Post subject: "Microsoft support center" scam call
Editor, Reviewer, Experienced player (980)
Joined: 4/17/2004
Posts: 3109
Location: Sweden
Got a scam call from "Microsoft Support Center" for the second time. This time I played along for a while, pretending to follow the steps he gave, until I said that the command he gave me didn't work, and he asked me to spell out the command I had typed in. I said "R, U, kidding, me". He hung up. :( So I spent some of his time, but I didn't really achieve anything. Any suggestions for what to say if they call a third time? Perhaps there is some way to counter-infect them?
Cooljay
He/Him
Active player (397)
Joined: 5/1/2012
Posts: 468
Location: Canada
Tell them you use Linux or Apple. If they claim they are Microsoft Support, then they wouldn't be of much help with a different OS :P
Editor
Joined: 3/31/2010
Posts: 1466
Location: Not playing Puyo Tetris
For the protection of all, delay them as long as possible. Make 'em suffer. I miss those calls. :(
When TAS does Quake 1, SDA will declare war. The Prince doth arrive he doth please.
Editor, Reviewer, Experienced player (980)
Joined: 4/17/2004
Posts: 3109
Location: Sweden
Cooljay wrote:
Tell them you use Linux or Apple. If they claim they are Microsoft Support, then they wouldn't be of much help with a different OS :P
That would be a good way to get rid of them, but if you want to do that it's easier to just hang up. I don't want to get rid of them, I want to hurt them. :)
Joined: 12/31/2009
Posts: 174
Truncated wrote:
Cooljay wrote:
Tell them you use Linux or Apple. If they claim they are Microsoft Support, then they wouldn't be of much help with a different OS :P
That would be a good way to get rid of them, but if you want to do that it's easier to just hang up. I don't want to get rid of them, I want to hurt them. :)
I have Microsoft's Virtual Machine set up with multiple instances of Windows specifically for these calls. You could play along (preferably with all the sharing disabled and networking under lock and key) and see what they are trying to do. I was even able to get a guy to stay on the phone for 30-40 minutes because I told him I was having problems installing Windows 7. It sucks for him that it takes forever on a HDD. When I get bored, I google the number/area code and ask them how is the weather.
Banned User
Joined: 3/10/2004
Posts: 7698
Location: Finland
I didn't quite understand how this scam works. From the linked article it sounds like they make you buy an anti-virus software... Is the idea that you are buying it from their website rather than from the software's official one, and hence you are paying them?
xPi
Joined: 8/1/2008
Posts: 58
I've watched a bunch of youtube videos about this and this is what I've gathered. you're paying for them to operate your computer remotely with logmein support.me or ammyy and run a bunch of free anti-malware scanning tools (they prefer logmein because they can send and run executable files directly through the remote control connection) they could be doing anything to your pc during the remote control session. the phone call always starts with some nonsense spiel from a script which is the first scare attempt. it includes directions to open windows event viewer which is the second scare attempt. the next stage is connecting the remote control tool and if that works, random free scanning/cleaning tool are ran (varies between different scammer groups. there could be a hidden payload in the executable files that were sent) next stage is closing the deal, they call it a free software maintenance subscription and it costs a lot of money (50-200 usd). they insist that it is free and is an annual fee at the same time. the remote control guy will launch a url/browser with some site that allows you to give them money using a credit card. note that the remote control connection is still active, so they can watch the form being filled in. I've noticed in this video that the person entered garbage into the billing form, and then the remote control guy promptly ran msconfig and turned off all windows services and set safe boot with command line so that windows will run in a barely operable state. http://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html
Editor, Reviewer, Experienced player (980)
Joined: 4/17/2004
Posts: 3109
Location: Sweden
Warp wrote:
I didn't quite understand how this scam works. From the linked article it sounds like they make you buy an anti-virus software... Is the idea that you are buying it from their website rather than from the software's official one, and hence you are paying them?
As I've understood it there are several variants. One is that they charge you for help with removing errors and installing software. Another is that they install a back door on your computer (if you let them remote control it) and use for the usual things - stealing passwords and bank info, bot netting, etc.
Skilled player (1653)
Joined: 7/25/2007
Posts: 299
Location: UK
Yeah, I've had about 4 calls concerning my 'VEENdows compYOOTer', the bastards.
Editor, Player (44)
Joined: 7/11/2010
Posts: 1029
Warp wrote:
I didn't quite understand how this scam works. From the linked article it sounds like they make you buy an anti-virus software... Is the idea that you are buying it from their website rather than from the software's official one, and hence you are paying them?
The way this sort of scam typically works, the scammer is trying to get you to pay money for what they claim is anti-virus software, but which is useless at best and actively harmful at worst (if you're a scammer and have persuaded someone to install software, may as well make it a trojan and get a bit extra out of the deal). Normally, the steps that they recommend you to go through beforehand are designed to convince you that your computer is infected.
Banned User
Joined: 3/10/2004
Posts: 7698
Location: Finland
Actually, after reading those blog posts and watching those videos, it seems that the scam is that they provide you a "service" (that you don't really need) and make you pay an annual fee for it. They convince you that you need it by spouting some BS about your computer being ridden with malware, by convincing you that all the warnings and errors in the event logger are signs of this. There might also be more nefarious goals because they leave LogMeIn running in your Windows (autostarting on boot) that leaves them continuous unrestricted remote access. Convincing someone to pay you money by misleading and lying to them is unequivocally considered fraud in the vast majority of jurisdictions, and leaving what amounts to a rootkit in their computer that they can access at any time without notice breaches computer security laws in many countries as well.
Warepire
He/Him
Editor
Joined: 3/2/2010
Posts: 2178
Location: A little to the left of nowhere (Sweden)
I got one of these calls, they never dared calling here again. My response may not have been entirely ok legal-wise, but it appears to scare them off: "You do realize you called a police officer that works with internet fraud, right?" Never had anyone hang up on me that fast before.
Skilled player (1743)
Joined: 9/17/2009
Posts: 4986
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
I've found this, and since it's relevant to the topic, I'll post it here:
BMWxi wrote:
so recently we have been getting a lot of calls from "your windows service center" saying that "viruses are downloading themselves onto my hard drive." They are fighting them off, but they need me to download a program to block them or "all of my personal banking informations could be stolen by the malicious viruses on my hard drive." Obviously they want me to download a rat of some sort, but this time I decided to play with them a bit first. Me: I need to go turn on my computer, 1 sec. Them: Ok this is very important, hurry. Me:(10 min later) My computer won't turn on. Them: This is very bad, the virus may have infected your power supply configuration.(dafuq?) Me: So how can I turn it on? Them: Unplug your computer and wait for a bit then plug it back in. Me: Ok. Me: (15 min later) Ok so it is on now. Them: ok, so go to your local disk, ok? now go to windows, now, inf, then esent folder. Them: now there is a file called esentprf.hxx, this is the malicious file. Me: I can't find it. Them: are you in your local disk? Me: yes Them: are you in your windows folder? Me: no. I can't find it. Them: What are your folders called that you see? Me:bin, boot, cdrom, dev, etc, home, lib, media, root, usr, and other stuff, but no windows. Them: ok the virus has hidden itself, you need to download the patch to block the virus. Me: ok: *Downloads nothing* Me: It won't work, Do i need windows? my computer is linux *They hang up* well, that was a good use of 30 minutes lol
That gave me a good laugh. :P