I was so glad to hear some action has been taken in this area though I'm sure this problem of fake tech calls/scams are here to stay for the foreseeable future.
Being that this is a tech site, I was wondering how some of you guys are taking this matter into your hands since I have actually received several calls from these self-described 'MS tech reps' and can only imagine many of you are as well. Armed with the most basic common sense and technical know how, it doesn't take much to turn the tables on these goons and have a little fun in the process!
Just recently I received one of these scam calls and posted my experience on my blog. I thought I would share it here as well for those of you with a sense of humour. Here it is:
How to screw with a windows tech support scammer
.. and waste a bit of time in the process. Yes, don’t point and laugh at me because what you’re about to read was clearly a wasted two hours of my life. I’m on holidays, damn it! I deserve to rot at my computer and have fun in the process!
So after having read this article from arstechnica entitled, ‘How Windows tech support scammers walked right into a trap set by the feds’ (and having a few run-ins with these guys in the past) I wanted to up the entertainment factor a notch. You know, being that I’ve finally begun my holidays and wanted to indulge in some wasteful time in front of the computer, that is. ;-)
I started my little experiment by powering up my MacBook and Parallels (VM Software). I then slapped a fresh Windows XP install on an old external hard drive I salvaged from a broken PS3. I cut off access to my hardware and network and went a step further by enabling a bridged wi-fi connection to an un-used router. Once I was in my new virtual machine, I logged into a virtual network several hundred miles away, thus obscuring my IP. With this safe environment of anonymity and my intent on recklessness, I began my quest to ravage my desktop and have it resemble that of stereotypical male teen (or my next best guess). I downloaded a virtual, pole-dancing, desktop animation program, I splashed my desktop with porn jpgs and links. I googled “free game downloads” and snagged a few crapware apps. (casino apps, strip poker games...) The icing on the cake was the XBOX 360 visual style theme I installed. I only allowed 512MB ram to make sure everything ran extra sluggish. Vandalizing windows proved to be a bit of a kick because it went against all of the careful surfing habits I’ve been practicing over the past decade. I highly recommend trying it at least once! But I digress - you get the picture - The OS was a shameful wreck of crude files, links, programs, etc. (as much as one person can accomplish in one hour)
I was done, and I looked upon the monstrosity I created with pride. I then wondered, “how long will it be until I get my next call for this creation to actually have any use?”. I surfed over http://www.supportonecare.com (as referenced in the news article about the take-down) to see if perhaps there was a way I can get the wheels in motion. The link was down (thanks to the efficient work by the FBI), but the search yeilded a link to another questionable website. I was immediately presented with a form asking for my name, email, and phone number to receive assistance for “tech problems”. My shady walk through the internet had met its limit, and needless to say, I did not use the form. But my heart near skipped a beat when a minute later, my phone rang and displayed the dreaded “Private Number”. Could it be?????
Yes, yes it was. I haven’t heard from these guys in months, so the fact that I was called right then and there just blew me away. I have an old land line and so how my (filtered) web surfing might have been linked to my home phone number is perhaps a testament to some very sophisticated criminal techniques I’ve yet to learn about. That, or is was just an insane coincidence.
Anyhow, I was happy to take the call. I’ll spare you the mindless, ear-full of jargon I was given during our 30 minute discussion, but I’ll just say I played the part of the naive pc user, let them install their remote software and give me all kinds of wildly bogus statistics about my “infections” and “vulnerabilities” (some of which might actually have existed after my hour rampage of downloading LOL). Apparantly even the yahoo mail account I had created only 10 minutes prior even contained 200+ compromises! Not too shabby!
The guy on the phone (your usual Indian accent call centre rep) particularly enjoyed my pole dancer displaying her goods during the entire time he was controlling my desktop. As for the other questionable files that littered my desktop, he had nothing to say. It’s unfortunate their remote software disables the desktop wallpaper - I chose a real winner here!!
I tuned out most of what he was saying since the TV had more entertaining content at the time. Listening got to be too tedious, and so I interrupted his ramble, opened up IE and told him to hold on a second and allow me do something. I surfed over the arstechnica article (linked above) for him to see. The initial graphic of the telephone with the big bear trap was a very nice touch and it helped quickly change the tone of the conversation. I got him to read out loud the headline. It was nice hearing him sound nervous as he got to the part about “the feds”. I scrolled over the end of the article and, with my mouse, highlighted the headline”…and the calls still come”, and said “that’s what this is”. I refrained from abrasive language and simply informed him he wasn’t actually connected to my computer (I earlier claimed to possess one, old, barely used pc in the home) and admitted he was connected to a virtual machine I had made that morning and that I was just wasting his time so someone else wasn’t being scammed in the mean time. Hung up, and thought, did that actually just happen?!
A side note: I watched “Jeff who lives at home” yesterday and so this morning I asked myself as I woke up on my first holiday day from work, “I wonder what fate-lead event might be awaiting me today and will I be receptive to the signs?” (humorously, not literally) LOL For those that have seen the movie (I loved it) maybe by wasting this guy’s time I might have had some ripple effect on someone else’s life that may have otherwise received a call. Who knows. :-)
---------------------------------------------------------------------- Afterthoughts: Provided I ever have the time to waste like this again, I think I would repeat doing this. To make the call even more awkward I was thinking about maybe having some porn sounds playing on my cell phone so that the audio would pick up during the conversation. And why not, they're going to such lengths to attempt stealing my money, the least I can do is gouge a chunk of time from their work day and make it awkward/bizarre in the process.
I particularly like the audio clip of the guy that got called and took 20 minutes just to get his internet up and running on his "old computer" with (faked) dial-up... using the whole dial-up tune and all! (I wish I can remember the link)
Legit Telemarketing stories aside, do you guys have any other great windows tech support scam stories to share?
I havent been gamed by these guys...... yet. Its a great idea though, you could probably make quite a bit of money if you and 10 friends all got in on it.
Can someone explain to me why there hasnt been any kind of reverse virus? Like Antivirus that you can collect in a drive by download.
It would pop-up let the user know that their system is getting scanned and the program will uninstall itself after. I imagine the internet (Or a significant portion of the out of date / unprotected systems) would see a HUGE drop in infections, and a severe blow to may botnets.
Wanamingo, I think you misunderstand the information in the article.
These "support" calls are originating from India, most likely over skype, and are targeting naive people that believe their claims that their computer has been compromised by software vulnerabilities and give their money away to have their computers "cleaned".
The reverse virus to this problem is common sense and a unwillingness to hand over your credit card information.
If you're a POS lowlife then sure, I suppose this line of work would probably be fitting for you. Just try and set up shop here in North America and wait to see the outcome of your entrepreneurial efforts.
Oh no I understand completely, its a good con. Not that Im advocating such a thing at all.
I was thinking if someone packaged Mbam into a pre-made trojan delivery system or some such.
Definitely low lifes but I think its interesting what some people will do for money. I mean you can go to school in Russia specifically for writing exploits and malware. Writing a good virus will make you a multiple millionaire overnight, not to mention the potential botnet you could have control over.
ahh, ok, then I misunderstood your response. Yes, I see what you're saying about a trojan.
I have not heard about those Russian courses. It boggles the mind. The morally trained mind. I suppose if you had no conscience these sort of career paths would make a lot of sense. Oh, those whacky Russians!
Yes I tend to just let the drivel slowly fall out of my mouth and then my hands mutilate the words before I can pound the correct order of keys to make sense.
The best white hats were usually bad fellows at one point. One of my college profs was a white hat for the military and his job was to literally go to military bases unannounced and try to gain access to places he shouldnt have access to. He would write a little report on security recommendations and move on to the next base. Sounded like a great way to travel around the world.