So sad that the Brown not is not a thing, if it was i would keep it on hand for just this kind of a@$£&%e.
Microsoft has released stats showing that tech support scams are on the increase, with 153,000 complaints received and 15 per cent of complainants losing cold, hard cash. For those who have been fortunate enough not to be subject to one, a tech support scam is typically where a ne'er-do-well will call up a user, usually …
Oh no it's not. Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing to so. Especially at the end of a call when you ask if the fact that you run Linux is perhaps the reason you can't see the screens or issues they are suggesting?
They seem to disappear pretty quickly after than IMHO.
Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing to so.
I prefer the 'deny everything' approach, also known as the 'argument sketch' approach, in which you contradict the person on the other end on everything..
Declaring I didn't have a phone really confuses them for a moment, also presumably when the catch on as line goes dead after a moment...
"I prefer the 'deny everything' approach, also known as the 'argument sketch' approach, in which you contradict the person on the other end on everything..
Declaring I didn't have a phone really confuses them for a moment, also presumably when the catch on as line goes dead after a moment..."
This sounds like a great idea to me:
Scammer: "Is your computer switched on?"
You: "I've told you once"
S: "No you haven't!"
Y: "Yes I have"
Y: "Just now"
S: "No you didn't!"
Y: "Yes I did!"
S: "You didn't!"
Y: "I did!"
S: "You didn't!"
Y: "I'm telling you, I did!"
S: "You did not!"
Sounds like a giggle to me, I think I'll try this next time.
Also have a recording of dial up tones on hand.
Pretend people are at the door.
Making a cup of tea.
Computer is slow
Then have a secondary Linux machine on a 3G modem (can't be too fast) rigged up with a screen to look like your favourite five eyes supporter (e.g. GCHQ, NSA, CIA, FBI etc) with network logging, (their IP address is always good, with automated extrapolation of their location on your favourite mapping software).
My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along. My preferred approach involves making anatomically impossible suggestions, which generally results in a far shorter call.
"My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along"
I'd recommend listening to replyall episodes 102 & 103. It's Olympic standard "playing along"
@platelet - Wow - 102 starts pretty standard, (with some very long and incredibly cringy advert-plugs) but by the end, its a very, very interesting insight into the tech scam world; not that far away from a 16/17 year old in the UK finding themselves in a double glazing cold call office.
Thanks for posting!
Most if not all of these twerps are operating over a Voice over IP line, so cannot press tone buttons even if they wanted to. So, more or less the same tool has been created several times to torture and waste the time of these idiots.
It starts off fairly simple: "To ring this phone, press 1, if nobody answers you talk to the answerphone. To talk direct to the answerphone, press 2, otherwise please hold and Lenny will be with you shortly".
"Lenny" is what might be termed an Artificial Stupidity program. When the call begins, it plays its greeting, sometimes several times until the moron answers. Then it merely waits for the moron to stop talking for about 1.5 seconds, and plays one of a dozen or so sound clips at random. This is all it does; greets then plays random responses when the moron stops talking.
Strangely enough, this is generally enough to keep a scamming moron happy and engaged for quite a long time. Lenny's exploits may be heard on the Lenny Youtube channel:
"a Voice over IP line, so cannot press tone buttons even if they wanted to"
What kind of shitty VoIP system can't pass touch tones? I've had to use some really terrible ones, but I've never found one that didn't work with touch tone menus.
Might I suggest that the old maxim 'Everyone has a book in them', which when correctly used also includes the rest of the words 'which, with plenty of lube and the necessary force, can be put back in them' would also apply here?
"My wife regards this as an excellent sport, and she will happily spend 20 minutes playing along".
I prefer a sprint to a marathon - the faster I can stress them out and get them screaming obscenities, the better.
The other week, I had one screaming that his $DEITY would smite me.
I just told him I would be way down the queue, as $DEITY is probably too busy smiting all the criminal scumbags taking his name in vain.
Icon, because it's going to take an awful lot of Gaviscon to cool down that ulcer.
After a MAHOOSIVE 1hr11minutes, I told my (Indian) "Tech Support Man" - their description - that my computer had crashed as my 16K RAM pack had wobbled......... He sounded really Pissed-Off when he put the phone down on me.
1hr11mins on the line?
Lightweight...I managed to keep one strung along for just over 3 hours. Cordless phone with speaker on it so could carry it around the house with my while I got on with my chores. Just had to remember to put in on mute from time to time (the sound of flushing would be a bit of a giveaway that I wasn't taking it seriously)
I got one up to 45 minutes, and thought to record the last half. Escalated through several people, before the last one called me an asshole and hung up.
The approach I took was:
- Attempt to play along on Linux.
- Don't advertise that it's Linux, but would tell them if asked. No one did.
They seem to disappear pretty quickly after than IMHO.
Not in my admittedly limited experience. My Father had one of these calls, which he immediately handed over to me.
Cue the PC taking a long time to turn on, not knowing my way around a keyboard ("press the key next to the CTRL one in the bottom corner of the keyboard" - cue "pressing" the "Fn" key multiple times with no response. etc)
After about half an hour, my breakfast was served, so I told him just what I thought of him, and thanked him for letting me waste his time.
This seemed to particularly vex him, so he kept calling our number for another half an hour, to which I dutifully answered, ignored the insults, laughed, and put the phone down again.
I'm not normally anywhere near that good at aggravating people.
I once kept a guy on the line for 10 minutes while following his directions on a Linux system.
When he wanted me to hit the Windows key, I told him I didn't have one. This was true...I have an IBM Model M keyboard on my system. He finally gave up and told me to call Microsoft.
I replied, "When I do, should I tell them I'm running Linux?"
His reaction was: "Sh...<click>"
"Leading them down a long alley for 20 minutes while pretending to be a dimwit is the right thing"
and, gloriously entertaining!
sorta like the "419 eaters"
/me notes that in the article, along the side, it notes that the U.S. treatment of these worthless scumbags is overly tolerant, whereas the U.K. response is much more appropriate. I think that EVERYONE is being too kind to these sociopathic PARASITES, as they STILL LIVE.
I have had so many of these kind of calls I just say fuck off and hang up now. I got bored with baiting them and sick of being called when concentrating.
I have had fun with them in the past, 40 minutes is my record for keeping them talking. I have also screen recorded them installing malware on a VM and reported it to the police. The abuse I have received when I have told them I am an IT professional that is taking the piss... Funny.
I have also had a long conversation with a "supervisor". I asked if they were proud to be scamming innocent people. The response was unexpected honesty. He said he knows that it's not right but he has a family to feed. Choices for work in his part of India were limited apparently.
"I have had so many of these kind of calls I just say fuck off and hang up now."
I havent had any , but thats my plan. Fun tho it might sound stringing them along , i cant be arsed . its wasting my time as well as theirs.
If I get some email / ebay related scam i might bat that back and forth a bit ...
Usually when I these calls, they ask for my wife by her unmarried surname. She is obviously on the phone list they have acquired. I just say that I will go and get her, put the phone down on the table then see how long they wait before hanging up.
There's another approach that requires a little bit of work before hand.
First you need a Windows VM. No need for it to be a recent version, or to be updated, a bog standard WinXP SP2 box is fine.
Find some remote access trojan, and save it on the desktop as "sekret passwords.txt" or similar.
When you get a call from a tech support scanner, allow them access to your honeypot VM, and wait for them to copy off your 'sekret' trojan, and run it on their own machine.
I always consider it a challenge to get them to swear at me. For the ones with Indian accents telling them how disappointed their mothers must be after all the work of raising you only to get a cheap crook, works almost every time.
I have recently noticed many of these guys introduce themselves by some very British sounding name (I had a "Mark Williams" recently) in a thick Indian accent. I am SOOO tempted to answer in an equally thick accent "this is Bill Gates speaking". I wonder whether I should use a thick Indian, Scottish or Aussie accent.
This could be avoided if we ditched the old phone system for one that could actually verify who was calling you. It would be VERY easy to build a system like that on top of the Internet and would quickly reduce costs for phone companies. Why aren't they doing it? Legacy thinking and legacy technology.
The internet would be the worst option, it was never designed for secure unfalsified identification. It is trvial to spoof the source address.
The existing phone network is more secure, and does have most of the necessary technology to do this, at least for non-international calls. The problem with international calls is that, just as with the internet, the network that received the connection has no way to know if it can trust the network that originated it.
"at least for non-international calls"
Well actually the standards for the same for international and non-international calls. The "problem" is that some phone providers are very sloppy when dealing with those numbers. It's not unlikely that a phone call from Germany to Germany will have a Swiss network provided number, because the carriers the call went through couldn't be arsed to do their job right.
BTW what good does it do if you know the number? It could still be a company acting as a front for someone. In a time when coorporations can create fake identities by building fake companies, a phone number is worth nothing.
The solution to the problem is use the ANI and not CLIP for caller ID.
True, but CLIP is defined as the presentation-level service because there are times when it is legitimate to display a different number to the real one. A company may want to display an 800-number for return calls, for example.
What we need is a way to store the ANI value so that a customer can flag a call as bogus, and have the ANI registered. Even so, spoofing ANI isn't impossible, especially for calls from a different network.
Even with the actual number, though, the problem is then how to get the phone companies to block calls from agreed callers using ANI details.
The option to spoof the calling number is a feature, not a bug. It's something that, historically, companies have gone out of their way to enable people to do.
The use-case is for - yes, call centres, but also other types of offices, where people make outgoing calls but want the return call routed to somewhere else.
Of course, scumbags quickly came up with another use for it. But that's true of approximately every feature ever added to anything. Scumbags are inventive.
"The problem with international calls is that, just as with the internet, the network that received the connection has no way to know if it can trust the network that originated it."
The phone network does, however, have the ability to label the call as international and to display a warning if it's then trying to spoof a number.
"This could be avoided if we ditched the old phone system for one that could actually verify who was calling you."
a) There already is a field for the "Provider Asserted Identity", it's just that providers often are rather sloppy.
b) You're suggesting no less than a complete redesign of the phone network, a network that has grown over a century and consists of wildly divergent technologies, often as many of 3 generations being active at the same time.
I remember being called at home repeatedly by these guys. What finally worked was playing clueless with a twist:
"I'm afraid I don't know very much about PCs. I work as a lumberjack. Let me tell you about my job".
They hung up halfway through the second verse, which is a pity as that's when you get to the really fun lyrics.
But there you go.
Most of the time I get calls from 'Microsoft Support', the number is withheld.
I'd love to put a call blocker on my line but most of the NHS has moved to calling with 'Number withheld' all in the interests of patient security.
I learned a few choice swear words in Hindi that question the callers parenthood for these people calling from MS.
Other calls get answered with 'what are you trying to sell me?' That gets rid of most of them.
"I've learned that calling them Pakistani drives them through the roof."
I wonder what subtly insulting their ACCENT does...
"I'm sorry, what was that?"
"I can't understand, can you repeat that?"
"Can you say it again, slowly?"
"Can you spell it out for me?"
"What was that one letter again, I didn't quite understand it?"
"It sounded like [insert ethnic slur here] to me, is that right?"
And of course, LOUDLY wind it up [right before they hang up in anger] with something like:
"If you're going to SCAM someone in an ENGLISH SPEAKING COUNTRY, then LEARN TO SPEAK [profanity]-ING ENGLISH, you [profanity] [profanity] PAKISTANI!!!"
or something like that. Then you get to troll them AND vent your spleen!
I keep an acorn electron plugged in on a spare section of desk, Ostensibly to mess around with BASIC but really, it's in preparation for one of these cold callers. That way I can say that there's noting wrong with my windows, I can see right through them, following up with telling them I don't have any mice in the house - I keep it clean.
Last one I had seemed surprised that I wasn't sure which computer was affected due to me running a network at home.
Eventually I asked if he could tell me which version of Windows it was as there were different versions on different machines.
He went for the only one not running - Windows 7.
I even had one with Vista up -- and that's supposed to have more holes than cartoon cheese!
I let him down gently, even the 'I know your'e a fucking scam artist' bit.
I think I had another one of these scammers try to call me a few hours ago (I'm in Perth, West Australia). I only answer the call when I recognize the number (all family and friends, work, etc. are programmed into the phone so I can see straight away when they call).
Phone rings, the caller ID shows a number with "Unavailable" (which means you cannot call the number back), call goes to answering machine, after the answering machine greeting finishes there was 5 - 10 seconds of silence then a female voice says "Hello.... hello" then a few more seconds of silence then the call disconnects. Another number added to my ever increasing blocked list.
Had the same thing last week but from a different number. My phone is set to block all calls with no caller ID but the problem is, these idiots are able to generate a seemingly infinite list of "fake" numbers to call with and because they have a caller ID (even if is fake) the calls get past the 'no caller ID block' and go to the answering machine so blocking them becomes an increasingly difficult if not impossible task. At least they eventually give up once they realize all they are going to get to talk to is the answering machine.
The last time I got one of these calls was from "TalkTalk," but there wasn't any kind of human connectivity with it.
It was a case of "Your Internet is going to be disconnected. To speak to somebody, press #1. To disconnect, press #2."
If nothing happened it was probably TalkTalk. I'm with them, and use the following logic: Based on their performance, anyone actually employed by them is barely capable of making *any* sort of call. So if there's a call, it's not from TalkTalk. Also, I only use VoIP, which means I'm anyway off-grid more than half the time...
Having rescued an elderly friend from a bill for nearly £2K from "Microsoft" I can heartily recommend call guardian if you live in the UK and hate this kind of stuff. I've seen it virtually remove all cold calls from the people I've installed it for. But then the support for friends and family I do is often for the elderly and it seems best suited for them.
The only downside is I have it at home and I never get cold calls from "Microsoft Support" or any kind of religious body - both of whom I love to wind up.
"They all get the same treatment of termination within 20s."
That's not very public spirited of you. If nothing else you could try "Just a moment. There's someone at the door. Can you hang on a moment while I go answer it." and put the phone aside until it starts whining.
Wish I could set up "Lenny" here and let the scammers talk to him.
Be sure to have a look at some of the calls on his YouTube channel (link provided on site).
Hilarious stuff. Especially the ducks (about 6 minutes in - if the scammers/telemarketers stay on the line long enough. lol).
They are using Automated calls now.
"Hello I'm Shirley from ....Internet service provider...we have been trying to contact you.
Your internet connection will be cut off in the next 24 to 48 hours. To proceed, please press button 1 on your phone".
We have been getting these every couple of days for a fortnight.
Strangely, our internet is still working........
"I get those from UB/RBS. They may be real as it happens the same evening when we have visited the branch. "
I used to get those ostensibly from HSBC when I had a business account with them. I always insisted that as I'd told my bank that I wouldn't take such calls they couldn't be who they said they were and in fact I wasn't either confirming or denying that HSBC was my bank. Always followed up by a letter from HSBC saying they'd really like to
sell me some unwanted services discuss things with me.
I think I got one of these for the first time last week. I say 'think' because the chap's accent was so thick and the line so bad I really have no idea what he was saying.
I'd be disappointed if it was one. I've been waiting years to get one. So long in fact the chap I was going to pass their details to has been arrested by the FBI and I've never heard form him again.
The local scammers are getting soft. The PPI and accident claims calls guys hang up so easily now, they've no stamina to get led on. They hang up so easily I don't think they can possibly make any money any more.
Man up FFS, I needs my entertainment.
Who cares whether the calling number is fake or not. What you really want to verify is the identity of the caller. Now that the telcos are anyway starting to ditch the old-style clockwork phone system we need the opportunity to present your verified identity, perhaps via an x.509 client certificate. I was working on this with Thawte over a decade ago but Verisign discontinued it after the acquisition.
Note to tin-foilers, I do say "opportunity" not "requirement".
Essentially, due to the flood of spoofed crap calls, I've completely lost the use of my landline. I just turn off the ringers and use it for outgoing calls only. Nobody can ever call me on it because if I don't do the above, it rings several times a day with crap calls that just waste my time.
I can protect my cell phone better, using an app the blocks any call not in my contacts, although it does allow them to leave a voice message (for those few calls I get from stranger which I actually want).
It's too bad we can't eliminate these sort of pests. Put them all on the B Ark, I say.
I live in a man cave so no Windows but a friend has a VM set up so he very slowly takes the phonefool through booting it and very slowly following their instructions, even downloading their trojan (at around 2 baud) and once all is set up and they've gone away he kills and clones another ready for the next caller.
I believe his understanding of the trojans and their origin and where they send info is of some interest to him but I dont ask as I think I might OCD myself into trouble with that.
After over 100 of these calls over a year or so I was getting fed up, Lately they have been calling into Norway and spoofing Norwegian numbers,including at one point "112" the Police emergency number, I seem to have found a "cure" for them.
I'd bought a Flea-bay special "bike horn" that turned out to a piezo siren (smoke alarm on steroids, this thing WAS loud) , so I decided it was no use on the bike (my voice gets more attention) so when "Michael" from Microsoft called (from Delhi) I spoke softly to get him to run up his headset, then gave him a full blast of 15 seconds... then listened in to hear "He have a f***ing siren" . . not heard from them since :)
I've tried telling scammers I don't have a computer. Not taking that for an answer, they usually respond with, "What about your laptop?". (sigh)
Next time, I'll tell them I need a few minutes to enter the bootstrap code via toggleswitch, because my punchcard reader won't arrive till next Tuesday.
This is the Electricity Co and we need to functionally check power operation in your area, Is your fridge running? Or An engineering company trying to locate a Mr Wall, Is Mr Wall there please, I am after a Mr Wall, John Wall, Jane Wall, are any walls there?
Prank calls now get dangerous.
My bank rang me the other day, using what appeared to be an internet phone number, they wanted me to identify myself. Huh !!!, What about you, I thought. So I made arrangements to visit the branch the next day. The bank had been ringing to tell me, no ask me if i wanted another 1% interest on my account balance for 3 months, without doing anything. I would never have believed it if I wasn't hearing it from a proven employee at the banks branch. Crazy world.
"My bank rang me the other day, using what appeared to be an internet phone number, they wanted me to identify myself."
They get very confused when you point out that they rung you and it's up to them to prove who they are and no, telling you half of your post code isn't good enough.
I have had exactly the same argument with a representative of a large investment company with whom I have an account after he called me and then wanted me to establish my identity. Neither of us could prove convincingly who we were without revealing important details. In the end, we agreed that he would send me a letter which did indeed arrive.
They all do the same thing, they open a command prompt and run: "tree /F" to simulate a virus scan and type in some text about a trojan that appears at the bottom after the tree command finishes.
They open up Event Viewer and say all the errors are signs of infection.
They run a Netstat scan and claim the "foreign" IP's are remote nasties and that the port numbers are actually the number of times hackers have connected.
Except one time a guy uploaded a batch script called "antivirus.bat" and executed it.
Seen here: https://gist.github.com/anonymous/e97cbec040bad06c14c087744d793289
And another time they uploaded a program that extracts usernames and passwords from browser caches.
If they ring me and claim they're Microsoft, if I am not doing anything else or going out, then it's sport!
I have my fun at their expense and while they are on the phone to me they can't be bothering anyone else.
The best ones are when they are at the end of their tether and wind up swearing (happened last week)
Will have to listen to the recommended examples to see if there are any good tips I can use. My wife knows when I get one of these calls and listens with amusement at my side of the call, and is interested to know how long I kept it going. I get chided if it's not long enough and she tells me "you're losing your touch"
You' d think these people would know when they are being wound up - they all start off with a standard script but as soon as you go off script they are in trouble.
We get some from "BT" too, but when I ask them where they are calling from they quote the Newgate Street headquarters building. I point out that they wouldn't be using a central London office to make outbound support calls - I don't know what it is now, but many years ago a wastepaper bin cost £70 a year in rent; it must be a lot more than that now.
When BT have completed the upgrade to VOIP we can expect a plethora of "there are problems with your phone" variety
We don't get too many or I would just hang up.
I always recommend wasting their time if possible. It demotivates them and makes them feel silly, as it's 20 minutes nearer the end of their day and 20 minutes during which they were getting no closer to a 'sale'.
So I was stringing one along the other day and after about 10 minutes I got bored. It was around the time he told me to look in the Windows event log and 'look at all the errors - you see, they're all viruses'. I said to him that he ought to be ashamed, I know what he's up to and it's not an honest way to earn money. He admitted that he knew, and that he just wanted a quick way of making some money. He didn't like doing it but he admitted that he thought that the people he scammed were so stupid that they in some way deserved to be scammed!
He then asked if I had any money and could just transfer it to him, as he's studying for his degree (in India) and needs to pay for tuition etc. He said that if he just had enough money, he'll stop [the scamming] in an instant, as he hates doing it. He said if I could just see my way to sending him some money, he'd give me some bank account details of people he's scammed! He sounded like he was 'working' from home. What fascinated me more than his sorrowful tale (I almost felt sorry for him) was it gave me a peek into the business model. It's not a call centre, it's just people working from home. Maybe they buy a kit, which includes pre-written scripts to follow, or maybe they have to give a cut to someone you wouldn't want to mess with: I suspect a bit of both, but mainly the former.
Anyway, he thanked me for not swearing at him and that was it. About half an hour later, one of our customers called in a panic and said that he'd just had a call from BT saying that he had a virus that was being detected and could we check his broadband line because he realised it was 'probably' a scam but was nonetheless worried. No matter how much my colleague told him that it's scam, there's no truth in it, and we've just had one of these calls, he said that just to be on the safe side could we check his broadband line to make sure it's not got viruses or something. We went through the motions and told him we've checked and his broadband line is completely virus-free.
So even after being told it was a scam, people can be SO frightened that they'll believe it was based on reality. This is the problem. No wonder the scam phone call industry is doing so well.
is the ban calls from that country until they respect our laws, resulting in all the outsourced services being recalled home, it is the patriotic thing to do after all.
Sadly this is never going to happen, when the money funding the scam companies calling the UK is in GBP
In the UK get a BT phone with 'Call Guardian'. Perhaps you don't need one but think of your elderly relatives. I must have been on a few list as I got 2 or 3 of these calls a day, this dropped to about 2 or 3 a week after I got CG. After 18 months or so.... well I can't remember the last scam call. CG is really great, can't recommend it enough.
We 'Muricans get these Microsoft fake virus calls, and we enjoy them as much as anyone else.
Generally I get bored in about 10 minutes, but you can waste these minutes of their time by running them through an idiot's list of questions. My favorite approach is to pretend to be an especially stupid Windows user, as this keeps them going as they assume that stupid folks are easier marks. Ask them what a virus is, and how did it get into my computer, and what's an internet, anyway?
When you tire of the fun, end your call with:
"Hang on. I left my laptop at work."
"By the way ... do you know a good way to get blood out of carpeting?"
"Oh hell. The nuclear bomb sirens are going off. My neighbors are all running down the street. What's happening where you are?" Begin crying. (It helps to have the siren pre-recorded so you can play it in the background.)
I recently noticed a distinct change in character of these calls. It may just be incompetence or it may be a new level of arrogance.
In the past, it was nearly impossible to get the scammers to say the word Microsoft, as in "I've never heard of a 'Windows company'. Who is your actual employer or who are they contracted to for this purpose?" As I understand it, representing themselves as Microsoft or agents for Microsoft ups the ante on the sort of criminal charges that can applied. Recently though, I've gotten a few calls that follow the familiar script but actually claim to be Microsoft calling.
I had one of these calls at work. I told the Indian sounding man that I would need to call him back. He gave me his call back number (it actually matched his caller-ID). I logged into my phone system and changed my outgoing caller-ID to his, then called him back and used his script on him. He got really confused why I was calling from his number and hung up. I called several times after that and he'd pick up the call and hang up on me, or let it ring on forever. I let it go for a couple of days, then started calling them again and got the same thing, pickup-hang up, ring on and on. Eventually a girl answered, and in broken English, told me to stop calling them. I told her I would stop when they do and hung up. I stopped anyway figuring I got my point across and it wasn't worth my time anymore.
Biting the hand that feeds IT © 1998–2019