Slashdot Mirror

← Back to Stories (view on slashdot.org)

Listen To a Microsoft Support Scam As It Happened

Posted by samzenpus on from the can-I-trust-you? dept.

itwbennett writes You know full well that Microsoft will never call you and ask to "access your computer" to help fix a problem. Yet this is a ruse that many unsuspecting computer users fall for and wind up with their machine hacked. CSO writer Steve Ragan, turns the tables during a phone call with a scammer — and he records it all for us to hear. Do yourself a favor and play it for your parents.

33 of 229 comments (clear)

  1. the real problem by slashmydots · · Score: 5, Insightful

    And here's a written transcript of all actions taken by the Indian government to stop this scam:

    1. Re:the real problem by HappyHead · · Score: 3, Funny

      I suspect you've edited that transcript, as it appears to be missing the five minutes straight of laughing.

    2. Re:the real problem by Anonymous Coward · · Score: 4, Insightful

      Why do you think governments should step in?

      Because it's the job of Governments to enforce the laws, and India has laws about fraud?

    3. Re:the real problem by Steve+B · · Score: 5, Insightful

      Why do you think governments should step in?

      Because suppression of fraud is one of the basic responsibilities of a government.

      --
      /. If the government wants us to respect the law, it should set a better example.
  2. sending to partents by Anonymous Coward · · Score: 5, Funny

    I've told my parents so many times not to click on links in an email.....now you're telling me to send them a link and have them click on it?

  3. Funny thing... by stazeii · · Score: 5, Interesting

    Had one of these (and only one)... told them I only had Mac's at home, and the guy got belligerent and said I was lying, then finally after telling him that over and over for a good minute he basically said FU and hung up. Can't imagine what they'd say if I said I only ran Linux, or something really obscure ("Sorry, I only run OpenVMS"). =D So yeah... guess their scheme falls over pretty quickly if you don't have a Windows box...

    1. Re:Funny thing... by Anonymous Coward · · Score: 5, Insightful

      LOL If you have only Mac's at home, you've already been scammed.

    2. Re:Funny thing... by fermion · · Score: 4, Interesting

      It is for stuff like this I wish that phones could record calls. We really need a change of laws. When a business calls and intimidates people, we really need a record.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    3. Re:Funny thing... by BUL2294 · · Score: 4, Interesting

      (IANAL) In Illinois, and likely most other states, if you believe that a crime will take place during the recording of a phone call (and this does likely count as a felony), you can record it without permission of the other party. In addition, you are shielded from prosecution for breaking wiretapping laws & your surreptitiously recorded evidence can be used for prosecution.

      --
      Windows 3.1x calc: 3.11 - 3.10 = 0.00
    4. Re:Funny thing... by HappyHead · · Score: 3, Interesting

      Another good trick to use is to pretend you're trying to follow their instructions, and that it's just not working.

      Tell them your virus scanner is giving you alerts, they'll think you're a really good target. If your phone has a 'mute' option, ask them to hold on for a second because you've got another call. Come back within a minute or two, and if they're still there, lead them on again. Never let on that you aren't actually following their instructions, never let on that you know it's a scam. As long as they think they've got you hooked, they'll keep trying. As soon as you reveal that you're not buying into their lines, they'll cut bait and look for someone else to scam.

      That's the big difference between the major scammers like this, and the ordinary telemarketers who just want to sell you things you don't need while you're trying to eat dinner - the scammers are allowed to hang up. The regular telemarketers aren't, and you can spend an hour telling them all about the coffee cup sitting on your desk.

    5. Re:Funny thing... by Merk42 · · Score: 5, Insightful

      Windows are a horrible magnet for this because they're popular, not because they're difficult to use. If Macs had the same market share, they would get targeted too.

    6. Re:Funny thing... by Anonymous Coward · · Score: 4, Insightful

      As this story points out, typical Windows users are a horrible, horrible magnet for scams like this

      FTFY.

      If you had legions and legions of the clueless descending on, say, Linux, you'd get these same scams preying on clueless Linux users. You don't, because generally Linux users are much more tech savvy and don't fall for them, so it isn't a target rich environment like Windows is.

      So yes, Windows sucks, we all know it sucks, but in this case, PEBKAC. I hate Windows but I can't blame it for doing what its owner asked it to do.

    7. Re:Funny thing... by Anonymous Coward · · Score: 3, Informative

      Tech support has the victim download TeamViewer to gain access to his machine... TeamViewer has a OSX version as well... I fail to see how this is a windows problem.

    8. Re:Funny thing... by cusco · · Score: 4, Insightful

      why "Windows makes it so hard to do stuff"

      It's what you learn on. I learned on Windows, when I use a Mac I'm utterly lost and think "Why did Apple make it so hard to find anything?"

      I'll guarantee that if you and I spend the same amount of money on a Windows and Apple boxes that I *will* get superior hardware, but that yours is tested by Apple to be compatible with their OS. We'll both get operating systems that we understand where all the moving parts are and will both think that we got the better deal. If MS were to have full testing and approval of every piece of hardware and software and all drivers ever installed on every Windows workstation since the beginning of time it would be known for its stability as well. Instead MS went for maximum flexibility, with the result that their software is installed on most of the desktop computers and around half the servers on the entire planet.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    9. Re:Funny thing... by bondsbw · · Score: 5, Funny

      Windows are a horrible magnet because they're glass.

      FTFY

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    10. Re:Funny thing... by Altrag · · Score: 4, Insightful

      Trouble with trolling them is that they don't really care. The worst you'll accomplish is getting some low-paid (probably illegally low since you know, illegal business anyway) phone drone fired and replaced with the next one.

      Your time is more valuable than theirs..

    11. Re:Funny thing... by jp10558 · · Score: 3, Interesting

      I feel the same way about Macs - they have issues with SAMBA, they can't run lots of software I use, and for lots of the FLOSS I use they don't have a useable installer - or when they do, it fails to do something critical.

      For instance, Fusion Inventory Agent. On Windows, run .exe with configure flags. On Linux yum install RPM and give conf file. In this case, it's all set up, and will check in every 24 hours, and grab all other settings from the server.

      On Mac? lol for the longest time you couldn't get it to install. Last time I tried, it installed, but only ran on boot. No way to get it to run every hour or whatever. Of course, I'm not a Mac guy, but I didn't need to do anything beyond software install + config file on Windows or Linux so . . .

      Puppet? Run MSI with installer flags. yum install rpm with conf file. On Mac? It installs as the user, who, even when admin, doesn't have permissions to run systemwide, or run on a schedule.

      So now I still can't really manage the macs like I can Windows and Linux.

      Snark over - it's what you're used to. There are problems with all OSs...

      --
      Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
  4. Re:Photo of Microsoft scammer by Anonymous Coward · · Score: 4, Insightful

    Do not click this link. You have been warned.

  5. NoScript by DrunkenTerror · · Score: 5, Informative

    There are ninety (90) scripts trying to run on that page.

    1. Re:NoScript by Anonymous Coward · · Score: 5, Informative

      This always seems to come as a complete surprise to many people, but you can just link directly to an audio or video file. You don't actually need any javascript "playback controls". My OS will take care of that just fine, thank you, and play the file when I click on the link to it. That's what it's for. And it's far more trustworthy than some random site's pile of javascript doing who knows what.

      So yes, zero script is the preferred answer. Like the GP, I disable them locally, so only sites I wish to allow to run scripts can run scripts.

  6. feels like the 419. by nimbius · · Score: 4, Insightful

    fake support calls are eerily similar to 419 scams in confidence artistry but it bears remembering why and when these scandals have taken place. In nigerias case oil discovery led to british and american interests propping up a series of dictators favourable to their interests yet despotic to their own people. After a few violent uprisings, oil export dropped to 40%, and largely has never returned. nationalized exports, systemic corruption, and a dearth of unemployment with a sizeable population of educated adults led to the 419 artistry and arguably an increase in piracy.

    in Indias case, rampant corruption and high unemployment combined with a tech industry that favours low worker pay and aggressively combats everything from workplace safety to union organization and benefits has led to the tech support scam, born from the confidence and trust of americans and europeans accustomed to the dulcet tones of the south asian tech support worker.

    --
    Good people go to bed earlier.
  7. These guys call me every few months... by H0p313ss · · Score: 5, Interesting

    ... and depending on my mood I have several strategies;

    1. Just tell them you only have Linux, they'll hang up immediately.
    2. Musical hold, put the phone next to a speaker and go on with your life.
    3. Tell them you have several computers running various Windows versions, which one did you mean... do you have a hostname or IP address so I can narrow it down? You don't? So how do you know it was my machine again? Really? ... So can I speak to your manager. (So far I've never got a manager.)
    4. Pretend to follow along with their instructions, honestly the most time consuming and least satisfying.

    But the problem is not with us, it's with Joe User who for some reason is unaware that Microsoft isn't phoning everybody. Never underestimate the power of human stupidity.

    --
    XML is a known as a key material required to create SMD: Software of Mass Destruction
    1. Re:These guys call me every few months... by I4ko · · Score: 5, Funny

      Last time I got one of these I was in a playful mood and pretended to be an illiterate, however I answered their questions like I was using a VAX via a green screen VT-100 terminal. Took them 15 minutes to say - "aaah, we are sorry, we don't support that". Especially when they asked me what is the key on the left of Alt and I told them I don't have an "Alt" but a "line feed".

    2. Re:These guys call me every few months... by Anonymous Coward · · Score: 5, Funny

      Recently discussing this with friends we came to the conclusion that the best approach would be:
      State that your girlfriend/wife is the main user of that computer.
      Get increasingly angry that "she" has broken it
      Say she's just come home and you'll be back in 2 minutes - you need to talk to her
      Go into another room, shout, make some loud banging noises then go silent.
      On the phone say "oh god what have I done" repeatedly. Maybe cry.

      Once they hang up, carry on as normal.

  8. Which computer? by bradvoy · · Score: 4, Informative

    I received one of these calls a few weeks ago. After the scammer informed me that my computer was compromised but he was going to help me solve the problem I thanked him for his help and asked him which of my computers was infected. He seemed surprised by the question and said, "You have more than one computer?" I replied that I have several and surely he must be aware of that because he had just described the extensive monitoring Microsoft was doing. He said it didn't matter which one; just go to one of them and follow his instructions to get rid of the infection. I said that surely I need to go to the one that is infected to clean it, but he again claimed it didn't matter which one I went to. I pushed the point that if his monitoring was able to detect an infection then surely it must be able to identify which of my computers was infected. He started becoming beligerent, almost shouting that it didn't matter which computer had the infection but that I needed to go to one of them immediately so he could help me clean it. At this point I called him a liar and asked how he felt about lying to and stealing from people. He really started yelling at that point, and I just hung up. I haven't heard back yet.

    1. Re:Which computer? by Opportunist · · Score: 5, Interesting

      It saddens me to see what kind of amateurs and dazzlers muscle into the ancient trade, if not art, of grifting. A professional would have said something akin to "Hmm... sadly I only have one set of data here and it doesn't say exactly what it is but from what's installed that would be a ... laptop?" Chances are that you have a laptop and maybe only one.

      Ah well, heavy sigh... But then again, everyone who perfected the art of sweet talking, telling people what they want to hear and at the same time making them fear the world as they know it comes to an end if they don't listen to him and pay him for it has long since moved on into consulting. More profitable and even legal!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Here is an detailed video (of another scam) by mtbrandao · · Score: 3, Informative

    http://youtu.be/GVQoAlQrnSg

  10. Re:Was it a "nice try"? by wierd_w · · Score: 3, Insightful

    depending on his locality, that might be illegal speech.

    (and yes, there IS such a thing in the US too.)

    Better story:

    dont tell them that you are onto them. Instead, monitor the honeypot and see what they install later, what they use the compromised VM for, and build an actual case against them.

    It's one thing to say "these people are taking over computers". it's entirely another to clearly show what they do with the computer afterwards, and build a profile that can be used to detect compromised systems based on activity patterns, then publish.

  11. Re:Photo of Microsoft scammer by robbyb20 · · Score: 5, Funny

    Crap, i clicked on it.

  12. Re:They tried... by cusco · · Score: 3, Funny

    Even more epic fail, I've worked on the MS campus a lot, and in fact installed much of the security hardware. I take them on a mental tour of the campus, trying to get them to tell me what building they're supposedly working in, ask them whether the Ms Pacman machine is still in that stairwell, etc. It can be fun.

    --
    "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  13. Re:You can't fix stupid by Altrag · · Score: 3, Insightful

    Define "stupid." Would you be able to tell when an auto mechanic is BSing you? When your contractor does a half-assed job building your home but still charges you full price? Any of 1000 other scams that are out there attacking areas of knowledge you haven't studied?

    Just because a person can't tell a mouse from a memory stick doesn't mean they're stupid -- it means they don't know about computers. And that's still a large portion of the population, even among the younger crowd ("can use Facebook" does not indicate "knowing about computers" in any useful sense.)

    Because most people have no need to know. Just like you don't need to know how to design and build the car you drive or the house you live in, most people don't need to know every detail about computers in order to use them.

    There is (or at least should be) an argument that because computers (/phone/tablets/etc) are increasingly storing large chunks of our critical information that we should be training everyone in at least basic security.

    Of course that's easier said than done. Its hard to make a full-term course out of that to push in public education (where they don't have the funding to support existing courses anyway.) Doing it as one of those three-day seminar type courses would be great except how do you convince more than a handful of people to attend? And nobody wants to see registration and licensing for basic computer usage (enforcing a minimal amount of training in order to obtain the license) -- even those who think programmers should be licensed generally wouldn't go that far.

    So until someone figures out how to educate the entire country (/planet!), just calling people "stupid" and shutting down the conversation isn't helping anything. Or you know, since you're apparently perfect at everything (otherwise you'd be "stupid" too) maybe you can be the one to figure out how to solve the problem!

  14. works in linux too by mejustme · · Score: 5, Interesting

    Maybe 3 years ago I played along with such a caller. I run Ubuntu, but didn't say anything to them about what o/s I was using. When he asked me to visit a web site and download a Windows file from a web page, I laughed inside, thinking nothing would happen. I downloaded the .exe from a throw-away Ubuntu VM I had. Unexpectedly, Ubuntu downloaded Wine, installed it, then ran the .exe file. I was both impressed and scared that Ubuntu had done this automatically to run the .exe file. This resulted in a completely empty Windows (Wine) desktop, to which they of course quickly tried to connect. I kept "accidentally" disabling their control, so they could only look. When I finally gave them access, they were very confused that it had none of the usual Windows applications and menus they were expecting to see, nor did their usual password changing and locking work. More and more people on their end of the call were talking on the phone, trying to figure out what was going on.

    After nearly an hour on the phone, I had enough and told them I was a software developer, and they hadn't scammed me. They swore at me and hung up. Immediately, I got a phone call from someone else saying he was calling to help me unlock my computer for a fee. Obviously as soon as they lock a desktop, they must trigger something in their call system so someone else calls back to earn some money.

  15. Re:You can't fix stupid by toonces33 · · Score: 4, Insightful

    Define "stupid." Would you be able to tell when an auto mechanic is BSing you? When your contractor does a half-assed job building your home but still charges you full price?

    Generally yes. I know enough about these things that I already have a pretty good idea what is going on with a car that I can take it to a mechanic and not get ripped. For example, does your car make a funny noise? Well you can do simple tests to try and narrow down what makes the noise change, and this gives you a good idea of what the problem might be. I just don't have the time, the tools, or the shop space to do a lot of these jobs myself, so I pay someone to actually do what I need them to do.

    Same on the house. Simple jobs I do myself, other ones I will hire someone to finish things out. In many cases I might not know exactly how a tradesman would do a particular job, so I will watch for a bit so I can learn something.