Tech support scams are no laughing matter. They’re capable of infecting unsuspecting users’ computers with malware and robing innocent people of their hard-earned money. It’s therefore not surprising that we’ve witnessed the emergence of numerous initiatives designed to counter tech support scammers over the past few years. Many of these offensives turn robocalls against fraudsters in an attempt to take up their valuable time. Some do so legally. Others skirt the category of a distributed denial-of-service (DDoS) service.
But it doesn’t always need to be complicated. Sometimes, all you want to do is tell a fraudster straight out that you’re on to them and that you intend to report them to the authorities.
I’ve certainly felt that way before. You see, I occasionally work at home, and from time to time, I get a cold call from “MICROSOFT in India.” I often times act out this gag and play along with the fraudster. It’s fun to waste their time.
One day in late September 2017, I got the idea to record the call using my iPhone. You can access the recording here.
Listening to the recording now, it’s scary to hear how hard they tried to convince me they were from Microsoft. They really wanted me to me trust them and give into the fear that Microsoft was calling me because something was seriously wrong with my computer. Of course, I was onto them from the start.
The scammers were certainly methodical in their ruse. Initially, the caller went through a few questions, and when they identified that I was ‘willing to bite’, I was passed on to someone else in the team who was more technical. First, they got me to load EventViewer in Windows 7. It’s a feature that lets administrators see event logs on a machine running Microsoft’s operating system. Many harmless errors pop up over the course of using a Windows computer. But that’s not what fraudsters would have an unsuspecting user believe.
Here’s a snippet from our call to illustrate that point:
Scammer: Now once you’ve clicked on “Administrative Errors,” do you find any changes on the middle of the box?
Me: Yes, quite a lot of errors. Are these the attacks?
Scammer: Yes. Do you have any idea why you’re getting these types of warning errors on the main administrative box?
Me: No, I generally get my son to look after my computer, so I really don’t know what you’re talking about.
Scammer: Okay, sir. So you basically don’t understand why you’re not getting any of these errors and warnings. Is that correct, sir?
Me: Yes, that’s correct.
Scammer: Here’s what happens, sir. Whenever you go do any activities on your computer, at that point in time these malicious files and hacking tools are getting downloaded inside of your computer without your knowledge, which day by day can corrupt the administrative part as well as the boot sector part of your computer.
Truly despicable. But they thought they had me roped in, so I went along with it. I let them guide me to help93.com via the command line and download a remote-control application. At that point, I asked him to confirm he was from Microsoft, so he showed me how to get a CLSID entry up in a command prompt. A CLSID entry is a globally unique identifier for COM class identities for systems running Windows. In this example, they chose a reference that would be the same for every Windows platform; however, they informed me this stood for Computer License Security Identification and that only two people knew this ID, Microsoft and myself, and told me to keep it secret. Clearly, this guy from India Microsoft was legit, right?
By now, I had spent 20 minutes on the call with him. It was time to end the charade. So I used the remote-control software warning against the scammer.
Here’s what I said:
Me: I’m reading this, okay? It says: “By starting the Supremo connection, you’re allowing the remote control of your computer or server. Don’t allow unknown people to get control of your machine.” And then it says: “Neither Nanosystems nor Microsoft contact individuals offering unsolicited support services….” It tells me you’re a fraudster…. Are you a fraudster….? Right, this call has been recorded, you are a fraudster, and I am a technology professional. I know exactly what you are doing. Everything has been recorded, and we will report it to the authorities. Goodbye.
Five minutes later, a manager from “MICROSOFT India” called me up to try to reassure me that they were legit. The game was over. I said I had the recording and would report it, which caused him to start swearing and yelling at me. I laughed, hung up, and nuked the isolated virtual machine I had been using during our call.
All Kidding Aside….
It’s important for everyone to take that warning I read back to the tech support scammer to heart. Don’t give control of your computer to anyone you don’t know. Additionally, companies like Microsoft will never call you up and try to get you to purchase software. If someone does ring you and says they’re from Microsoft, they’re in all likelihood a scammer. Just hang up…or if you’re feeling daring, press the record button on your phone and have a little bit of fun.
To listen to the full conversation between the scammer and I, click here.
This is a Security Bloggers Network syndicated blog post. Read the original at: The State of Security 2017-10-12.