So sad that the Brown not is not a thing, if it was i would keep it on hand for just this kind of a@$£&%e.
Microsoft has released stats showing that tech support scams are on the increase, with 153,000 complaints received and 15 per cent of complainants losing cold, hard cash. For those who have been fortunate enough not to be subject to one, a tech support scam is typically where a ne'er-do-well will call up a user, usually …
Oh no it's not. Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing to so. Especially at the end of a call when you ask if the fact that you run Linux is perhaps the reason you can't see the screens or issues they are suggesting?
They seem to disappear pretty quickly after than IMHO.
Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing to so.
I prefer the 'deny everything' approach, also known as the 'argument sketch' approach, in which you contradict the person on the other end on everything..
Declaring I didn't have a phone really confuses them for a moment, also presumably when the catch on as line goes dead after a moment...
"I prefer the 'deny everything' approach, also known as the 'argument sketch' approach, in which you contradict the person on the other end on everything..
Declaring I didn't have a phone really confuses them for a moment, also presumably when the catch on as line goes dead after a moment..."
This sounds like a great idea to me:
Scammer: "Is your computer switched on?"
You: "I've told you once"
S: "No you haven't!"
Y: "Yes I have"
Y: "Just now"
S: "No you didn't!"
Y: "Yes I did!"
S: "You didn't!"
Y: "I did!"
S: "You didn't!"
Y: "I'm telling you, I did!"
S: "You did not!"
Sounds like a giggle to me, I think I'll try this next time.
Also have a recording of dial up tones on hand.
Pretend people are at the door.
Making a cup of tea.
Computer is slow
Then have a secondary Linux machine on a 3G modem (can't be too fast) rigged up with a screen to look like your favourite five eyes supporter (e.g. GCHQ, NSA, CIA, FBI etc) with network logging, (their IP address is always good, with automated extrapolation of their location on your favourite mapping software).
My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along. My preferred approach involves making anatomically impossible suggestions, which generally results in a far shorter call.
"My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along"
I'd recommend listening to replyall episodes 102 & 103. It's Olympic standard "playing along"
@platelet - Wow - 102 starts pretty standard, (with some very long and incredibly cringy advert-plugs) but by the end, its a very, very interesting insight into the tech scam world; not that far away from a 16/17 year old in the UK finding themselves in a double glazing cold call office.
Thanks for posting!
Most if not all of these twerps are operating over a Voice over IP line, so cannot press tone buttons even if they wanted to. So, more or less the same tool has been created several times to torture and waste the time of these idiots.
It starts off fairly simple: "To ring this phone, press 1, if nobody answers you talk to the answerphone. To talk direct to the answerphone, press 2, otherwise please hold and Lenny will be with you shortly".
"Lenny" is what might be termed an Artificial Stupidity program. When the call begins, it plays its greeting, sometimes several times until the moron answers. Then it merely waits for the moron to stop talking for about 1.5 seconds, and plays one of a dozen or so sound clips at random. This is all it does; greets then plays random responses when the moron stops talking.
Strangely enough, this is generally enough to keep a scamming moron happy and engaged for quite a long time. Lenny's exploits may be heard on the Lenny Youtube channel:
"a Voice over IP line, so cannot press tone buttons even if they wanted to"
What kind of shitty VoIP system can't pass touch tones? I've had to use some really terrible ones, but I've never found one that didn't work with touch tone menus.
Might I suggest that the old maxim 'Everyone has a book in them', which when correctly used also includes the rest of the words 'which, with plenty of lube and the necessary force, can be put back in them' would also apply here?
"My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along".
I prefer a sprint to a marathon - the faster I can stress them out and get them screaming obscenities, the better.
The other week, I had one screaming that his $DEITY would smite me.
I just told him I would be way down the queue, as $DEITY is probably too busy smiting all the criminal scumbags taking his name in vain.
Icon, because it's going to take an awful lot of Gaviscon to cool down that ulcer.
After a MAHOOSIVE 1hr11minutes, I told my (Indian) "Tech Support Man" - their description - that my computer had crashed as my 16K RAM pack had wobbled......... He sounded really Pissed-Off when he put the phone down on me.
1hr11mins on the line?
Lightweight...I managed to keep one strung along for just over 3 hours. Cordless phone with speaker on it so could carry it around the house with my while I got on with my chores. Just had to remember to put in on mute from time to time (the sound of flushing would be a bit of a giveaway that I wasn't taking it seriously)
I got one up to 45 minutes, and thought to record the last half. Escalated through several people, before the last one called me an asshole and hung up.
The approach I took was:
- Attempt to play along on Linux.
- Don't advertise that it's Linux, but would tell them if asked. No one did.
They seem to disappear pretty quickly after than IMHO.
Not in my admittedly limited experience. My Father had one of these calls, which he immediately handed over to me.
Cue the PC taking a long time to turn on, not knowing my way around a keyboard ("press the key next to the CTRL one in the bottom corner of the keyboard" - cue "pressing" the "Fn" key multiple times with no response. etc)
After about half an hour, my breakfast was served, so I told him just what I thought of him, and thanked him for letting me waste his time.
This seemed to particularly vex him, so he kept calling our number for another half an hour, to which I dutifully answered, ignored the insults, laughed, and put the phone down again.
I'm not normally anywhere near that good at aggravating people.
I once kept a guy on the line for 10 minutes while following his directions on a Linux system.
When he wanted me to hit the Windows key, I told him I didn't have one. This was true...I have an IBM Model M keyboard on my system. He finally gave up and told me to call Microsoft.
I replied, "When I do, should I tell them I'm running Linux?"
His reaction was: "Sh...<click>"
"Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing"
and, gloriously entertaining!
sorta like the "419 eaters"
/me notes that in the article, along the side, it notes that the U.S. treatment of these worthless scumbags is overly tolerant, whereas the U.K. response is much more appropriate. I think that EVERYONE is being too kind to these sociopathic PARASITES, as they STILL LIVE.
I have had so many of these kind of calls I just say fuck off and hang up now. I got bored with baiting them and sick of being called when concentrating.
I have had fun with them in the past, 40 minutes is my record for keeping them talking. I have also screen recorded them installing malware on a VM and reported it to the police. The abuse I have received when I have told them I am an IT professional that is taking the piss... Funny.
I have also had a long conversation with a "supervisor". I asked if they were proud to be scamming innocent people. The response was unexpected honesty. He said he knows that it's not right but he has a family to feed. Choices for work in his part of India were limited apparently.
"I have had so many of these kind of calls I just say fuck off and hang up now."
I havent had any , but thats my plan. Fun tho it might sound stringing them along , i cant be arsed . its wasting my time as well as theirs.
If I get some email / ebay related scam i might bat that back and forth a bit ...
Usually when I these calls, they ask for my wife by her unmarried surname. She is obviously on the phone list they have acquired. I just say that I will go and get her, put the phone down on the table then see how long they wait before hanging up.
There's another approach that requires a little bit of work before hand.
First you need a Windows VM. No need for it to be a recent version, or to be updated, a bog standard WinXP SP2 box is fine.
Find some remote access trojan, and save it on the desktop as "sekret passwords.txt" or similar.
When you get a call from a tech support scanner, allow them access to your honeypot VM, and wait for them to copy off your 'sekret' trojan, and run it on their own machine.
I always consider it a challenge to get them to swear at me. For the ones with Indian accents telling them how disappointed their mothers must be after all the work of raising you only to get a cheap crook, works almost every time.
I have recently noticed many of these guys introduce themselves by some very British sounding name (I had a "Mark Williams" recently) in a thick Indian accent. I am SOOO tempted to answer in an equally thick accent "this is Bill Gates speaking". I wonder whether I should use a thick Indian, Scottish or Aussie accent.
This could be avoided if we ditched the old phone system for one that could actually verify who was calling you. It would be VERY easy to build a system like that on top of the Internet and would quickly reduce costs for phone companies. Why aren't they doing it? Legacy thinking and legacy technology.
The internet would be the worst option, it was never designed for secure unfalsified identification. It is trvial to spoof the source address.
The existing phone network is more secure, and does have most of the necessary technology to do this, at least for non-international calls. The problem with international calls is that, just as with the internet, the network that received the connection has no way to know if it can trust the network that originated it.
"at least for non-international calls"
Well actually the standards for the same for international and non-international calls. The "problem" is that some phone providers are very sloppy when dealing with those numbers. It's not unlikely that a phone call from Germany to Germany will have a Swiss network provided number, because the carriers the call went through couldn't be arsed to do their job right.
BTW what good does it do if you know the number? It could still be a company acting as a front for someone. In a time when coorporations can create fake identities by building fake companies, a phone number is worth nothing.
The solution to the problem is use the ANI and not CLIP for caller ID.
True, but CLIP is defined as the presentation-level service because there are times when it is legitimate to display a different number to the real one. A company may want to display an 800-number for return calls, for example.
What we need is a way to store the ANI value so that a customer can flag a call as bogus, and have the ANI registered. Even so, spoofing ANI isn't impossible, especially for calls from a different network.
Even with the actual number, though, the problem is then how to get the phone companies to block calls from agreed callers using ANI details.
The option to spoof the calling number is a feature, not a bug. It's something that, historically, companies have gone out of their way to enable people to do.
The use-case is for - yes, call centres, but also other types of offices, where people make outgoing calls but want the return call routed to somewhere else.
Of course, scumbags quickly came up with another use for it. But that's true of approximately every feature ever added to anything. Scumbags are inventive.
"The problem with international calls is that, just as with the internet, the network that received the connection has no way to know if it can trust the network that originated it."
The phone network does, however, have the ability to label the call as international and to display a warning if it's then trying to spoof a number.
"This could be avoided if we ditched the old phone system for one that could actually verify who was calling you."
a) There already is a field for the "Provider Asserted Identity", it's just that providers often are rather sloppy.
b) You're suggesting no less than a complete redesign of the phone network, a network that has grown over a century and consists of wildly divergent technologies, often as many of 3 generations being active at the same time.
I remember being called at home repeatedly by these guys. What finally worked was playing clueless with a twist:
"I'm afraid I don't know very much about PCs. I work as a lumberjack. Let me tell you about my job".
They hung up halfway through the second verse, which is a pity as that's when you get to the really fun lyrics.
But there you go.
Biting the hand that feeds IT © 1998–2019