back to article Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong

Fraudsters masquerading as ISP support agents to phish payment card details have been unmasked – after they tried to scam a Brit infosec biz cofounder. Kurtis Baron, director of the Cambridge-based penetration-testing outfit Fidus Information Security, told El Reg today how his cofounder Andrew Mabbitt received a private …

      1. EN1R0PY

        Re: Dirty Scammers

        Beer doesn't help to keep it up, jus' sayin.

    1. gerdesj Silver badge

      Re: Dirty Scammers

      My answer to "What version of windows are you running?" was "X".

      1. Charles 9 Silver badge
        FAIL

        Re: Dirty Scammers

        That won't work anymore as they'll assume you mean 10 and assume you're stupid and a mark.

    2. Kernel Silver badge

      Re: Dirty Scammers

      "The longest I have kept them on the phone was just under 1 hour,"

      Well done!

      I managed 35~40 minutes once - we were 10 minutes into the conversation before he asked if my PC was turned on, to which I replied something along the lines of "No, does it need to be?". The rest of the time was spent figuring out that I was running Linux on that particular PC, plus a small allowance for personal abuse and a graphic description of what he was going to do to my wife - she said to tell to make sure he washed the smell of the goat he last f***ed off first, so I did.

      I thought this generous offer on my wife's part might have helped cement an international friendship, but he's never called back so I guess I got that wrong.

    3. XSV1
      Thumb Up

      Re: Dirty Scammers

      A mate of mine kept the scammers going for half an hour. At the end of the process he told the scammer that a message had popped up on the screen. He asked the scammer if he had a pen and paper to write down the message.

      He then spelled out the alleged message, “c u n t”.

      “Now what does that spell?” he asked, “because that is what you are if you think that I am dumb enough to fall for your scam.”

      1. Anonymous Coward
        Anonymous Coward

        Re: Dirty Scammers

        If I'm in the right mood I keep them on the line as long as possible, for a laugh, and also figuring they are then not harming someone else.

        I think I've also managed 45-50 minutes before.

        Two memorable ones are when I told them it would take a while to switch on the computer as I had recently drained the liquid helium intercoolers for maintenance and would have to refill them and wait for the pressure reactor to stabilise before it would work - he said he would wait for me as it was very important to fix the problem..... Another time he insisted that my computer was from Microsoft regardless of what the name was on the front. I tried to explain that my computer said "raspberry pi" - he kept repeating "raspberry" (I think his english was just good enough to recognise the word) . I eventually said, it's like an apple pie, but made with raspberrys, not apples, which of course sent him down the script of thinking I had an i-thing.... Ah - you have an apple? No, it's a raspberry....

        All very entertaining and makes a nice break from filling in tax return forms......

        1. Doctor Syntax Silver badge

          Re: Dirty Scammers

          "makes a nice break from filling in tax return forms"

          You haven't realised it was a scam being run by HMRC to delay you filling in the forms so they can issue a fine?

          1. Anonymous Coward
            Anonymous Coward

            Re: Dirty Scammers

            "You haven't realised it was a scam being run by HMRC to delay you filling in the forms so they can issue a fine?"

            They don't bother with such complexity. This year they just started issuing penalty notices before the 31st January.

            Brexit has kept people distracted from three and a half years of total and utter government foul up.

        2. Peter2 Silver badge

          Re: Dirty Scammers

          About 45m was my record. I think they've put me on a "don't call this guy" list, I haven't had a call from them since.

          The interesting thing is that they wanted to connect to my PC, so getting their IP would have been trivial. However, my phone was away from my computer, so I arbitrarily booted up an old computer in my virtual nightmares, which I decided would be running Win98 to present some challanges, wasted about ten minutes trying to let the person remote into my PC via terminal services (on 98!?) before he even asked which version I was using, which I feigned ignorance of. I actually had to tell him in the end, poor bloke didn't even have an option for Win98, told me that i had to be running XP, Vista or Win7 and refused to take the hint of "it says Windows 98 sideways up the left corner of the startmenu" even after being told. Ho de hum. (even the scammers run scripts?)

          He then offered me a download of a different remote access tool, of which the page wouldn't load. Having done remote support for too long I know how bad users can be, so when he told me to type in page.com I typed in pagedotcom and then told him it 404'd. His resulting screaming rage down the phone at me when he realised after about ten minutes of debugging was quite funny, although I had to act out the hurt and distressed user and get him to calm me down and admit that his instructions could be better.

          Then when I loaded the page he asked me to click on a button, to which I told him it wasn't there. Why not? I think Win98 came with IE4, and I decided that the website would object and give you a "use a different browser" screen. Que uncontrollable screaming in rage, a colleague at their end trying to calm him down while his manager took over my call. After calming me down from sobbing about how bad their customer service was, we had to download a different browser (on an arbitrarily assigned 56k modem...) then failing to install the remote access program as the AV blocked it, uninstalling the AV & restart, then it being blocked by the firewall, uninstall and restart...

          Having almost run out of excuses I eventually "executed" the program in my virtual nightmare.

          >pregnant pause<

          Scammer> Has it got X displayed on the screen?

          Me> No.

          Scammer> COULD YOU READ OUT WHAT IS DISPLAYED ON THE SCREEN?! Please.

          Me> Well, it's popped up a blue screen that says "This program has performed an illegal operation of OE at 0x02623154. The current application must be terminated".

          >pause<

          Me slightly worried tone: Was it supposed to do that?

          >>>SMAM<<<

          You know, if there was a batch of "poison pill" credit card numbers that automatically locked any activity on a merchants account until it's referred to a fraud team for a manual review of the account then it would be quite easy to make scamming rather painful for the scammers.

          1. Charles 9 Silver badge

            Re: Dirty Scammers

            Not really. Most of them are either stolen or fly-by-nights, and they can share blacklists, too.

        3. Jamie Jones Silver badge

          Re: Dirty Scammers

          I just answer the phone with:

          "hello, fraud department"

          And the instantly hang up, every time...

          1. Charles 9 Silver badge

            Re: Dirty Scammers

            Has anyone pretended to be the police?

            1. Jamie Jones Silver badge

              Re: Dirty Scammers

              /the/they/

              arrrgh!

              I've never pretended to be the pilice.

              There was one time the scammer asked for me by name, and I pretended to be someone else, and he still wanted to continue the survey, which was "for my own good"!

              The Indian guy asked me what model fridge I have, what model freezer, oven etc. I gave a fake answer to each one.

              About a month later, a sweet sounding Northern lass phoned and advised me that the insurance on my Bosch oven was about to expire, and would I renew it.

              Now of course, I've never insured my oven, and "Bosch" was my fake answer to the survey a month earlier.

              I said "no", and was just about to try and shame her for what she was doing, but she knocked the wind out of my sails by replying "oh, ok, sorry to bother you"

              Stringing along the original caller in the way I did was stupid, though:

              The number of junk calls I've gotten since has vastly increased :-(

      2. Anonymous Coward
        Anonymous Coward

        Re: Dirty Scammers

        "“Now what does that spell?” he asked, “because that is what you are if you think that I am dumb enough to fall for your scam.”"

        "Uh...cnute, I think. So you're calling me King Canute? Sorry, I'm dyslexic..."

    4. max allan

      Re: Dirty Scammers

      I kept one going for about 10 - 15 minutes. Before he realised I wasn't running windows. And he hung up on me after accusing *me* of wasting *his* time. It was a good job he hung up after that, or I would have had a few choice words along the lines of "which ^%$£ing scam artist called whom?"

      1. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble? Silver badge

        Re: Dirty Scammers

        I had one going once, when he finally realised I was stringing him along, he had the nerve to call me a liar! My response of "So wait, you really ARE from BT's customer support team?" didn't seem to register the irony of the situation.

    5. TonyJ Silver badge

      Re: Dirty Scammers

      I've only dealt with these scammers once when a neighbour asked for my help - they'd installed remote control software akin to TeamViewer and the "support company" were calling them back.

      At the time I worked for Microsoft.

      It was hilarious but short lived when I asked him to spell his name so I could look him up in the GAL and we could carry on over communicator as I also worked for Microsoft.

      They hung up on me post-haste, unfortunately. I was looking forward to more fun and games.

    6. adam payne Silver badge

      Re: Dirty Scammers

      These scammers need to be imprisoned for decades Ten years in the cubes.

      1. Lord Elpuss Silver badge

        Re: Dirty Scammers

        Put them on a real technical support desk. That's enough punishment.

        1. Doctor Syntax Silver badge

          Re: Dirty Scammers

          "Put them on a real technical support desk."

          I think that was in implication of "in the cubes".

      2. Loyal Commenter Silver badge

        Re: Dirty Scammers

        Ten years in the cubes.

        It's the penal colony on Titan for these scum. Iso-cubes are too good for them.

        1. bombastic bob Silver badge
          Devil

          Re: Dirty Scammers

          whatever you do, it is necessary to directly tie-in their successful support (as measured by the client) to the length of their sentences, with automatic extensions as needed to fulfill the requirement.

          (or would that be 'cruel and unusual'? I'm thinking Dante's Inferno here, the same kinds of poetic justice he imagined for various kinds of sinners)

    7. VinceH
      Unhappy

      Re: Dirty Scammers

      I almost took a call from scammers pretending to be BT yesterday, where I was working.

      Someone in the front office answered the phone, and after being told what they were calling about - he tried putting them through to me. When he told me what they said (monitoring our connection, large intermittent bursts of data causing problems) I pointed out it's probably just a scammer, but told him to put them through... by which point they'd hung up.

      1. TheProf
        Trollface

        Re: Dirty Scammers

        Exactly the same thing didn't happen to me!

      2. Anonymous Coward
        Anonymous Coward

        Re: Dirty Scammers

        "I almost took a call from scammers pretending to be BT yesterday, [...]"

        After a quiet period for cold calls - they have restarted. One was the old recorded "Green Deal" marketing.

        The new one has been a recording from "BT" saying my internet address has been compromised and they need a technician to have access to my router - "please press 1". The recording has an American accent and a different, presumably spoofed, UK landline CLI every time. Had five in the last week - twice on one day.

    8. paulf Silver badge
      Pirate

      Re: Dirty Scammers

      I had a quick read through the Fidus story mentioned in the article about this and it linked to a page (apparently from Paypal) listing invalid Credit card numbers for testing purposes. Worth having by the phone if you do like to wind up these scumbags and they start looking for payment before attempting to shovel malware on your computer.

      Test Credit Card Account Numbers

    9. Baldrickk Silver badge

      Re: Dirty Scammers

      The longest I managed was about an hour. They called early in the day, so while my breakfast was being made, I made a show about how the computer was taking a long time to turn on (is that the virus?) and dragged it out through other methods. Things like "press the second key along the bottom row" (they wanted me to hit the Windows key) resulting in nothing happening (why would it? on that keyboard it's a "fn" key)

      I eventually got to the point where he'd managed to "teach" me enough about how to use a computer that we might get to the interesting parts, when the call came up the stairs that my Porridge was on the table, so I stopped the charade, told him precisely what I thought of him, thanked him for allowing me to waste his time and thus preventing him from scamming someone else, and hung up on him.

      I think I struck a nerve, because over the course of the next hour, I received no less than 8 calls from him over the next two hours, all of which were... rather full of expletives.

      I just put the phone down on the table and carried on having the usual morning conversations with family, and when he seemed to be done, once again thanked him for his time before hanging up on him again.

      All in all, about 3hrs of scammer time well wasted.

    10. Jesthar

      Re: Dirty Scammers

      Mum and I have an ongoing competition for how long we can keep these muppets on the phone. Currently, she's winning - and she doesn't even have a computer! :D

      My favourite call was quite brief, though, and still makes me laugh! As I recall, it went roughly as follows:

      Scammer: (heavy Indian accent) Ma'am this is David and I'm calling from BT, how are you today?

      Me: (opting for the bright and breezy approach) Awake!

      Scammer: Ma'am, the reason I am calling is that we are worried about your internet, for the past few nights it has been sending us error messages which indicate to us it is being used illegally at night, do you understand?

      Me: (thoughtfully) Riiight...

      Scammer: Ma'am, we're talking about your router, OK? It's been hacked, OK?

      Me: (energetically) Oh, right! Hang on, I work in IT, let me check the logs!

      Scammer: You're an IT professional?

      Me: Yes!

      Scammer: Right. I am talking to Mrs <surname>, yes?

      Me: No! (Not married, and not going to correct them!)

      Scammer: (confused, talking loudly to self) Then who the hell are *YOU*?

      Me: (trying not to laugh) Well, that's not very polite for this time in a morning!

      Scammer: (realises he said the last sentance out loud, not in his head!) >click<

    11. Paul

      Re: Dirty Scammers

      I've played various games. Now, once I engage them in conversation, I ask if his/her (there are female scammers) parents are proud knowing their child is a scammer? Aren't they ashamed? Why can't they get a real job?

      They usually hang up, sometimes after invective. Maybe, just maybe, it will make them think.

      1. Charles 9 Silver badge

        Re: Dirty Scammers

        I had one reply, "Who do you think taught me?"

        Some people are simply shameless.

    12. Missing Semicolon

      Re: Dirty Scammers

      I did the shaming trick once or twice.

      <slight pause>

      "You do know what you are doing, right? Would your parents be proud of you for getting a job, defrauding vulnerable people over the phone? Mine certainly wouldn't"

      ... and such like. One said "Oh" in a small, crestfallen tone and hung up.

      Normally, you don't abuse cold-callers - they are just doing a job. But anyone working in one of these places knows that they are cheating people, so whatever makes them give up is OK.

  1. The Nazz Silver badge

    Useful telephone number.

    I find it useful to have to hand a local C.I.D. phone number. Just ask them to ring me back on my private line and give them the number. Let the fraudsters report the matter directly to the fuzz themselves. Maybe if enough people did that then some action would be taken.

    1. Mark 85 Silver badge

      Re: Useful telephone number.

      The problem seems to be who to report it to. Local cops here in the States are usually dumb as a brick on computer crime. Call the state police and they tell you to call the local cops. This seems to be a big part of the reason these guys get away with it. Locals and state cops don't have the tech nor the budget to deal with computer crime. If they do have some interest, once they find out where the miscreants are, they don't have budget or expertise to deal with crims in another country that's usually not friendly nor has a treaty with the US. So the game is afoot and will remain that way for a long time.

    2. Richard Boyce

      Re: Useful telephone number.

      Better to direct them to your MP's home number.

      1. Michael Habel Silver badge

        Re: Useful telephone number.

        Or if your in the US, to your State Representatives, and or other Congress Critters.

        1. 404 Silver badge

          Re: Useful telephone number.

          Oh that's fucking smart.. scammers will end up with the nuke codes...

      2. Anonymous Coward
        Anonymous Coward

        Re: Useful telephone number.

        "Better to direct them to your MP's home number."

        Ms Abbott's already been caught out by scammers - you don't want to give them more money, it will only encourage them.

    3. Doctor Syntax Silver badge

      Re: Useful telephone number.

      In the UK the name, address and phone number of the Information Commissioner is handy to have.

      1. amanfromMars 1 Silver badge

        Re: Useful telephone number.

        Yes please, Doctor Syntax.

        And do Information Commissioner Offices Investigate NEUKlearer HyperRadioProACTive IT? Or is there a Fake Problem in the Recruiting of Suitably Experienced Staff Fully Enabled and Able to Exercise Prime Lead AIDirection and Succulent Misdirections to Immaculately Tempt Heavenly Distractions their Claims in these Greater IntelAIgent Games?

        And as Nymphs and Satyrs At Play in the Perfumed Gardens of Eden is there an Almighty Virgin Connection to Mind, Mentor and Monitor with PerfectdD Support.

        :-) Reading that conjured up a Very Lairy Timothy Leary Type Trip to be Trialed and Trailed and Trailered across All Multi-Media Channels and Radio Frequencies.......Feeding Views from Future .Information Highways .... and all simply through the likes of Country Chat and Chatter Lines not wholly dissimilar to the Familiar Service Servered here to El Reg.

  2. Kev99

    Neat. Now, how much is your cut from the scammers for alerting them to this reverse scam?

  3. Anonymous Coward
    Anonymous Coward

    Who is to blaim for being taken by scammers?

    Well the "victim" ofc, If some stranger walked up to you in the street, dressed as a banker, would you give them your bank details? The people who fall for these scams clearly have and do and since they exist then so do the scammers.

    To be fair there are several groups in our society, such as the police, who can and do just walk up to you and demand compliance but with those they also make impersonating them expensive if they get caught.

    Perhaps the host, twitter in this case, should be required to guaranty identity and be held responsible for abuses.

    Certainly phone scams would virtually disappear if the teleco were held to be implicated in any crimes using their system and by the same token the country where the scammer is working from would loose out if they were generally perceived not to deal with crime to originate there.

    So whilst there are people in your country who allow themselves to be scammed then there will be scammers and whilst companies and countries who profit from not dealing crime then this situation will continue.

    Perhaps the real problem is the perception that anyone you meet is actually who they say they are?

    1. Michael Habel Silver badge

      Re: Who is to blaim for being taken by scammers?

      On the face of it, you have the right side of it. But, not everybody is hip to infosec, like your average Reg Reader, here. I would lover for you to come back here again, and say that sh-- once someone managed to scam your Nan for a fair whack of money, by dropping some crypto locker on her computer.

      1. bombastic bob Silver badge
        Unhappy

        Re: Who is to blaim for being taken by scammers?

        sometimes you might have an elderly person (or someone with a bad hangover or drunken state, etc.) getting scammed in a moment of weakness, caused by disease or medications.

        Some medications prescribed to elderly patients can affect their thinking and cognitive skills in ways that are actually frightening. Catch someone in 'that state' off guard, someone who would normally NOT be susceptible to being scammed, and that's no fault of the victim. Then again, I don't blame victims of crime anyway... (though it never hurts for them to be 'street smart' instead of victims).

    2. max allan

      Re: Who is to blaim for being taken by scammers?

      "by the same token the country where the scammer is working from would loose out if they were generally perceived not to deal with crime to originate there"

      I can give you a list as long as you like of Chinese, Russian, American, Dutch, etc... IP addresses who are persistently scanning our web services for vulnerabilities. We know where a lot of it comes from and block them already. The country is already known as a source of badness. *Nobody cares*

      And these crims aren't as naive as you, and have heard of proxy services.

      Holding suppliers responsible for the crimes of their customers is going to end badly. Pop into a shop, buy a kitchen knife, stab someone and steal their money. Then the shop has to pay reparations to the victim's family. Suddenly shops are going out of business trying to afford their insurance against that.

      The _only_ way "carriers" like twitter and ISPs remain in business is the "common carrier" type legislation that absolves them of responsibility for what their customers do. Once you take that away, they go out of business very rapidly.

      PS please enable your spell checker in English mode.

      1. TonyJ Silver badge

        Re: Who is to blaim for being taken by scammers?

        "...I can give you a list as long as you like of Chinese, Russian, American, Dutch, etc... IP addresses who are persistently scanning our web services for vulnerabilities. We know where a lot of it comes from and block them already. The country is already known as a source of badness. *Nobody cares*.."

        You're not wrong - when I first moved to Sophos UTM at home, I was stunned at the amount of traffic from these - and other - countries that were scanning, probing and otherwise attempting to behave nefariously.

        I blocked all traffic from these countries.

        Same again when I moved to XG from UTM.

        It was enlightening to see the sheer volume of crap.

        It does fuck me off when IT specialists throw scorn on less-IT literate people for not understanding these - and other - scams.

        Tell me - would you have known about the one that did the rounds where people were called by someone pretending to be from their bank? They were told "For your own security, please call your back straight back using the number on your card/statement and ask for <name> in <department>"

        Safe in the knowledge that they were dialling the right number but not understanding that because the caller had simply put them oh silent hold, the call had never ended, they actually never called their bank back and spoke to the scammers.

        Hmm? Is that also the fault of the victim because they don't understand telecoms to that extent?

        1. Angry IT Monkey

          Re: Who is to blaim for being taken by scammers?

          My 80-odd year old Nan saw through the "please ring straight back" scam and she's never used a computer in her life. She realised there was no ring tone when she called the number and the same voice answered, so she played dumb and pretended she couldn't find her glasses to read the card details they asked for.

          The other scam someone tried on her was a supposed call from the police who wanted her to go to an ATM immediately because someone was stealing her money and they needed her there as a witness or they couldn't prosecute. She quite rightly thought it was nonsense and pretended she had mobility problems and would wait for her son to bring her down. She might have mentioned kickboxing.

          Being non-technical doesn't automatically make someone fall for these scams just as knowing how to play tunes using a dot matrix printer doesn't make you immune.

          1. David Nash Silver badge

            Re: Who is to blaim for being taken by scammers?

            IT Monkey's Nan deserves more upvotes for that.

            As for who's to blame - it's all about plausibility. Some scams are plausible, especially if they mimic real customer service communications.

            Sadly it's reached the point where I instinctively distrust even genuine emails from my ISP, paypal, etc.

      2. Mark Eaton-Park

        @max allan

        you can give me a list but you do not want these countries blocked before they use your bandwidth?

        I am quite aware that proxy and VPN hosts currently allow anyone willing to pay access to my area but that is not impossible to change

        Suppliers are already at least partially responsible afterall if a crime is commited via your IP address then you are one of the first people on the investigation list. You can either put up with the police at your door all the time or take action to prevent the crime in the first place

        ISPs and teleco make money from selling the connection, if they knowingly make money from facilitating crime then they should go out of business.

        Internet safety will only become possible once people stop saying it isnt their problem to fix.

    3. JimmyPage Silver badge
      Stop

      Re: Who is to blaim for being taken by scammers?

      I despise victim blaming as much as the next person, but ultimately, these scams work because somewhere down the line, the victim DOES SOMETHING THEY HAVE BEEN TOLD NOT TO.

      Ever since I have had a bank account (1982, in case you wondered) , it has been drilled into me UNDER NO CIRCUMSTANCES am I ever to reveal my PIN to ANYONE. EVER. ESPECIALLY to anyone claiming to be from the bank.

      The moment you decide to ignore that instruction, it's pretty much game over.

      I am aware there are much more sophisticated frauds - but as you climb the greasy pole, they are fewer and fewer and much more targeted.

      Does anyone recall that journalist (Guardian, IIRC) who wrote a massive article screaming about a "sophisticated" new fraud that had managed scam even them ? I read the article to see how the scammers had managed to be so fiendishly devious, only to discover the "expert" journalist had happily given them their debit card, and a few minutes later their PIN in a phone call.

      1. Doctor Syntax Silver badge

        Re: Who is to blaim for being taken by scammers?

        "the victim DOES SOMETHING THEY HAVE BEEN TOLD NOT TO"

        Banks, building societies, insurance companies etc. regularly send out phishing emails. Or at least emails that look like phishing emails.

        - They don't come from the claimed sender's domain or if they do it's from a sub-domain that resolves to an address owned by someone else.

        . The return address is noreplay@overweeningly_important_bank.co.uk so you can't reply to check.

        - The emails themselves are stuffed with links that as untrustworthy as the sending domain.

        Forwarding to their scam reporting address brings no response. Such emails even include those that purport to warn against phishing. The only way I can be reasonably sure they're genuine is that they're sent to an address set up specifically for that business but most people who only have a single email address can't take that precaution. My bank no longer get such emails through to me: I told them a few years ago that unless I got an explanation as to what they were going to do about the last such message I'd discontinue the address; they didn't so I did.

        I've had a similar experience with phones and banks. When I had a business account I would periodically receive phone calls claiming to be from the bank and asking me to verify who I was by telling them about a recent transaction. I told them that they couldn't possibly be my bank as I'd previously made it clear to my real bank that I wouldn't accept such calls if they couldn't verify themselves first and I wouldn't even confirm whether or not they'd guessed the right bank. This was invariably followed up by a plaintive letter on the bank's headed paper asking me to contact them so they could sell me something see if their was anything they could do to help my business.

        As long as banks etc. continue to do this they should be held fully responsible for any successful scam against their customers. It is, of course, their marketing departments who do this; marketing departments are apt to be the biggest threats to a business.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019