Slashdot Mirror

← Back to Stories (view on slashdot.org)

Turning the Tables On "Phone Tech Support" Scammers

Posted by timothy on from the mouthwatering-shadenfreude dept.

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

8 of 210 comments (clear)

  1. Re:How about by Anonymous Coward · · Score: 2, Interesting

    THEM: Hi this is Microsoft and...

    US: hang up

    Done. Fuck this war.

    Then they call back and say "don't you care about your computer?" (I really wish I was kidding, but this really did happen).

    I usually follow your method actually, but this tedious shit still gets old pretty quick. Time-wasting, parasitic little fuckers.

  2. Re:How about by Wycliffe · · Score: 5, Interesting

    THEM: Hi this is Microsoft and...
    US: hang up
      Done. Fuck this war.

    That's exactly what they want. It's the same reason that scammers say they are from nigeria even when they aren't.
    They don't want to talk to you. They want the non-gullible to hang up as quickly as possible so they can quickly find
    the little old lady who they can steal from. They called my mom and luckily she had 2 things going for her. First,
    she doesn't know enough to actually follow their instructions and second, she called me. Otherwise she would
    probably be out some money and I would be left cleaning up the mess. So sure, it's easier to hang up on them but
    you are actually doing them a favor and helping them out by doing so.

  3. Re:External IP by benjfowler · · Score: 3, Interesting

    Don't use your own machine, use a honeypot/goat machine.

    Presumably, a bit of work is required to hit back at the scammers in the first instance; a little extra effort couldn't hurt.

  4. Re:External IP by DarkOx · · Score: 3, Interesting

    Yea but its a metasploit module so you run metasploit on some very disposable vm you have out on Amazons aws in the free tier.

    Either have your revershell go back to that IP and forward it on your own system or just bank on tact these losers don't have the skills it would take recover your ip from your shell code in memory or see the outbond connection on their firewall and have it call your back directly.

    These guys are following a script. Most of the actors probably don't know how to deal with things much outside that. They are using an off the self remote access tool and social engineering. If they could pwn your box without your help they'd skips the steps where they setup the bogus call center, train employees, pay to make a bunch of often long international phone calls, etc and move strait to the profit step.

    If they can't get you to fall for the scam they probably are not very dangerous.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  5. TeamViewer by bhlowe · · Score: 4, Interesting

    I had a "Microsoft" guy walk me through installing TeamViewer. After twenty minutes of goofing with him, I said it was installed (which it already was).. When he asked for my team viewer ID, I asked for him to give me his ID first. They didn't and were mad I wasted their time. But.. it makes me think that the TeamViewer company might be able help track down these jerks.

  6. Windows is updating by jmv · · Score: 4, Interesting

    I like to get these scammers on the line for as long as possible, but without wasting my time. So far, what I've seen to work well was "Oh, my computer just crashed, I need to reboot" and "Now windows is applying updates". This means they'll wait without me having to think of stuff to tell them. Any other effective tricks?

    --
    Opus: the Swiss army knife of audio codec
  7. Re:one did ring back and shout abuse by DocSavage64109 · · Score: 3, Interesting

    I never have these guys calling me, but several of the stories here mention these guys shouting profanity and abuse. I wonder if it is some sort of defense mechanism to keep themselves from realizing how low they are to be using these fraudulent tactics on innocent people.

  8. Does your mother know? by Anonymous Coward · · Score: 2, Interesting

    I've taken to asking them questions like:

    Does your mother know that you spend your days trying to steal money from people much like her? How does she feel about that?

    How does it feel knowing that every minute you're at work, you're making the world a worse place to live? Do you sleep well at night?

    etc.

    I once had the employee's manager call me to chew me out for making the employee feel bad. Hopefully he quit.