175,000 whinge to Microsoft about phone tech support scams Microsoft has received more than 175,000 complaints about phone technical support scams since May last year, and Redmond says the "Hello I'm Joe from Windows Technical Support" callers will filch around US$1.5 billion from Americans this year. Redmond in response increased its education awareness through the American …
They hand me the phone. I save the number and report for the good that does. Same-o, Same-o with the frauds that make it through the filters. At best, mind you best, I get a robo-answer. What good is security reporting if nothing ever happens. Sure as hell doesn't give any warm fuzziest. /rant
Where's the TLA's when you need them? Oh.. wait... they're looking for terrorists and peadophiles or something like that as I recall.
Hey.. GOVERNMENT!! Here's an idea... put the TLA's on these scams. Just think of the money that won't be headed overseas to the scammers? Just think of the possible taxation on all the extra cash floating around in the local economy? Just think of all the people who might just change their minds and think that TLA's do something for them instead for themselves?
Yeah.. This is button that gets pressed and pisses me off royally.
Shocking really - after hoovering up all that meta data, surely it would not take much more than a badly written Perl script to identify the culprits.
Even if it needs iPython, it should be well within their capabilities. After all, if the can't catch a phone scammer, why would anyone expect them to be able to catch a terrorist?
OTT (sip?) provision of the full routing path of the call, added to by each telco the call passes through.
We'll the soon get a reputation database of where these calls are coming from and an easy way to auto-block them, much as we do with email spam.
The problem is that it would hit the telcos in the pocket as people filter out "legitimate" spam. So it won't happen.
I string them along & let them believe they've got a sucker on the line, making them work their asses off to keep the scam going as long as possible. I pretend the computer reboots at random, doesn't give the desired result their script says should happen, that my version of operating system doesn't seem to have an "Event Viewer", that the Event Viewer reports Zero Errors, that I don't have Permission to run the Event Viewer, etc. I keep stringing them along like a fisherman slooooowly reeling in a fish, wasting their time without letting them realize it, until they figure they've got me snagged good & tight.
Then I spring it on them that I know they're scammers, have been fucking with them the entire time, and gleefully begin taunting them until they explode in fury, swearing incoherently, and they hang up with a bang. It's SO satisfying to hear the pissant screaming so hard he's gone back to his native language, & I then taunt them even harder with claims of having had sex with their mom/wife/daughter/neice/etc, that their father was "right beside us buggering your" little brother/older brother/cousin/uncle/dog/goat/camel/etc, and that we were busy belittling the scammer the entire time. You know, just to pass the time while we defiled a cow, denigrated an alter to $RandomDeity, and generally mocked them as we had our orgy.
By the time the scammer is done screaming themselves hoarse, I'm laughing so hard I nearly wet my knickers, and if THEY don't hang up then *I* have to from lack of oxygen.
I. Hate. Scammers.
I. Love. Fucking. With. Them.
I will make them go appoplectic in rage at being screwed with, all because they tried to scam me. In wasting their time I keep them from scamming anyone else in that time, and by making them so pissed off they can't talk straight, that's a little more time they spend off the phones as they try to regain control.
Dear Scammers. Do the world a favor. Die. Thanks.
<Nelson>Ha! Ha!</The Simpsons>
Some of these are semi-legit organisations with full-blown websites. They work on an economy of truth principle by not actually saying they are Microsoft, but making it sound as if they are. I have had some success in recovering money paid to these people by going through the various hoops to do so, but if the method of payment is Western Union the chances are next to nil.
The worrying cases are where access to a pc has been given to the scammer, which might have been an opportunity to plant a key-logger or to transfer files from the pc.
around the houses....
Let them install the remote control app on a VM. (usually ammyy remote)
Record actions via screen capture.
Let them tell you that vital windows services are Trojans.
Ask them how one can remove the Viruses/Trojans
Wait for punchline... Usually a click here to buy support link on a tech support site.
Copy link of tech support site.
File a complaint with http://www.actionfraud.police.uk/report_fraud
Tell caller what you have just done.
"Oh fuck" was the last response from that last ass hole that tried this.
It does take 30-45 minutes of your time, especially if one acts dumb. But these c***s need to be stopped. The more complaints raised, the more likely the police will act.
Let them tell you that vital windows services are Trojans.
I've always wanted to get to that point, then say "Oh, I know how to defeat Trojans", and put the entire UI into Greek.
Sadly, I've never had the setup ready on the few occasions I've actually encountered the scam...
Vic.
Microsoft has received more than 175,000 complaints....
Just maybe if people started thinking for themselves, rather than looking for someone else to blame / sue when the inevitable consequences of their idiocy bite, the scammers would go out of business anyway.
There ought to be a fine for falling for it.
"complaining to Microsoft won't help"
You know that, I know that. We also know not to fall for the scam. But we're talking about people who did fall for it so it's not surprising that they complain to Microsoft. They're probably the people who call 999 or 911 when their interwebs go down & they can't twat or facebitch.
I can see the "too young" thing but "too old"?
I've seen more than one case where the scammer targetted somebody older and they seemed to relish it because they thought that older users could be easier to scam (not all of them are, of course! In fact it gets quite hilarious when one of our older brethren take one of these morons on a wild goose chase, never letting on that the scammer is the one being scammed!)
Had one where they said I had a problem -- So I asked which machine as there are several at home.
At first he thought I was a business as apparently more than one machine means I can't be domestic (there are also 4 twenty-somethings here al with tablets, laptops and even a PC).
Eventually he said it was the one running 'Windows Vista' --hmm, that's my secondary laptop (free - I just put more RAM in to make it useable) but it only goes on the net for proper updates. I asked what the issue was so I could look closer myself and he kept on about him needing access to sort it out.
Eventually he ran out of scripted pages and started to stumble, then hung up as I told him there were two Vista machines and could he tell me which one as I have MAC addresses listed (I don't but I was getting bored).
It's the same with the Witnesses calling -- keep 'em chatting and they will go away.
My brother-in-law (who isn't very tech savvy) got scammed by this recently. Luckily he paid by credit card and the bank refunded him right away. Fair enough really, given that the "service" provided was entirely fraudulent.
So if you have any friends or family who have been similarly duped, this might be an option for them. It also ensures that the scamming bastards don't get their money, as I assume the bank just does a chargeback on it.
My wife works in a high street bank and gets no end of people coming in to ask about unusual payments going out of their credit card accounts. Usually around the £100-£200 mark. A few questions reveals that they recently had a phone call from "Microsoft" about viruses on their computer and they gave their card details so the nice man could get rid of them.
Education is the way to go, but unfortunately who's going to do the educating? Writing articles on the web and in PC magazines won't help because these users don't read them. It makes most sense for Information about recognising phone scams to be given to every computer buyer at the point of sale, but since the only person out of pocket is the one who takes the phone call, most PC sellers would see no justification for doing this. Yes they tell you about malware and viruses, but that's only to get you to buy a Virus checker from them. Warning you about scammers doesn't get them a sale, and if you do get burned, you're not going to blame the person who sold you the computer.
Education is the way to go
No, the way to go is to make payments processors responsible for reimbursing fraud victims. It is the lazy, greedy vermin at (amongst others) Mastercard and VIsa who happily act as a payment conduit for criminals and even keep 2.5% or whatever for themselves.
The only reason this form of crime exists is because these payments processors happily transact illegal business across borders, and then pretend they didn't know it was going on. In the UK I have to show my passport before I can open a savings account, get a numberplate made, or merely consult a lawyer, all "to prevent money laundering and fraud", but it seems that the payments processors evidently are allowed to do business with any two bit crook anywhere in the world.
"No, the way to go is to make payments processors responsible for reimbursing fraud victims. It is the lazy, greedy vermin at (amongst others) Mastercard and VIsa who happily act as a payment conduit for criminals and even keep 2.5% or whatever for themselves."
If you have been the victim of such a fraud, Mastercard and Visa are already responsible for fully reimbursing you and they will do it, as fraud protection is part of the terms of their agreement with you.
It is also not generally know that if you are stupid enough to use your Debit card in such a transaction (which has no automatic fraud protection build) banks will reimburse you as part of their own fraud investigation procedure, although in such a case they will take the hit themselves.
Anyway, Mastercard and Visa continually refunding the scammed isn't going to stop the scammers (especially since most of them use untraceable VOIP), whereas everybody simply hanging up will.
Hmm. As I recall, the only time that both Visa and MasterCard were legally forced to cease handling money for a dodgy organisation, there was an outcry about "freedom of choice".
That was WikiLeaks.
You cannot eat your cake and have it. One man's scam is another's legitimate business........
"My wife works in a high street bank"
Stop!
You have the answer right there.
High street banks should be training their customers to resist frauds.
But do they? No they train them to fall for frauds.
They have digital marketing companies <spit/> send out emails which bear all the signs of phishing emails by purporting to be from the bank but are clearly not from the bank's domain and which include links which are also not to the bank's domain.
They phone customers and expect the customer they phoned to prove their identity without making the slightest provision to authenticate that they really are the bank.
And yet they, of all people, have most to lose. The marketing people are in charge which is another way of saying the lunatics have taken over the asylum.
"They phone customers and expect the customer they phoned to prove their identity without making the slightest provision to authenticate that they really are the bank."
Ah yes, the perennial problem of the Bank phoning you up and then asking you to prove who you are! Tell me this - if you ring up someone you've never spoken to before, how do you know that the person who has picked up the phone is them? You can prove that you are the bank by getting them to phone you back on your bank number. It's pretty certain that if you phone a bank, the person you end up speaking to works for the bank.
But if the bank phones Mr Smith's phone, to talk to Mr Smith, how do they know it's Mr Smith who's actually answered? That's why they ask you to prove who you are, even though they phoned you. I agree that you then don't know that it's the bank you're talking to though. There really is no answer to this one, as eventually one side has to trust the other, but the banks are aware of this, and until we get video phones it's the only method they have.
Put another way, how would you suggest the bank proves who they are? By divulging details over the phone that only you would know...when they don't actually know if it's really you or not? Would you like the bank to phone your house and prove their identity by telling your date of birth and mother's maiden name to the person who's answered your phone...who might not be you?
If you can think of a foolproof way for both participants in a phone conversation to prove their identity to each-other with no security risk, then patent it right away, because it'll make you a millionaire.
"You can prove that you are the bank by getting them to phone you back on your bank number. It's pretty certain that if you phone a bank, the person you end up speaking to works for the bank."
There's actually a well-known scam based on this. The scammer puts a recording of a dial tone on the line to fake having hung up and then an accomplice takes over the call after the mark has gone through the motions of calling back. Ring-back verification only works if you call back on a different line.
"There really is no answer to this one, as eventually one side has to trust the other, but the banks are aware of this"
They show no indication of such awareness. The proof that they expect you to offer is the sort of information a scammer would need to impersonate you. It's no different to a faux website at www.somebnk.com collecting passwords from a mistyped URL. The onus has to be on the originator of the call.
As to your challenge there are three responses to this
(a) it's the banks' problem - they should have solved it before they started making the calls;
(b) you have an agreed set of information which they will use to identify themselves and which is different to that which you use to identify yourself, a solution so blindingly obvious that even the USPO should be able to reject a patent application;
(c) absent any such arrangement a few moment's thought should reveal to you an obvious technique which you can apply unilaterally, which works equally well with passwords if you're not sure the site is genuine and which will actually impede the fraudster so long as everybody doesn't start using it.
Next time you do a Windows update, include something that, if someone starts to install a Remote Access program on their system, puts up a warning page saying "If you have had a call from someone claiming to be from Microsoft, it's a scam. (And don't pay any attention to them telling you to ignore this message)"!
It's great fun to string these guys along if you have the time. If you keep them going long enough, you can make appointments for them to call you back at a more convenient time (they're very prompt) and with a bit of perseverance you can even get their address (which looks believable based on Google StreetView) as well as a whole load of other info about them.
The nice lady I spoke to at the fraud prevention line was very grateful for the info received and admitted that while she had to tell me off for engaging with them (which is the wrong thing to do) she quite admired how much I'd managed to get out of them.
Depends on how bored I am when they call, usually ask them which of my Windows machines it is as I have 4 devices running different versions. Often they aren't even smart enough to hazard a guess at any common version, though one did once & guessed Vista (which I don't have). If I'm round visiting my neighbour I often take calls when her phone rings as she's old & rather deaf and have fun with these as she doesn't have any form of computer in the house.
Say you'll get the person - son, wife, husband, whatever- who deals with these things and put the phone down. If you've got the energy pick it up every now and then and say he/she's just coming but has got to deal with x first and was able to tell you he/she's worried about the issue and wants to speak with the caller ... If you can run this through speakers while keeping the mike turned off this can be quite amusing.
My father, who is well into his 70's had one of these calls.
He runs Linux (that he installs and maintains himself) and kept them talking for 50 minutes by playing dumb and being deliberately slow, then told then he had to go out, and could they ring back. They did, and he kept stringing them along for a further 40 minutes before he got bored and told them he ran Linux. Apparently they know some very rude words!
So who can beat 1 ½ hours
His logic was, well if I keep them talking they have less time to possibly scam one of my friends, and it will cost them both time and money to be on the phone to me that long.
I've had one of these calls. I kept the guy on hold whilst I switched my computer on....he waited for 15 minutes. Eventually I picked up the phone after telling him it would not switch on. He said this might be because of serious virus infection.....He asked me to "pull the power cord out of the back as this will reset the parameters of the system motherboard".....I told him I couldn't find the cable....he asked why......I said "it's dark in my house at the moment, we've had a power cut for the last 2 hours, do you think the power cut is caused by my computer virus?"......he hung up.
My wife runs a Mac...
A few years back we were in the midst of a major home renovation. The replacement doors and windows had been delivered and were stored awaiting installation.
Phone rings:
Scammer: "Ma'am, we have detected a problem with your Windows"
Wife: Many expletives, followed by "Then you'd better come and replacement them NOW as we need them installing next week".
Scammer: Hangs up.
Wife: Very confused.
Not that I personally need any GUI clutter but could Microsoft not include a prompt for people when attempted to access eventvwr for the first time - asking them some obvious questions like "are you here because someone called you today?"
Just an idea - might save a % of poor sods from getting scammed.
And those who sniff at those who get scammed because it could never happen to them - just be patient, one day if you are unlucky it will happen to you in another field - via a car mechanic, builder, electrician, plumber, roofer, lawyer - anywhere where you are less than confident you can get scammed.
Actually I'd put money on us all having been scammed by one of the above already but we simply never noticed it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
