Slashdot Mirror
Listen To a Microsoft Support Scam As It Happened
itwbennett writes You know full well that Microsoft will never call you and ask to "access your computer" to help fix a problem. Yet this is a ruse that many unsuspecting computer users fall for and wind up with their machine hacked. CSO writer Steve Ragan, turns the tables during a phone call with a scammer — and he records it all for us to hear. Do yourself a favor and play it for your parents.
And here's a written transcript of all actions taken by the Indian government to stop this scam:
I've told my parents so many times not to click on links in an email.....now you're telling me to send them a link and have them click on it?
Had one of these (and only one)... told them I only had Mac's at home, and the guy got belligerent and said I was lying, then finally after telling him that over and over for a good minute he basically said FU and hung up. Can't imagine what they'd say if I said I only ran Linux, or something really obscure ("Sorry, I only run OpenVMS"). =D So yeah... guess their scheme falls over pretty quickly if you don't have a Windows box...
"Internet expl..Internet Exploiter?..Internet Explorer?"
Brilliant.
Do not click this link. You have been warned.
There are ninety (90) scripts trying to run on that page.
I'm shocked that the scammer is an Indian. Shocked, I tell you.
fake support calls are eerily similar to 419 scams in confidence artistry but it bears remembering why and when these scandals have taken place. In nigerias case oil discovery led to british and american interests propping up a series of dictators favourable to their interests yet despotic to their own people. After a few violent uprisings, oil export dropped to 40%, and largely has never returned. nationalized exports, systemic corruption, and a dearth of unemployment with a sizeable population of educated adults led to the 419 artistry and arguably an increase in piracy.
in Indias case, rampant corruption and high unemployment combined with a tech industry that favours low worker pay and aggressively combats everything from workplace safety to union organization and benefits has led to the tech support scam, born from the confidence and trust of americans and europeans accustomed to the dulcet tones of the south asian tech support worker.
Good people go to bed earlier.
Was it a "nice try"? And what's there to smile about? You have the criminal's attention for a few seconds — use it to communicate something harmful, something to cause them actual anguish. This is not a game — an asshole entering your home under such pretenses deserves to be shot to death, so do harm such people with words so much, they starts hating her job and become disinclined to do it.
If that's a woman, for example, tell her, that she'd been identified and cursed to never have children. Something along the lines of 4chan-hatred... No quarter
In Soviet Washington the swamp drains you.
... and depending on my mood I have several strategies;
1. Just tell them you only have Linux, they'll hang up immediately. ... So can I speak to your manager. (So far I've never got a manager.)
2. Musical hold, put the phone next to a speaker and go on with your life.
3. Tell them you have several computers running various Windows versions, which one did you mean... do you have a hostname or IP address so I can narrow it down? You don't? So how do you know it was my machine again? Really?
4. Pretend to follow along with their instructions, honestly the most time consuming and least satisfying.
But the problem is not with us, it's with Joe User who for some reason is unaware that Microsoft isn't phoning everybody. Never underestimate the power of human stupidity.
XML is a known as a key material required to create SMD: Software of Mass Destruction
...and got an epic fail with me.
Once I got a call from "Microsoft Support Service". Tough it happened years ago, I had no problem to discover the scam in the first sentence:
> "Hello, I'm [her name] from Microsoft Support Service..."
With that sentence, I knew they were scam. Why? Because I'm Spaniard and they should have said something like this:
> "Buenos dÃas, mi nombre es [nombre] y le llamo del Servicio de Soporte de Microsoft..."
Got the difference? ;-)
I received one of these calls a few weeks ago. After the scammer informed me that my computer was compromised but he was going to help me solve the problem I thanked him for his help and asked him which of my computers was infected. He seemed surprised by the question and said, "You have more than one computer?" I replied that I have several and surely he must be aware of that because he had just described the extensive monitoring Microsoft was doing. He said it didn't matter which one; just go to one of them and follow his instructions to get rid of the infection. I said that surely I need to go to the one that is infected to clean it, but he again claimed it didn't matter which one I went to. I pushed the point that if his monitoring was able to detect an infection then surely it must be able to identify which of my computers was infected. He started becoming beligerent, almost shouting that it didn't matter which computer had the infection but that I needed to go to one of them immediately so he could help me clean it. At this point I called him a liar and asked how he felt about lying to and stealing from people. He really started yelling at that point, and I just hung up. I haven't heard back yet.
http://youtu.be/GVQoAlQrnSg
The problem is, we support & enable "stupid" now, instead of letting them succumb to natural selection like they would have in the past.
If you could reason with religious people, there would be no religious people
Crap, i clicked on it.
I've forwarded that e-mail hundreds of times!
/the world will always build a bigger idiot
In the future, I would want to not be isolated from my friends in the Space Station.
Your (obvious troll and off topic) post falls flat because it omits one thing. "Two consenting adults".
If you could reason with religious people, there would be no religious people
Looks like a job for Lenny.
Since when do politicians care about consent?
My father used to run ubuntu now hes on fedora. My mother has been on a mac for the past 5 years. There is no windows in their house. When he gets the scam call about problems with his "windows" he tells them he doesn't have windows, only doors. It takes them a second to figure it out and then they hang up. Its pretty comical, and if more grandma's grandpa's had linux desktops this wouldn't be a problem. All they ever use the computer for is checking email and surfing the web anyway, if you guys haven't moved your parents off of windows by now, shame on you!
Does your operating system's included video player support synchronizing a timed transcript to an audio file or a set of subtitles to a video file? And in which timed text format? And does your operating system support the concept of a playlist, where an audio or video presentation is made of several chapters each with its own URL?
These guys alway call with spoofed caller ID info. Why? Because its easy. I really can't believe that it not possible to create a REAL caller ID system. But the TELCO's will *itch about regulatory interference in their business. I say make them LIABLE for passing on bogus ID info and they will find a way to make caller id work. Calls from overseas? Just ID them as OVERSEAS calls. Co that sell spoofing services, well if the TELCO is liable, they wont allow spoofed ID on outbound trunks. They would rather profit from a BROKEN feature than actually create a working one.
one day I shall invent a tool that allows you to kill and mangle people via telephone, and then I can enjoy life again.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
installing malware, searching for personal info?
That (your?) post was an obvious anti-gay post, trying to make a parallel with pedophilia. I was pointing out the failing in the logic. Politicians weren't relevant to my post.
If you could reason with religious people, there would be no religious people
I usually go with my crazy Luddite character and tell them I have no computers and they need to go hide in the woods because the machines are taking over. That microsoft, google and apple are all a grand conspiracy by the machines to enslave mankind. Usually that gets them to hangup, sometimes I pretend like I'm following their instructions before launching my tirade against technology, that usually prompts them to curse at me. This usually gets the elderly, for the most part they barely know how to use a computer. These people should not be able to process payments, that would put a quick end to it.
I have received a number of these scam calls - "Your Windows system is infected!". The only problem with that is that we have no Microsoft products in our house with the exception of a shut off and retired Nokia 920 Windows phone. All of our gear runs either Linux or Mac operating systems. The last one called me back 4 times. I was so pissed off that I called the police to see if we could trace the call and file charges. Naturally, the call was from outside the USA...
We have a simple policy in our home - we NEVER accept telephone solicitations unless we asked to be contacted. We simply state "We do not accept telephone solicitations of any sort. Please put this number on your do-not-call list and never attempt to contact us again, or we will trace the call and file a police complaint."
The best way to fight them is to waste their time....
Because your portrayal of "helpless user" was pretty narrow.
...sounds like a good thing. Would you prefer an abundance of unemployment?
"It looks like you're behind a router; I can't tell which computer on your internal network is the culprit. Let's hit them all just to make sure, ok? If we leave even one, the whole thing could get reinfected!"
Maybe 3 years ago I played along with such a caller. I run Ubuntu, but didn't say anything to them about what o/s I was using. When he asked me to visit a web site and download a Windows file from a web page, I laughed inside, thinking nothing would happen. I downloaded the .exe from a throw-away Ubuntu VM I had. Unexpectedly, Ubuntu downloaded Wine, installed it, then ran the .exe file. I was both impressed and scared that Ubuntu had done this automatically to run the .exe file. This resulted in a completely empty Windows (Wine) desktop, to which they of course quickly tried to connect. I kept "accidentally" disabling their control, so they could only look. When I finally gave them access, they were very confused that it had none of the usual Windows applications and menus they were expecting to see, nor did their usual password changing and locking work. More and more people on their end of the call were talking on the phone, trying to figure out what was going on.
After nearly an hour on the phone, I had enough and told them I was a software developer, and they hadn't scammed me. They swore at me and hung up. Immediately, I got a phone call from someone else saying he was calling to help me unlock my computer for a fee. Obviously as soon as they lock a desktop, they must trigger something in their call system so someone else calls back to earn some money.
Is to educate ourselves on the nature of the scam first hand. We can hang-up whenever we like so it's not like any commitment. First hand experience of this sort of thing is valuable and gives confidence when it's not so clear cut. Perhaps IT pros won't be clicking on attachments any time soon but the people we support do and we need to find out how far they've been scammed etc. which is a bit weird as WE are trying to do telephone support EXACTLY as the bogus supporters. To the end user what's the difference?
In most jurisdictions only one party has to consent to a call being recorded. That party can be you.
It would be great if we could fight back with a custom made VM purpose-built to screw with these people. Think about it... a Linux desktop modded to look superficially like Windows 8, with a goatse background, the pointer changed to a penis, and random windows popping up with scat porn.
The most interesting part is listen to the background chatter...
Fact is it takes quite a lot of time to string one of these people along. Last time I did more or less what is on this tape, and stopped it just shy of downloading anything. I asked the guy, "What does your mother think about this?" He seemed confused, so I said, "Is your mother proud of what you are doing, trying to trick old people into hacking their little computer?" Then I yelled at him a little bit more.
So yeah, you can do it, but as someone else said here, your time is more valuable than theirs.
How about a moderation of -1 pedantic.
they can't pass the information about telephone scams on to Homeland Security?
How can from Cardholder Services stay in business.
It makes me thinsk that the bad guys make big contributions to Replicrats and the Democons. You don't think the Koch brothers could be behind them all, do you?
That site is trying to con me into installing Flash. What kind of low down, dirty scam is that?
Have gnu, will travel.
I have had five phone calls telling me that my computer is in trouble and that I have malware and viruses they want me to press control windows button and R. This gives them access to your computer every person in your email your bank account and credit card information. I played dumb and try to get as much information as possible I try to ask for their name and their phone number the first name I was given was SarahThe telephone number she gave me was 806884244 I told her that that was not 10 numbers for phone number but she told me that was the number so I play dumb and went along
After them getting a supervisor that a manager because it wouldn't work what they asked me to do I hung up. They made the mistake of calling me back and this is what scared the hell out of me it said LA child care phone number 213-222-0040please be careful there are people out there that are mean and nasty and will do awful things to get into your computer and anybody any one would say they are from and say that tries to use a child service is just wrong on so many levels.
Also want to let you know Microsoft does not call you they do not do that in anyway to tell you something is wrong with your computer or that you have viruses contact them yourself and ask I just happen to be IT and no better how can you use a child care service. And do that that is so wrong how dare they do something so awful so the next time they call, I will post the next message I play a long. How do these people get up and look at themselves in the mirror every day knowing they are ripping people off and hurting so many people he will should be ashamed of yourselves for hurting people that don't have enough money to barely get by and then to pretend that you work for a child service company. Yes I am mad probably would not of posted this if I was a bit more, calm.
Terry
You must be new here.
Would it be acceptable to offer JavaScript streaming without charge and require a subscription for "a simple link to the file", like The Escapist does?
No, a warning would be "link involves scat, and I don't mean the singing kind".
What you posted was practically an enticement. I wouldn't be surprised if you're the AC who posted the link in the first place.
The best thing to do to these people (assuming you are bored/have the time to mess with them) is to let them connect to a Virtualbox VM and WASTE THEIR TIME, and then not tell them that you are wasting their time, and most importantly, NOT TELL THEM THE MISTAKES THEY MADE. One time I saw a video of someone from Malwarebytes doing just this. They connected the person to a Virtualbox VM and wasted a bunch of their time, but at the end of the video they explained to the person what they did wrong and practically gave them instructions on things they could've done to make the scam more convincing. I facepalmed at that. You do not give them instructions, or tell them what they're doing wrong. You just waste as much of their time as you possibly can.
I told them exactly that, that i run linux exclusively, instant "fuck you, then", which is admittedly far better than the "you've recently had a car accident" people, who even after lengthy arguments, asking them to stop calling, during which they've accussed me of being "sick in the head" and in need of help, continued to call back on a semi-regular basis.
You fall flat for an even simpler thing: replying.
Idiot.
I received the same call, but with a guy's voice, far eastern accent. he had me for a second with the "your IP address is sending out bad traffic" & they were getting warning errors on their end.. I was at work on the company's windows 7 box, but was wondering why *I* was getting the call instead of IT.. I decided to play along, I screw him up at the *superkey +r* imagining if I were working on my openbox debian machine; me: "ok, it opened my home folder, what next?" he, seeing that wasn't working, tried to navigate through the c:/ drive; him: ..slight pause .. "ok ok, close that out, I need you to click the windows icon in lower left, then computer, then c:/ drive"..
me: "I don't have a windows icon, I using openbox & a home folder"
him: "wait you're at home right?"
me: "no I'm at work, IT should be dealing with this"
phone line: ::CLICK::
I have a friend that makes a habit of recording these:
https://www.youtube.com/watch?v=Yw06NcMh1ZU
https://www.youtube.com/watch?v=2LoGnPaTSrg
https://www.youtube.com/watch?v=lK7s6Gw0BXw
https://www.youtube.com/watch?v=1HtlafvtRQw
The last time I had one I played along but gave them perfectly knowledgeable responses back. When asked to open the command terminal I told them I had done exactly that. The caller got very angry when I tried to assert that all the things he called viruses, I called file associations and that I was quite keen on keeping them.
Even after that they didn't give up and called every week for a while. They stopped when after I answered the phone I said in a loud voice to another person in the room "Hey, want to talk to the Microsoft scammers." They haven't called back since.
I haven't had any of these calls to date, and it's pretty rare for me to get any kind of phone spam. Since I've worked in tech support years ago, I'm curious how long I could string one of them along. "I only use it to log into my bank, I've got all the money from my accident settlement in there. Haven't noticed any trouble, are you sure I need this? "
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
My parents just about fell for this exact same scam. After speaking with the scammers directly and Googling around, the process goes something like this: --Caller (usually Indian) calls from a number listed as "out of area" --Caller informs you that they are with Microsoft Tech Support --Caller informs you that they have detected your Windows computer sending out virus reports --Caller asks you to download a remote desktop tool --Caller gets access to your desktop, pulls up task manager to show you some perfectly normal, though suspicious sounding, processes --Caller then tries to sell you a $300 service and asks for credit card information. --Various reports on the internet document the caller performing malicious acts (deleting files etc) on the host computer if you are uncooperative. The sad thing is that this scam works! My parents have been contacted multiple times and they are just one of many households contacted. That kind of call volume requires a lot of man hours and that means it is generating serious revenue. Damn leeches.
Every time I get this stupid scam call on my parent's phone (we are living with them temporarily) I tell the guy on the other end that I don't have a computer but would love one to be delivered overnight. I don't give out my address or anything though... just hang up usually after that.
I've got a ReactOS VM sitting on my home machine waiting for the scammers to call me. It looks like Windows. It behaves like Windows (this makes it easy to follow their script). However every remote access application I've tried crashes with all manner of creative error messages.
Say "Hang on a moment" and put the handset on the table. They'll waste 10 minutes of their time they can't be scamming someone else before they give up.