For a while now there have been stories of innocent people getting taken advantage by scammers on the phone. A particular variant of scam that I’ve heard about a bit in the last year is where the scammer claims to be a Support Representative from Microsoft and that Microsoft has identified your computer as the source of viral activity on the internet. Then, they ask for remote control of your computer so they can show you all the things that are wrong. To the person who doesn’t know a lot about computers, the information that the scammer shows you from your own computer is intimidating and scary.
Family and friends of mine have been called, some even ended up paying before realizing too late that they fell for the scam. I’ve always wished that I would get called so that I could deliver a dose of payback. Today I got that chance.
It isn’t too often I answer the phone for “Unknown Caller” but today I felt adventurous. I was surprised and delighted to hear that it was a tech support rep from Microsoft (Let’s call him Bob). As a computer guy, I have multiple Virtual Machines (or Virtual Computers) ready to fire up. So I picked one, created a snapshot (so I can restore back safely) and started it while delaying Bob’s show. Once it started I played dumb and eager to have his help. He walked me through various normal commands to show me all the things that are wrong with the computer. (There was nothing wrong with the computer, it was a fresh install.)
As Bob walked me through the various screens trying to prove to me it was indeed infected, I was busy preparing a surprise for him. He did his best to convince me that there was something wrong and that he can subscribe me to a service where their technicians will clean my computer and keep it protected. Just as I finished preparing my surprise, he brought me to a screen that asked me for my credit card information. I filled out the form, then I told him I had to open a file that contained my credit card information. He assured me he was unable to view my screen and that it was safe to open the file. I opened the credit card file (which really was my surprise), and then told Bob that something bad happened and I needed his help. This is what he read:
This phone call, detailed network traffic and screen cast have been recorded.
The person you have called knows senior people with the National Cyber Investigative Joint Task Force.
The computer you have connected to is a Virtual Machine specialized for this purpose.
If you would like to prevent this information from reaching officials, you need to arrange a secure funds transfer in the amount of $10,000USD.
After Bob read this, he asked me what he was reading. I told Bob that the note should be very clear. Bob then did his best to assure me that this was not a scam. I told Bob as an experienced Computer Programmer and Analyst that the steps he took to “convince me” things were wrong was indeed a scam.
After a little bit of arguing back and forth Bob told me “What you are doing here is bull-shit”. I snickered and replied “well I guess that makes 2 of us”.
Bob then asked “well then what do you want me to do?”. I replied that those instructions were also in the note he was reading. During this time Bob was taking steps to erase what he had done (such as delete a temporary local web page that he used to launch his credit card processing form on Paypal).
Next he again started to tell me how what he was doing was not a scam. I told Bob: “Well if this isn’t a scam, then you and your company have nothing to worry about. We are done here”. As I was hanging up I could hear Bob yelling: “No, No, Wait!…CLICK”. Immediately after hanging up, Bob (I assume) tried calling my house 6 times to get a hold of me. Obviously I was in no rush to talk to him. Unfortunately, he did not leave a voice mail.
Disclaimer: I did not actually record anything (phone call, network traffic, screen cast). I also did not verbally discuss with Bob terms of payment or any discussion regarding payment. Lastly, I did not intend to collect payment.
Disclaimer: I did have a ton of fun doing this, and hope Bob is enjoying a change of shorts.
Note: Microsoft will never call you. They have a web page dedicated to helping people avoid phone scams.