it is a start
for once, good move Microsoft. What took so long ? You were faster to claim linux fees, Oh wait
Microsoft has launched its first US lawsuit against companies offering phoney phone support for its products and says it plans further operations in the UK and India to stamp out the scammers. Fake tech support calls have been around for a few years now. A caller will claim to be calling from Microsoft technical support saying …
Well, duh - until now, people were just meekly buying them upgrades. Now they have to go on a charm offensive (which would have been impossible with Balmer at the helm anyway).
There's another angle to this - again, this is private action because the people who SHOULD do something about it (law enforcement) have AFAIK pretty much ignored the problem. This is fraud, plain and simple. WTF are we paying these people for?
I think that this is highly likely. If it is the case that MS have received over sixty-five thousand complaints it is very difficult to believe that many of these people have not also contacted the police. Given that fraud is a criminal offence it is difficult to understand why law enforcement agencies have not been pursuing this with rather more high profile vigour. Indeed this may explain why it has taken the time it has for MS to react publicly and to react by going the route of civil action - they themselves may have believed that the authorities would take action and are now doing so themselves precisely because of the lack of action from public agencies and the damage that this kind of thing does to a brand.
I have to agree with Arctic Fox, this is a police/Interpol problem, 1.5 Billion cannot be considered petty crime..
Also the Telcos know exactly where these calls are coming from, so surely it wouldn't take long to track the bastards down.
In the UK law enforcement are too busy chasing people for raising their voices at attention grabbing has been celebs / political zero's to actually investigate crime.
the Telco's earn money from the calls.....why would they inconvenience their shareholders bonus's by turning away money?
I think you might have hit the nail on the head with your mention of Telcos. There are many, many phone scams going unchecked these days. So many, they might represent the majority of calls on a considerable number of land lines.
The cynic in me can see Telcos lobbying behind the scenes in favour of a less than eager response from the "enforcement authorities". Or it could be that they're just bone idle - or stupid. Or all of the above.
Indeed, Khaptain. I do not in fact understand why the usual "authorities" have not, apparently, pursued the matter. It is obvious that Redmond would far rather that public law enforcement agencies showed some activity because that, to some degree, would get them off the hook. However, given the complete (apparently) lack of interest on the part of the federal law enforcement institutions it is clear that MS feel they have no choice but to go the civil route. That we are dealing here with large scale fraud which is AFAIK a criminal offence it is difficult to understand what the hell is going on here.
I suspect that MS want to take the profit out of this activity. A big hit would hopefully cripple the businesses and suggest to them it was not a good activity. Getting 10,000 victims to sue might be far harder. Since the victims acted from their own misguided understanding and given the weird state of what passes for the USA (in)justice system could well fail. A suitable packed jury would possibly side with the business rather than the plaintiffs.
Once MS have taken hopefully successful action there should be nothing to stop the victims also getting their slice of the pie or does the USA '(in)justice system' not work that way?
As someone who has had possibly well north of 100 stupid widows support calls I would be happy to target the callers with drones filled with all the nastiest stuff I could find to ensure a really painful fate. As it is I try to mess them about whenever I have the time, "Windows key? sorry I have just dropped it and the dog will not let me have it back.", etc.
The nice bit in this story is that MS want a jury trial. AFAIK the jury gets to set the damages in this sort of case, and it will only take a few jury members who's grannies have been duped by this to throw several tens of $m damages into the mix. Beats the slap on the wrist a UK court would deliver.
Well how about everyone who was scammed? Given what MS is asking is that they get the scammer's take and those who got scammed get zilch.
What MS wants to do is to increase the risk for people engaging in this scam (or make them at least move abroad, which is probably what will happen in reality). That MS seeks to reclaim court costs is understandable, that makes this form of marketing cheap and gives them the RIAA-alike impression that they are somehow law enforcement as a bonus.
This story amuses me. If Microsoft were held fully accountable for all the crimes they are responsible for, then I'm convinced they would be bankrupt. About the best you can say regarding this particular scam is that Microsoft only set the stage for the crooks.
If Microsoft had actually accepted responsibility for the problems in their software, then you can bet they would have designed MUCH better software in the very first place and the scammers wouldn't have such a juicy market of Microsoft so-called customers to pray upon. Heck, if the scammers have a sense of humor, they probably have a EULA patterned after Microsoft's that says nothing that goes wrong is in any way their fault or liability.
By the way, the "so-called" before "customers" is because of Microsoft's other major business innovation. They don't market to the actual victims AKA users of their software. The marketing efforts are targeted at the manufacturers, and we, the users, are merely obliged to go along, quality of the software being irrelevant.
Dare I post it? It certainly appears that any criticisms of Microsoft elicit lots of mysterious down votes. Hey, let's hear why you're defending Microsoft or I'll just assume you're a professional flunky or sock puppet of some sort.
"It certainly appears that any criticisms of Microsoft elicit lots of mysterious down votes."
Every major player has its faithful that will downvote anyone who dares suggest that their beloved Microsoft/Google/Apple/[insert company here] are wrong.
What has the poor quality of the software got to do with it? The very fact that these scammers have to ask you to let them access the systems shows that the software itself isn't at fault. The only reason that this is a Microsoft story is that the overwhelming majority of potential victims run Microsoft software on their PCs. Given enough time I'm sure there'll be an equivalent iPhone or Android scam.
Basically this is exactly the same kind of scam as the ones where people doorstep elderly people to sell them solar panels or home insulation that they don't need, or phone to sell insurance for problems that they don't have. They're simply unscrupulous crooks preying on the vulnerable. My Mum has had these calls, but is fortunately still savvy enough to recognise them for what they are. In a few years time she may not be.
Sure, Microsoft are probably more concerned about damage to their reputation than about the financial hit these users take, but if that's what it takes to get the problem addressed then go for it as far as I'm concerned. They've a better chance of success than anything an ordinary police complaint can do.
So, I downvoted you for the kneejerk "must be the supplier's fault" reaction, not for anything to do with defending Microsoft.
Much as I enjoy taking a swing at Microsoft - I do applaud their actions here. We are exclusively Linux but these scammers do assure us that they can fix our systems that have (apparently) notified Microsoft that they have been compromised. Except their script falls apart shortly after being told to press the START button ;-)
"Except their script falls apart shortly after being told to press the START button ;-)"
Unless they ask if the keyboard has a windows key. I spent the best part of 5 minutes playing dumb describing the content of KDE context menus before I got bored and hung up.
Okay, this specific comment merits a response. I should have included a mention that I, too, approve of Microsoft's positive actions, rare though they be. For example, Microsoft has been quite effective upstream in some of their legal actions against professional spammers. Though I'm not sure of the numbers, I'm confident MS is not showing a full tithe of contrition. Most likely they are just tapping a fraction of their marketing budget. "What is the cheapest good thing we can do for some good press?"
The other replies touched minor points, so I'll give them minor responses here.
Regarding the inability to profit without protection from liability, I addressed that point. Programming differently in this context mostly means defensively.
The more complicated defense attempts to absolve Microsoft because the criminals are taking the initiative in this specific category of crime. My basic response is that MS is still liable for two reasons: (1) They created a monopolistic OS environment that not only nurtures the scammers, but creates a convenient target-rich environment for the criminals. (2) They did not program defensively. Microsoft's approach is more like selling tanks to little old ladies who just want to go to church on Sundays.
I wouldn't downvote you for criticism (after all, they do deserve it), but for irrelevance to the topic at hand.
The scammers could do this with any platform, but it makes sense to use the one that is statistically the most prevalent in the home and with a bit of scripting this would work equally well for OSX or even Linux. So, for once, the cruddy quality of MS products is irrelevant to the story/crime.
You get down votes for not reading the article. This is a *phone* fraud\scam. They phone you up and tell you your perfectly working computer has a problem and then they talk you through installing remote control software. And yes - this does happen on Apple as well as Microsoft kit.
Most calls start with "we are from Microsoft" but I have also heard of ones from "Symantec" or "VirginMedia" as well as other official sounding names. At least one of my clients with a Mac was walked through a script that would have successfully taken over his Mac. (The only bit of the script the home user needs to follow is the installation of Remote Control tools... which is just as simple on a Mac as a Windows box)
What needs to happen next is Google need to stop promoting these same fake companies. So often I notice the AdWords have been bought up by these same scammers offering to "reset hotmail password" and other common phrases the average dumb home user types in. The phone calls are just the tip of the ice berg.
This sounds a little bit different from the fake "We've detected a virus" calls, with websites and adverts involved. Here, the investigators called the fraudulent company. Is it really the same people?
Frankly, it's getting so that I can't tell the difference between the crooks and the genuine support lines. They're the same accents, the same sorts of phone-line distortions arising from highly limited bandwidth, and staff with the same "blame somebody else" attitude.
I get more help with my computer problems from my cat (who knows what to do with a mouse).
The article did say a caller would ring the mark, so it is the same as the 'your computer has a virus' calls. Though they might have varied is slightly by suggesting the computer was simply generating errors and perhaps point you to the management information that few if any understand anyway.
I don't see why this criminal activity is MS's problem. I'm glad they want to help but surely the police should be interested. It's just fraud. People do a similar thing calling at the door and saying there's a problem with your gutters. It's not the house builder's fault.
Anyway what do you say to these callers? I'm tempted to string them along but usually haven't got the time.
> Anyway what do you say to these callers?
Use dig and ping to determine the IP address you're going to give them.
E.g.:
jonathan@Odin:~$ dig nsa.gov
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> nsa.gov
;nsa.gov. IN A
;; AUTHORITY SECTION:
nsa.gov. 900 IN SOA dsdn-gh1-uea05.nsa.gov. please_set_email.absolutely.nowhere. 2011061511 10800 3600 2419200 900
jonathan@Odin:~$ ping dsdn-gh1-uea05.nsa.gov
PING dsdn-gh1-uea05.nsa.gov (63.239.67.11) 56(84) bytes of data.
Attempting to install remote control software at that address should make life interesting.
All the callers I've gotten have had an Indian accent.
Since I'm retired, I love to have a little fun with them before I tell them I run Linux. Sometimes I tell them to wait for the PC to boot up, or "I'm going to get my credit card", then put the phone down until they hang up. If possible, I take the phone to the loo and give them an earful - no. 2's are my specialty.
Tell them you use Linux, that bowls them a googly* and stops them in their tracks.
*Note for American readers: A googly is nothing to do with internet advertising but is in fact a term relating to a superior ball and stick skill game (c.f. baseball) called cricket where a spin bowler bowls a ball out of the back of his hand which spins the opposite way to the way it normally spins. An excellent proponent of this skill was a rather fat poofy looking Australian called Shane Warne.
I usually fail to find the "Windows button" on my keyboard, which keeps them occupied for a while before their script jumps to using the Start button on the screen.
I also use techniques the some people who call be for legitimate support sometimes employ: when asked "Can you see X?" you reply "Yes, I can see X, and underneath that there's Y and Z and A and B, and C in small ...". I'm ever so helpful!
Once I got as far as pretending to install the remote assistance software, but "accidentally" kept reading out the wrong connection ID number. That stumped them for a long time.
Then, at some point in the script I decide I've had enough, and tell them to stop scamming people.
"stretch the call out for 10-20 minutes"
10-20 minutes? You're hardly even trying. My record is about 3-and-a-half hours. The joys of a cordless phone with a good set of batteries - I just carried it around th ehouse with me all mornign while I did chores, and strung them along playing the incompetent
Such fun
Our retail side (small PC shop in the home counties) gets 1 visitor a week who's been duped... and they are the ones that realised what was up and sought assistance from the trade (ie not ignored it or asked their nephew).
Most cases leave a few rubbish free-bees behind but we have found a few where the hosts file has been edited and then camouflaged*. Most of the redirects are banking urls and the destination IP was in India, were opened it and it had already been taken down with an FBI warning placeholder telling the visitor to seek IT assistance from a face to face service.
* The hosts file camouflage is a good one: open the "normal" hosts file and it appears fine, run malwarebytes, hitman pro etc and fine too... but run rkill and THEN look at the host file etc and the edits are visible... very slick, not sure how its done but glad we noticed!
@AC with the Retail Shop: One simple trick I have seen to pollute a host file is just leave a hundred empty rows after the standard text. That way when notepad is used to look at the hosts file it looks "fine". How often does one actually check the scroll bar on the right hand side of the screen?
I have been wondering why no-one has taken a swing at these guys. It is a plainly illegal activity if they are installing malware/trojans. It is illegal (at least unlawful) if they are selling free software (i.e. distributing software for a profit without compensation to the original publisher - AKA Piracy).
It's a shame it had to fall on MS to take a swing for the civil case of trademark infringement; why haven't actual law enforcement taken a run? It's not like it's a small scale, with 65000 complaints, nor would it be difficult to prosecute.
The reasons are legion why law enforcement don't do anything but boil down to;
they dont care if its plebs that are affected
they do not have enough personnel in the relevant units and do not have the ability anyway
its always easier to persercute a innocent than a criminal (as they know the law) etc
But never mind, once Cameron or one of his best buddies gets done it will become a priority - but not until then
What about the bankers? Somehow the cash has to get shifted from my account to the scammer. Surely the organisations that facilitate those transactions should bear some responsibility just as they are required to do in respect of money laundering. I'm told that Western Union is an easy gateway to use as there are reports that the level of proof of identity for those claiming the funds is not as vigorous as one might expect and once the scammer has the cash they're untraceable.
This story is just about Microsoft scam but there are plenty more out there - I know many people who've been targeted by one of the holiday travel scams (i.e. compromised email account being used to request emergency funds be sent to WU in another country and calls relating to genuine accommodation bookings or enquiries being used to get advance payment sent to fraudsters).