or rarely used a computer and didn't come across these messages often it would not be a large jump of logic to presume that clicking "yes" on that modal would open a ticket on some help desk at Microsoft and some lowly tech-support would call you up some time in the future to fix the issue for you.