I had someone phone me the other day asking me if my Sky Box was working correctly. When I asked him why he thought it wasn't he got evasive (I don't actually have a Sky box) and when I asked if he was a scammer he hung up.
Malware-pushing scammers appear to be stepping up their use of telephone-based pitches, resulting in an increase in reports from the UK of high-pressure cold calls designed to trick people into installing rogue antivirus products and other nasties. Over the past few weeks, at least two people close to The Reg — including …
I played along, caller asked me to do start - run - then type "prefetch" and press enter. Apparently this displays "a list of corrupted files downloaded from the internet". So not the Windows prefetch cache then. I kept them on the phone about 15 minutes by playing dumb, just wanted to run up their phone bill. Eventually I just said I knew they were scamming me and they hung up. Good fun trolling them for a while though.
...is what I tell cold callers. If they become indignant, I go on to say that lacking any vetinary qualification I am unable to give advice on which end of the pig they should use. If that doesn't get rid of them I become really offensive. Because of the notoriously delicate constitution of the average Reg hack I cannot possibly go into details. Even the BOFH would be impressed.
This happened to me a while back, the caller said my computer had been infected and I needed their help to rectify the problem, I kept them talking for ages and went through all the motions, out of curiosity. After about 20 minutes of them trying to log into my PC, I mentioned that that I didn't have an internet connection and they hung up, hehehe
It still cost them a few quid for the wasted call.
Paris, because she can login to my pc anytime
I never give out my real landline number in any online form
if the company need to contact me, then the email address should be good enough
just reverse your phone number (last 4 digits) or 5 if your paranoid
I've given up smoking today, NOBODY, and I mean NOBODY needs to question my logic, or i'll SQL you into infinity.
Obviously not you, nor I, nor any of the other posters here. Unfortunately, though, readers of El Reg are not representative of computer users at large. Which is why I often lament the change from PCs being expensive, geeky toys to a cheap commodity.
*sighs and goes all nastalgic about a time when I was the only person I knew with a computer of any kind, and I was far too geeky to attract women. It was the wrong thing that changed, damn it! ;)
I suppose the trick is to play really dumb; "I don't have a mouse, I have a rabbit", "I pressed the on button, now do I want delicate linens or extra rinse?", "this cheese won't fit in my floppy drive unless I cut it up first, don't make me tell you a third time", "A virus? The doctor already gave me piss for that", "Why would I put the pills into my computer?" etc
...people who frivolously post their telephone numbers online are most affected by this? If so, it kind of serves people right imo, even those who allow their phone numbers to be published on online directories or corporate websites, you're kind of asking for it!
Kinda reminds me of those morons who post their full address details on Facebook because their parents are out of town and they're having a house party, then wonder why their house is trashed, along with fights and street riots ... does this actually happen or am I reading too much of the Daily Fail? :-)
Suffice it to say its not happned to me or anybody I know. I will gladly eat my words though if it does happen! ;-) But I think I'd probably just have a bit of fun with them and ensure they're kept on the line for as long as is possible too!
I had this a while ago and thought it quite dodgy at the time. I was phoned and they said they were Microsoft support personnel and that they had been given reports that my machine was infected and sending viruses to other machines and they could help me fix it. I strung them along for fifteen minutes trying to act like a moron and getting web addresses wrong just to piss them off, then acted like my system was win95. The guy got so frustrated on the other end he ended up just putting the phone down on me. I've had about 3-4 of these calls in the last year or so.
First time - I was sitting in my friends office, so it was plausible that he might have a remote monitoring service. When they couldn't tell me which computer of 3 desktops and 3 servers had supposedly informed them about the virus, I got suspicious and then the line went dead.
Second time - at home. I again asked which computer (though I have only one), again dead line within moments.
Both cases sounded like Indian subcontinent call centres.
[I believe the Skybox scam is to get you to buy a warranty you don't need.]
Got a call from them on Saturday morning asking to speak to me. So I ask who wants to know and an Indian man says he is from 'Windows Operating System' . At this point I ask how they got my number (always my first line since I signed up to the telephone preference service, and they shouldn't be cold calling me anyway!) and he says he got it through 'the international routing system' and that he is calling because my computer has been reporting a large number of errors.
Anyway, having failed to get him to explain satisfactorily how they managed to convert any IP address information into a telephone number, and being somewhat partial to Saturday morning cookery programmes, I'd had enough and told him 'This is a hoax call, and I don't want to continue with it' to which he replied 'Neither do I' and put the phone down.
I'm amazed scammers find this worth their while. This is like olde-worlde scamming, involving real con-artist time and actual con-artist skill. This is a major step backwards from scam websites and phishing, where you could attempt to scam thousands with no additional effort on your part.
Is the interweb no longer delivering the promised increased productivity to scammers? What's next? Hustlers approaching you in the street, offering to "fix" your iPhone?
This should really be reported by the news or watchdog as even though great for theregister for reporting it, I think the readership already would not entertain these calls. The really vunerable are those who do not visit here....
And yes I had a call from these guys and kept them on the phone for ages. Was interested to see what they were doing. I just did what I was told and answered honestly. We went through my event log, but since I had just cleaned it, it had nothing wrong.
Then I was told to check task manager to find out how much my proccesor was being used. 1% I replied and that all 8 of my bar graphs showed hardy any activity.
So your computer is running slow I was asked?! No I responed, there is hardy any activity so it is fine. I was then asked how long it took to boot my PC. I responed about 30 seconds.
I was told that I was just stringing them along as PC's don't boot that fast and don't have that many cores and they hung up. I was tell the truth, I have an I7 CPU and a fast SDD to boot from. You just can't help some people.....
Exactly! All the while I'm reading this I'm wondering how to stop my mum from falling for this stuff when the only way she'd remember not to is if it was reported by 'the Government', the Police or the mass media. Or some other equally clueless old dear. i.e. one of the sources she can't conceive of telling anything but The Truth, The Whole Truth, and Nothing But The Truth (while she won't think I'm lying to her, she will think I'm exaggerating wildly).
PCs only don't boot in 30 seconds when any of these are true:
- It's an old install, especially one of Windows
- You've got a terrible BIOS (at least, it takes an age to even get to the OS loading screen)
- Your RAM/etc is fucked up, or you've just got an utterly awful spec
- You've not formatted a PC when it comes from HP/Dell/any-other-manufacturer with all their tonnes of OS-buried crapware (my HP laptop XP wouldn't notice the Wifi when I uninstalled HP's crapware)
- You're a gullible technophobe teenager (making up about 99% of us teens, I'd expect) who installs everything that has blinking lights and cute animated bunny gifs ... and a ton of malware
My years-old HP laptop but now more on the order of netbook, which even with XP lags sometimes, boots Ubuntu very quickly even with you navigating menus for dualbooting (MBR, grub2).
If they use teamviewer.
You can reverse the connection :D
and then the second youve done that you disable remote input
disabling remote input is very usefull for user who keep on trying to use the mouse whilst you are or Nicking your mates dekstop and proclaiming to the worl that he has a small willy to all his MSN contacts and listen to them fume untill they hit the reset button LOL !!!!
ahhh that was a funny evening !!!
Not new. Here's something I wrote on our company's internal newsgroups back in Nov 2009:
Got home on Tuesday to hear my wife tell me that she'd been phoned during the day by someone from Tech On support who are a UK supplier of support for Microsoft XP, that they'd received a report from Microsoft (via the error reporting system) that we'd been having trouble and that they were going to help her.
Being far from stupid, and very suspicious, she took down their (01865, Oxford, UK!!!) phone number and said that her husband might call them back.
I duly did, for a laugh, having googled first. 'twould appear to be a known scam, they'll charge you upwards of £100 to remotely "fix" your computer for you, and will talk you through the process of opening your firewall, etc, to let them in. Marvellous. The even have a website to tell you how great they are.
The "Oxford" phone number appeared to redirect to a (judging by what I heard) VoIP link to somewhere in India.
After hearing the spiel I asked, somewhat forcefully, exactly how they had come by my phone number. I was put through to a "supervisor" who explained to me that they had an R&D department who received these fault reports and supplied them with details of the users so that they could phone up and help them.
Had this for the 2nd time in as many months. So this time I played dumb and went along with them for a while. He started to get a bit annoyed when I said I couldn't find the 'start' button on my screen.
After 5 mins I then mentioned that I had a 'penguin' in the bottom left. He then hung up.
...I've had genuine cases of that at work. Grown men and women, unable to use the most basic PC interfaces. How do people get these jobs?
As for scammers, they tried this on my elderly Dad a few weeks back here in Oz. He was plucky enough to get a working phone number out of them. He even called back, sure enough the same scammer, errr person, answered (kids screaming in the background mind).
Duly reported to the authorities and no harm done at his end.
What this tells me is that Windows security has finally been beefed up to the point where they can't just quietly bust in to your system anymore, and need your cooperation to do it. This really is good news. They are expending manpower resources to call people now. Perhaps their costs will go up enough to make the malware business uneconomic.
I had a customer who was stung by this last week. Quite convincing to a computer illiterate . An Indian gentleman named "Scott" phoned her up claiming to be from Microsoft claiming her PC has a virus. They got her to go through a number of things on her PC to 'prove' it's faulty or virus ridden. Then they instigate a remote access session on the PC via logmein123.com. Finally getting her to part with £180 for a 3 year 'support contract' or something like that. They even send an email to themselves from Outlook Express claiming that she has read their terms and conditions and has accepted the £180 fee. Email was sent to firstname.lastname@example.org Her credit card has now been cancelled - hopefully before any more funds were taken. A Malwarebytes scan and AVG virus scan didn't pick up on any dropped spyware, so it looks like this is a ruse to get cash/credit card info. Perhaps.
It also interesting that they knew her name and telephone number (which is ex-directory). This information must be leaking to these scammers somehow. Coincidentally she has recently bought a new Dell laptop - knowing the latter's penchant for Indian call centres, could this be a vector?
Seems like there's a lot of it about - though it's the first time I've personally come across this particular scam. cf:
Is there any chance of getting the Bangalore / West Bengal police involved in making life difficult for these fraudsters?
...where the recipient pretended to be a police officer investigating a homicide detective and just about made the cold-caller crap themselves?
Imagine the fun:
(Phone rings) "Uh, hello?"
"Yes Sir/Madam. This is Bob from MS Security, your PC has a virus. We need to install anti-virus."
"Really. Wow. How do you know?"
"We monitored your PC and saw virus activity."
"OK. Please don't hang up, I just need to go into the other room."
"Sure." (Now find something that makes a clicking noise. Click it)
"Can you just repeat, you monitored my PC?"
"Oh yes, it's all part of the service and for a mere £75 we can cure you of virus!"
"Thank you for confirming on record that you monitored our systems."
"You have called and just confessed to hacking and monitoring a Royal Signals Networking Bunker" (or something)
"No point in hanging up, we have already traced this call and your location. Your co-operation may mitigate any action taken against you, which could include life in prison. You've got no defence, I have your confession on tape. So, tell me your real name and who you work for and I'll do my best to help you." (and just carry on making crap up for as long as they stay on the line or you can be bothered for)
You probably won't get anything from them...but it would at least provide some amusement.
All the smug people here stating 'I strung them along, they hung up, fnah fnah fnah' - yeah, we get it, you're computer literate.
You are NOT the target of the scams. The elderly and computer illiterate are (this doesn't mean people are stupid - surprisingly enough, there are perfectly intelligent people around who just don't want to spend all their time on computers).
If my parents were called by one of these scammers, they'd totally fall for it. I'll add it to the list of things to warn them against. In the meantime, I hope the scammers will give up when they find out I set my parents up with a Mac; most targets won't be so lucky.
Though in my case, I can walk a door-to-door caller a few yards down the road and point out the large "No Cold Calling Zone" sign on the lamppost with Trading Standards number.
Not that I remember it either - most of the time I say something to the effect of "keep walking" . Perhaps I should photograph/document their ID badges first then report at leisure.
The criminal phones up a Register reader and tries to sell them antivirus software for twenty minutes. Meanwhile an accomplice breaks in through the bathroom window and steals all the Register reader's stuff from upstairs. Sheets, towels and the wonky old DVD player mainly, but if it's worth collecting old clothes from gullible householders and selling them in eastern Europe, it's got to be also worth nicking them.
Will happen now that India is making electric vehicles so that you don't hear the getaway car running outside.
Had an Indian sounding chap ring the other day, my wife took the call. When she said she was going to pass it over to me he hung up. Gave some sort of crap about my PC was sending errors... yeah, and somehow miraculously manged to also send you my phone number.
Would have loved to have had a conversation with him... Trouble is, even as rediculous as this scam is, some people will still log in and do as told.
from these buggers for a few weeks, until last Friday. Usual, Indian or Pakistani-sounding accent, told me he was calling about my computer. I checked later on the TOPS site that I was still listed as not wanting cretinous cold-calling dingbats on my telephone line, trying to sell me malware, stone cladding or double glazing, so I can only imagine that these scammers are not registered as a legitimate business in the UK. Not registered anywhere, I suppose, unless Ankh Morpork has a Scammers Guild.
The first time I had a call from anyone telling me that my computer was emitting bad vibes - not quite what he said but it'll have to do - I asked the guy what evidence he had. He told me that my PC was badly infected and that his company could trace this through the miracles of the Vorld Vide Veb. He then went on to prove that not only was he a terribly bad liar, but that he knew nothing whatsoever about computing. I'm rarely rude to anyone over the phone, excepting my wife, of course, but I did tell him that I thought he ought to go out and find a proper job when I told him that I use a Mac and he asked me which version of Vindows I was running.
Anyway, it's all very well Reg readers being all smug and clever with these shysters, what happens when they call your mum or your granny and tell them that their PCs are rich in malware? I've warned my wife's parents about these callers but if they got a call from someone sounding even vaguely professional who told them that their Dell had a dose of something whiffy, they'd probably listen and go through the motions as requested by these crooks.