Turning the Tables On "Phone Tech Support" Scammers

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

External IP

[tomhath]

Providing your own IP address to a criminal so you can trash their computer just doesn't sound like a good plan to me.

Re:External IP

[Noryungi]

... Depends if your IP address is dynamic or not. In my case, all I have to do is reset the DSL modem/router and, presto ! New IP!

I am more concerned about the legality of it. Running a live exploit on their network may make some ISPs fidgety. Also not sure about the position of law enforcement agencies...

Re:External IP

[thegarbz]

Why not? What can you do with one IP address? On the flip side why do you think this is any worse than giving someone access via a cloud service after which they can look at your IP anyway?
216.34.181.45

Come at me bro!

Re:External IP

Yeeaaah ... that's the IP to slashdot.org :)

Re:External IP

[BarbaraHudson]

I am more concerned about the legality of it. Running a live exploit on their network may make some ISPs fidgety. Also not sure about the position of law enforcement agencies...

The cops won't like the competition ... in Soviet Russia, law enforcement exploits YOU ... oh, wait ...

Re:External IP

[benjfowler]

Don't use your own machine, use a honeypot/goat machine.

Presumably, a bit of work is required to hit back at the scammers in the first instance; a little extra effort couldn't hurt.

Re:External IP

[DarkOx]

Yea but its a metasploit module so you run metasploit on some very disposable vm you have out on Amazons aws in the free tier.

Either have your revershell go back to that IP and forward it on your own system or just bank on tact these losers don't have the skills it would take recover your ip from your shell code in memory or see the outbond connection on their firewall and have it call your back directly.

These guys are following a script. Most of the actors probably don't know how to deal with things much outside that. They are using an off the self remote access tool and social engineering. If they could pwn your box without your help they'd skips the steps where they setup the bogus call center, train employees, pay to make a bunch of often long international phone calls, etc and move strait to the profit step.

If they can't get you to fall for the scam they probably are not very dangerous.

Re:External IP

[Luthair]

I'm not advocating for it, but one assumes it would be pretty unlikely they'd complain to anyone. They probably aren't in the same country and they are engaged in a variety of illegal activities.

Re:External IP

[Trailer+Trash]

... Depends if your IP address is dynamic or not. In my case, all I have to do is reset the DSL modem/router and, presto ! New IP!

I am more concerned about the legality of it. Running a live exploit on their network may make some ISPs fidgety. Also not sure about the position of law enforcement agencies...

Look up the "clean hands doctrine". There's a reason that you don't see street gangs suing a drug supplier over a missing shipment....

Love reading about it

[gnasher719]

I will love reading about anyone who managed to destroy a call centre of these scammers and get them out of business.

Myself, I would fear bad legal consequences if I did it, because hacking into their computers isn't going to be legal just because they are scammers.

Now telling them that you just hacked into their computers and asking them to open log files to show evidence, that would be fun.

Re:Love reading about it

[stealth_finger]

I will love reading about anyone who managed to destroy a call centre of these scammers and get them out of business. Myself, I would fear bad legal consequences if I did it, because hacking into their computers isn't going to be legal just because they are scammers. Now telling them that you just hacked into their computers and asking them to open log files to show evidence, that would be fun.

There's not really anything they can do apart from try to get revenge on your machine. "Hi international police, well we we're trying to scam this guy and he somehow managed to switch the flip and gutted our entire organisation........please stop laughing"

Re:Love reading about it

[gstoddart]

Myself, I would fear bad legal consequences if I did it, because hacking into their computers isn't going to be legal just because they are scammers.
So, you have to remember ... these are people operating in a foreign country which is currently ignoring your laws, and are actively lying to you in order to scam you.

What legal recourse do you think they're doing to take against you? Take you to court? Good luck with that.

Sorry, but these clowns are using spoofed caller ID, calling from India (by the sounds of their accents), and are hell bent on ripping you off.

You think law enforcement is going to show up at your door?

Now, if you used this one anybody else, you could be in deep trouble.

But these "This is the Microsoft Service Provider" or whatever they say ... burn 'em to the ground, wreck their computers .. I've got no sympathy for them, and they probably have no idea of who they're talking to anyway. Because it's just an auto dialer which connects you to the next available idiot when you answer.

So, anybody who has the ability to do this probably should. Because I can only imagine the conversation of them trying to lodge a complaint .... yes, I am the guy from the foreign call center doing the Microsoft support scam, this guy hacked my computer.

Re:Love reading about it

[GameboyRMH]

International police? No, this is a job for the CYBER POLICE!

You should point them to the proper authorities and tell them you'll be waiting with your wrists out :-D

How about

[BringsApples]

THEM: Hi this is Microsoft and...
US: hang up

Done. Fuck this war.

Re:How about

[i.r.id10t]

I got called by one last Friday night. Kept him on the phone for almost an hour, playing along. Even gave him clues I wasn't on windows (ie, when he asked me to run eventviewer I described the output of top, including clueless worrying about zombie processes).

Finally told him I had to go pick up my daughter and that I'd been screwing with him. He called me a "miserable son of a bitch" and hung up.

Kinda felt that it was my duty to keep him occupied, after all each minute I was screwing with him was a minute he wasn't scamming some truly helpless user "out there" somewhere.

Re:How about

THEM: Hi this is Microsoft and...

US: hang up

Done. Fuck this war.

Then they call back and say "don't you care about your computer?" (I really wish I was kidding, but this really did happen).

I usually follow your method actually, but this tedious shit still gets old pretty quick. Time-wasting, parasitic little fuckers.

Re:How about

[Wycliffe]

THEM: Hi this is Microsoft and...
US: hang up
  Done. Fuck this war.

That's exactly what they want. It's the same reason that scammers say they are from nigeria even when they aren't.
They don't want to talk to you. They want the non-gullible to hang up as quickly as possible so they can quickly find
the little old lady who they can steal from. They called my mom and luckily she had 2 things going for her. First,
she doesn't know enough to actually follow their instructions and second, she called me. Otherwise she would
probably be out some money and I would be left cleaning up the mess. So sure, it's easier to hang up on them but
you are actually doing them a favor and helping them out by doing so.

Re:How about

... I'll just put you on hold while I boot up my computer. I'm afraid its really slow.

20 minutes later he hangs up and calls back. ... No its still booting I'm afraid. I'll just put you back on hold.

40 minutes later he finally gives up.

Re:How about

[TheCarp]

These people call my mother incessently. Every other day or so I hear her yelling at her phone "you are not really with windows, windows doesn't call" (yes they say they are calling "from windows" lol).

I just saw this and ran down to show her, not so much for the exploit but the idea of playing mickey the dunce and keeping them on the phone for as long as possible. Lol she has a true talent for annoying tech support. Hell I once got a call from a guy at the help desk "I just got off the phone with your mother" "really?" "yah down in radiology right? I was on the phone for 45 minutes and had to send a technition out because I couldn't get her to plug the ethernet cable back into the wall" "now, she told you she is blind right?" "No she....what the fuck!"

Seriously.... I think I just punished them good suggesting she keep a log of how long she can keep them on the phone for.

Re:How about

I managed over an hour and a half the other day. I had to look up the different messages from Windows XP from online help pages. Basically imagine you are really really clueless but you have an IT expert son who has set up your Windows computer so you don't have the administrative privilages to do yourself any damage and all running of hacking software is blocked by some obscure anti-malware software that you don't understand yourself. It also helps if you are too clueless to use your mobile phone at the same time as typing on the computer.

You should manage to do at least 10 minutes of mindless work between each time you talk to them.

Never admit you are scamming them; the aim is to teach them to hang up on truely clueless people themselves depriving them of some of their most important audience.

Re:How about

[gstoddart]

Finally told him I had to go pick up my daughter and that I'd been screwing with him. He called me a "miserable son of a bitch" and hung up.

You know, the amazing thing is they feel they have a right to be angry.

Dude, you called me with the express intent of scamming me ... you seriously expect me to treat you like a human being?

I don't think so.

Re:How about

[CohibaVancouver]

You know, the amazing thing is they feel they have a right to be angry.

You're using a western mindset.

He's some impoverished guy in India desperate to make a few rupees from someone who, in his eyes, is very wealthy.

The 'wealthy' person has wasted his time, so he's angry. His 'boss' will probably yell at him for being unsuccessful, so he's angry.

It's not cut-and-dry like you might think.

Re:How about

[BringsApples]

Never admit you are scamming them

How are you scamming them?

the aim is to teach them to hang up on truely clueless people themselves depriving them of some of their most important audience

Again, I don't get it. What are you teaching them? To hang up on true suckers? Silly, that's what they're after.

If everyone would just accept that it's impossible to 'get a call from microsoft out of the blue' or any other 'I'm just calling to help you' bullshit, then this whole thing would end. So rather than spend 30, 40, or 50 minutes on the phone, "scamming" these people, spend 10 or 15 minutes calling all of your friends and family that would probably be scammed, let them know what's happening, and go back to your regular day, then the world can proceed. But it's your own time, do as you wish. Thinking about it in the same terms that advertisers do, however, you will find that giving them (the scammers) your attention (your time) will probably only make them feel that it's working, and worth the troubles of calling another potential candidate.

Re:How about

[BringsApples]

Yeah that's a good point, but rather than keep them on the line, hang up, call your mom, "Hey mom, no one will EVER call you out of the blue to help with your computer unless they're trying to scam you. If anyone EVER calls to help you with a computer problem, and it's not me, hang up. Bye mom, I love you."

Seems like a solid plan to me.

Re:How about

[gstoddart]

You're using a western mindset.

He's some impoverished guy in India desperate to make a few rupees from someone who, in his eyes, is very wealthy.

Well, that's NMFP ... he knows damned well that what he's doing is illegal, and would have no sympathy for me if I fell victim. He is certainly aware of the fact that he's not offering me a useful service. You couldn't possibly train someone to do that scam without explaining it to them.

So, he may well have convinced himself that there's no harm if he scams us a little.

But, I don't actually give a crap about his feelings.

If what he's doing is so noble and justified, call someone in India, see if they are interested.

From me, he gets a big "fuck off".

If he's expecting me to say "oh, gee, the poor cute little Indian is just trying to make a buck", he's sadly mistaken, and should expect the kind of animosity he gets.

Re:How about

[Sloppy]

So sure, it's easier to hang up on them but you are actually doing them a favor and helping them out by doing so.

No, failure to take hostile action isn't a favor; it's neutrality. Installing their malware would be a favor. I can appreciate those with the time and energy to take fight to this enemy (good on you!), but I have other battles to fight with my (however high) limited anger.

The problem with this enemy, which makes it so hard to care, is how irrelevant they are. So they call people about bullshit, wasting their time. That can be annoying, but there are so many more annoying things.

I suppose some people would say this enemy is worse that that, because the call is just a way of performing a SE attack, but I disagree. I just can't help but get blame-the-victim-y with SE attacks like that. I think many of our society's real problems are caused by SE, much of it legal (e.g. "vote for me, because I'm a member of the correct party," or "believe our religion's dogma, because your parents did") and that we'd all be a lot better off with more "scam antibodies" in ourselves. So part of me hopes these scammers flourish, thereby teaching people to stop being so fucking gullible. Maybe you can't fix stupid, but we can try, and an environment full of con artists is good for that. These assholes are evil, but they're good for us.

No, I'm not fully committed to that outlook (sure, I wanna hurt the bad guys too) but I'm conflicted enough that it evens out. And while we're at it, don't knock lazy! So a position of neutrality, it is.

Re:How about

[barc0001]

That's not really correct. That only works if everyone in the world calls their mother, father, aunt, grandma, etc, which is obviously never going to happen. So again, all you've done is moved the scammer on quickly to his next target. Think of it this way: if it takes this guy an hour to scam someone, he spends an average of 30 minutes finding each new mark that leads to a cash scamming, and he works 8 hours per day, on average he will scan 5 to 6 people per day. If you waste an hour of his time, you've saved someone else from getting scammed that day.

Re:How about

[Angostura]

The bizarre thing is that I've had several argue with me for 10 minutes even after we've got to the point when I'm saying 'Look I know this is a scam, you should reall stop doing this and do something else" they have vociferously denied that they were scammers, even when I'm saying "I don't understand why you're continuing with this call".

Bizarre.

Re:How about

[DarkOx]

Yes is that cut and dry. This a person who has phoned you up with the intent to do you harm. His/Her reasons don't matter. (S)He has no right to try and defraud you. (S)He isn't stupid either, he knows the folks (s)he is working for are fraudsters and (s)he knows this and is participating anyway.

If this person is so desperately poor than they should be calling and asking for charity. This is malicious behavior and it deserves an in kind response.

Re:How about

[gstoddart]

There's a strong chance these people are staffing a call centre that is hired by the true scammers and are following a script

Have you heard these calls before? Have you seen transcripts?

There is no conceivable way you could be doing that scam without knowing you're lying. They're asking for access to your computer, and showing you stuff they'd be able to see on their own computer. If any of these people believe they're doing magical cold-call tech support, they're so incredibly stupid as to deserve contempt.

There are some things, like the idiots I get calling to clean my ducts, who could possibly not know it's purely a scam ... but I still have no sympathy for them. I don't have sympathy for so called "legitimate" cold callers either -- because I've had several charities who despite being told to stop calling simply call back the next day.

For the people doing this specific computer tech support scam, by the time someone has taught you how to do it, you can't not know it's a scam.

Re:How about

[Bob+the+Super+Hamste]

If they are that desperate I wonder if I could make them a counter offer and send them $50 US to go and kick their boss in the crotch as hard as they could while having the phone on speaker so I could hear it.

Re:How about

[joemck]

I've been thinking about installing Win98 (which I believe is the minimum requirement for Ammyy) on my 486 DX/33, and then installing a bunch of toolbars and adware to make it even slower. Win98 minimum requirement is 486 DX2/66, but I've gotten it to run slowly on a 33 MHz one. Let them suffer trying to install their probably XP-minumum-requirement viruses on that for a while.

"Thanks, I'm glad you called! My computer *has* been running kinda slow lately."

Re:How about

[joemck]

Bogging down the scammer for an hour puts a far larger dent in their profits than hanging up on them, letting them move onto a more gullible mark, and telling one other potential mark to do the same. This isn't about which activity is more enjoyable to you, this is about damaging them and their ability to hurt others.

And if even just a handful of people use the metasploit this article is about with an OS-killing payload*, it would probably put them out of commission for a good bit longer than trolling them, and at much lower time cost to you. *--or even just things that flip the display output, change mouse speed, force 16 color mode, set a 1 second screensaver timeout with password protection, or other general annoyances.

Re:How about

[Swave+An+deBwoner]

You want this:

http://itslenny.com/

You have a problem on your Linux desktop

[Old-Claimjumper]

Them: Hi This is Microsoft. You have a problem on your desktop
Me: Oh! Wow! how do we fix it?
Them: Do you see your START button?
Me: (Looking over my Gnome Desktop on my Fedora workstation...) No.
Them: Just look on you lower left.
Me: I have ACTIVITIES on the upper Left.
Them: That must be it. Pull down the menu from that START Button.
Me: OK
Them: Do you see the RUN item
Me: No...

And they get more and more frustrated by this looser who can't seem to work the START menu.
I really try to follow their instructions.
After all they said that they had analyzed my machine and knew exactly how to fix it. They MUST know what they are doing then.
You mean that, maybe, possibly, thay were not completely truthfull???

What is wrong with people?

[Mefesto44]

I'm always surprised by how people can be scared into using this service. I'm the NA for the largest private GP clinic in the state of Montana and I still have quite a few old customers call me from back when I ran my own tech service company. People who I would consider "smart" or "less-than-scamable" have fallen time after time from this exploit and handed over personal information and pretty chunky sums of money. No matter what you've done in the past to help educate or bring people up to speed on current scams it never is enough. The lack of deep understanding of technology seems to render even the most reasonable person inept.

I always get the statement "In the back of my mind I knew this seemed a little fishy, but the other day I was having trouble with X and then Microsoft called. I figured they knew!". Part of me wants to blame the current news reports of the NSA and how they are passing around the watercooler your email about how your last batch of zucchini made the best pickles... your everyday man thinks that Microsoft or these huge companies like Google are literally standing over your shoulder examining your every move. Hell, of course Microsoft knows about your problem with that Outlook plug in that keeps crashing on startup... they've been watching you for the last 2 weeks daily!

All it's doing is funding my side business and bringing me a stream of easy to fix computers at $80/hr. Maybe I should send these guys a cut of the cash.

Re:What is wrong with people?

[Bowlich]

Reading over your comment it just occurred to me that a lot of novice users could very well potentially have an argument for why they would believe that Microsoft "knows" of their problems -- every time Windows XP had some process crash it would pop up a modal asking if you wanted to send a crash report to Microsoft. Pretty much every OS I've worked on does this, Ubuntu will even ask if you want to report a problem.

If I never used, or rarely used a computer and didn't come across these messages often it would not be a large jump of logic to presume that clicking "yes" on that modal would open a ticket on some help desk at Microsoft and some lowly tech-support would call you up some time in the future to fix the issue for you.

Re:What is wrong with people?

[gstoddart]

I'm always surprised by how people can be scared into using this service.

Sadly, not everybody has a good working knowledge of computers, and don't have enough street-smarts to spot the clues of a scam.

Lots of older people who really don't know much about their computer, and are completely unaware this is an ongoing scam fall prey to it. They just think it's a nice person offering to solve a problem for them.

It's like any other form of spam or scam ... you only need a very small percentage of people to fall for it to be profitable. Especially since when you answer the phone it takes a few seconds for the auto-dialer to connect you with the guy on the other end. Because they're not calling you, a computer calls a zillion numbers, and then connects people who answer to the next available scammer.

So, if you know some older people who have computers, sit down with them and explain that the world (including the internet and the telephone) is full of lying, greedy bastards who are out to get you. It's like "stranger danger", but for adults.

Not everybody is as cynical and paranoid as people who work in IT. But you need to get them enough of both to not be victims.

I am continuously grateful that when my parents decided to get a computer I sat them down and had "the talk" (*) ... because they subsequently became people who could spot a scam on the phone from a mile away, and learned the kinds of things not to do on their computer.

(*) OK, I had to discretely have a separate talk with my father lest the lure of b00b1es caused him additional computer/wife problems. ;-)

Re:What is wrong with people?

[Jason+Levine]

You would think they'd stop before they'd send away $25,000 or more, but...

The problem, once you've fallen for the Nigerian scammers, is that it can be hard to admit you've been scammed and have lost money. You can either admit that and realize you were an idiot, or keep believing that this $1,000 you're sending will finally unlock those millions that are "obviously" coming your way. The deeper these people fall for these scams, the harder it can be to admit that it was a scam and that there never were millions coming to you. So they keep going deeper and deeper in the vain hope that they will finally reach their payday.

Re:Rife in the UK

[stealth_finger]

"Hi, we've detected a virus on your machine etc etc"

"Yes, that's mine, I've been testing it. Can you tell me how and when it was detected please?"

".....[click]beeeeeeeeeeeeeeee"

Re:Rife in the UK

[WormholeFiend]

"Hi, we've detected a virus on your machine etc etc"

"How do you know?"

"We have a file about you and your computer."

"Yea? What's my name?"

".....[click]beeeeeeeeeeeeeeee"

Start button?

[ArcadeMan]

Them: Hello, this is Microsoft. We have detected a problem with your computer.
Me: Really? And you're calling to help me?
Them: Yes of course. Do you see your "start" button?
Me: No I don't see any "start" button.
Them: It's in the lower left corner.
Me: I have a button in the upper left corner that says "OS/2 Warp"
Them: Asshole. (hangs up)

Re:What spam calls?

[Scutter]

Scammers, by definition, do not follow the law. What makes you think they'd concern themselves with something as petty as a Do No call law?

And yes, you should consider yourself lucky. These kinds of calls are becoming more frequent and MUCH more aggressive. I had one scammer call me back over a hundred times in one day when I hung up on him. I eventually just routed all incoming calls to my fax machine.

What Microsoft could do

[Jesrad]

One thing Microsoft could do easily and cheaply, which would eventually end this "Calling you from Windows and you have a virus" scam, is to have a short mention about this being a scam on the front page of their website. A single sentence would suffice.

When you get called by the indian call center employee, who for most of them believe they are working for a legitimate business, mention how the caller is NOT really affiliated with Microsoft because their website say it's a scam. "See for yourself !" and hang up.

The actual pirates can probably not do the mass phone call themselves and still rack up enough money, which is why they hire call centres to do it for them, and why they also take precautions to show them some pretense of legitimacy. If the call centres stop working with them they'll go away.

Re:What Microsoft could do

[BarbaraHudson]

The call center employees know full well that what they're doing is a scam, same as the duct cleaning, same as all the other scams. The call center employees were caught by CBC

In Marketplace’s undercover investigation, a Karachi call centre supervisor was caught on camera reassuring a new hire that they can’t be caught.

"There is no need to worry," he says. "The customer will not be able to report us. They can’t trace us."

Employees are also told to say they’re calling from Ontario, and the callers used fake names.

They know that they're lying. They know they're running scams. Screw them.

Re:What Microsoft could do

[Etherwalk]

M$ won't care, it's more money for them when your computer gets screwed up and you have to (a) call M$ tech support (b) buy a new PC (c) buy another M$ license (d) take your pc to a repair shop.

I am going to go ahead and make an educated guess that Microsoft has done more to improve computer security for gullible people than you have.

I'm not saying it's perfect--but it's a lot more secure than it used to be, and they want it to be secure, and they spend a lot of money on making machines secure.

Re:Rife in the UK

[andrewbaldwin]

I've had a similar experience - many times.

First of I am not a lawyer - but I can read Wikipedia :-)

So when we get to "we've detected a problem with your computer" I ask "how?" and get a stream of babble about seeing data which looks like a virus.

Then I ask innocently -- "so you can look at my traffic?" "oh yes and you definitely have a virus - we can see from how your PC is behaving" "so you can look at my PC?" "Oh yes"

I always ask - "are you sure about this?" to allow them to dig themselves even deeper into a hole and then ask for their name/company name (claiming I misheard at the start).

At this point I inform them that either (a) they are probably committing offences under one or more of Computer Misuse Act 1990, Data Protection Act 1998 or Regulation of Investigatory Powers Act 2000 -- or (b) if they want to own up (and I do know that they are lying because I'm not running Windows and my firewall is pretty tight) that attempting to obtain money through false pretences is an offence under the Fraud Act 2006.

"Which one do you want to choose?"

They usually hang up at this point having spent around 15 minutes with me when they could have been hitting another victim -- though one did ring back and shout abuse.

Re:Rife in the UK

[DocSavage64109]

If it's anything like how they pronounce lieutenant, then I don't know how British pronounce Brighton either.

Re:Rife in the UK

[91degrees]

Like "Bright" with "on" at the end.

Start Button ?

[OneSmartFellow]

Them: Hello, this is Microsoft. We have detected a problem with your computer.
Me: Really?
Them: Yes of course. Do you see your "start" button?
Me: No
Them: It's in the lower left corner.
Me:The lower left corner of what ?
Them: The lower left corner of your computer.
Me: The lower left corner?...........when viewed from where ?
Them: From the front.
Me: OK, let me see.....All I see is a little sticker that says Intel Inside on the lower left corner.
Them: I don't understand.
Me: The computer has a little sticker on the lower left corner. but no start button.
Them: No, I mean the lower left corner of your monitor.
Me: Wait I'll have a look..........I don't have a start button on the lower left corner of my monitor either. I do see a little sticker that says "Infant Optics" (it's a baby monitor) Them: click

Re:Start Button ?

[SQLGuru]

Next time you get the call, you could try this approach:

You: Wait, you know I have a computer? Are you my parole officer? I've been banned from using electronic devices due to my recent conviction. If you're accessing my computer, that makes you an accomplice. Per the plea agreement, we both going get 20 years in a federal prison. The NSA is probably now tracking us both.

Re:Start Button ?

[advocate_one]

they were asking me what label was on the key next to the bottom left corner...

it may be a windows key on my keyboard... but it doesn't bring up anything when I hold it down and press 'r'... that throws them... they get quite angry as I keep telling them that nothing happens and there is no start menu either on the screen, just a stylised bird... and that when I do click that icon I don't see a control panel choice...

Running Lubuntu LTS with LXDE...

TeamViewer

[bhlowe]

I had a "Microsoft" guy walk me through installing TeamViewer. After twenty minutes of goofing with him, I said it was installed (which it already was).. When he asked for my team viewer ID, I asked for him to give me his ID first. They didn't and were mad I wasted their time. But.. it makes me think that the TeamViewer company might be able help track down these jerks.

Windows is updating

[jmv]

I like to get these scammers on the line for as long as possible, but without wasting my time. So far, what I've seen to work well was "Oh, my computer just crashed, I need to reboot" and "Now windows is applying updates". This means they'll wait without me having to think of stuff to tell them. Any other effective tricks?

Re:one did ring back and shout abuse

[DocSavage64109]

I never have these guys calling me, but several of the stories here mention these guys shouting profanity and abuse. I wonder if it is some sort of defense mechanism to keep themselves from realizing how low they are to be using these fraudulent tactics on innocent people.

Does your mother know?

I've taken to asking them questions like:

Does your mother know that you spend your days trying to steal money from people much like her? How does she feel about that?

How does it feel knowing that every minute you're at work, you're making the world a worse place to live? Do you sleep well at night?

etc.

I once had the employee's manager call me to chew me out for making the employee feel bad. Hopefully he quit.

Re:What spam calls?

[gstoddart]

I'm not sure. https://www.donotcall.gov/ [donotcall.gov] (620)867-5309

Well played.

I just give them access

[Khyber]

I keep an old XP laptop loaded with furry porn, pictures of cows and pigs being slaughtered, BDSM porn, transsexual midget porn, stuff from rotten.com/ogrish like beheadings, gential mutilation, etc., set on random rotate every second for the desktop with a nice fading transition, everything locked except the remote assistance tool, and when they call I put that machine live and let them in.

The extortion begins, and then they see something that invariably offends the piss out of them while they're forced to watch a constantly-changing desktop wallpaper they can't stop, and the extortion ends with me laughing in their ears.

Endless entertainment. I even got a "You're the sickest thing existing on this planet." from some chick that was playing the scam.

I lol'd hard at that one.

Can't even get their names right...

[advocate_one]

Had one Indian woman claiming she was Dave from Microsoft...

Re:I've gotten 4

[BronsCon]

That's because they're monitoring your computer and know you're out to scam them.

India: Scammer country

[ub3r+n3u7r4l1st]

ugh, this is a real disgrace on India. I think this scamming here is frequent from India because there is little to no regulation, law or enforcement of it if there were one about scamming 'foreigners'.

This is how most of the Indian GDP were composed of.

It is part of their culture. In the university that I went to, 90% of the Indians are cheating. This is in a electrical engineering master's program.

That's why our organization will not hire any H1Bs.

Re:How about THIS?

[BringsApples]

Yeah, that's even better. These people that are talking about hanging out on the phone with these creeps have me baffled. Even if you look at it in the same light as biological war, eventually not just outright killing (hang up the phone) the virus (the creeps), provides a way for the virus (the creeps) to gain some bits of immunity (understanding) of the treatment (logic of keeping them on the phone in order to waste the creep's time) and thus provides them a sort of way to plan how to deal with it. And in that light, they're actually making things harder for not only the already gullible, but also for the ones that want to play these games.

Lots of fun

[SledgeHammerSeb]

It's fun to tell them you have 23 computers and insist they tell you which one is infected.

Re: I've gotten 4

[BronsCon]

And that you're replying at all.... *WOOSH*

Much bettern than my idea

[ripvlan]

I have been using the "Yes..and" Improv method of Step In.

"What? Again? My damn kid put a virus on the computer again? Boy!! Get your Ass down here now... yes you... talk to this guy... WTF (whack)" [pull phone away from head, change voice "No Dad, that hurts, let go, stop, ow ow" "You get the phone with this guy right now and fix this.... and after we're going to have a talk...."

or -- two old people "Ethel - do you understand what this guy wants? Something about a computer... hmm.. our grandson was over last week. Hold on while I get him"

or -- "Oh - I've been waiting for you to call. See I have this problem where....."

of course if I'm in a rush I just say, "I have a Mac" and they hang up immediately. Seriously.. click.

Re:Rife in the UK

[dwywit]

My record was 16 minutes, the sucker on the other end got more and more frustrated and eventually swore at me and hung up.

I've told them I can't go to my computer because I had a broken leg and couldn't get out of bed.

I've told them I don't have a keyboard, I use a touchscreen.

Most recently, I let the operator get through to the stage where they wanted to connect, then I told her I knew it was a scam, she should be ashamed of herself for telling lies, and what would her mother think? That one got 3 seconds of silence, "shit", then she hung up.

Rude to the Max

[WoodburyMan]

They never seem to call me. I have a clean XP VM all setup ready to go to have them remote into. They do however call my parents (Asking for me by name somehow, my name must be linked with that number). Despite being non-technical, that doesn't prevent my father from screwing with them the old fashioned way. He usually keeps them on the line, saying things like "I already have a Window cleaner, he comes by on Tuesdays and does a good job! Even does the 2nd story windows!" He'll usually tag them along for a good 10 minutes or so. 50/50 change of them ending without incident, the other half they usually scream some swears or insult then hang up. The last time, when he had enough, the scammer asked "What is on your computer screen?" and my father replies "Oh! t's all pictures of naked woman!" The scammer then replied "Oh! That must be your mother! You mother f****er!" then hangs up. They are the ones calling and scamming, and the attitudes these people have are amazing. Some other fun tricks to try is talking in another language. My parents can speak basic French, and occasionally they confuse these scammers, who barley speak English, by talking French and it really throws them off.