19/06/2013

A curious phone call – when a help desk scammer offers you a job

A curious phone call – when a help desk scammer offers you a job Warning

Having received such a cold call, I am in good company: A study, commissioned by Microsoft Trustworthy Computing in 2011, revealed that this tactic has taken in many people: 15% of a group of 7,000 computer users from four countries had already received such calls and 22% of those who were called, fell for scammers in some way or the other.

According to Microsoft’s study, the average amount of money stolen was US$875 and the average costs of repairing damage amount up to US$1,730! Scammers try to trick users into believing that their computer is infected and/or has a defect, often by having them look at the Windows Event Viewer which typically shows lots of harmless or low-level errors. The victims are supposed to pay for the "help", very often for worthless software. Actually, in many cases the ‘recommended software’ is malware that might steal online account information and passwords or harms the computer in other ways. The scammers try to convince their victim to download ‘recommended software’ or even let the "technician" remotely access the PC.
I did not let any of this happen, but have a look at what happened:

The phone call

The caller appeared to be a helpdesk guy who wanted to help me with some problems on my laptop – even though I did not even know that I had any problems with it. I had not initiated any service or support request to anybody. Well, of course I did know the method of help desk scammers, as this scam scenario is not new at all. So, I listened very carefully to what the guy wanted me to do and simultaneously turned on my voice recorder after missing only the first few seconds of the conversation.

The first contact was made by a kind of first-level support technician whose task was to determine the called person’s computer environment. Is the computer turned on? Is it a private computer?
After receiving the information, the technician quickly decided to pass on the call to his “senior supervisor”. Aha, ok. Well. We were still part of the game.

Technician 1:    Ok, Sir. So, just... so, Sir, I transfer my call to a senior supervisor, ok?
Willems:           Yes.
Technician 1:    Hold on a second. Just hold on one moment.
Willems:           Ya.

Technician #2 did not lose any time at all. He immediately tried to talk me into opening the Windows command line and opening the Windows Event Viewer – the usual entry point for scams of such a kind, because the low-lever errors displayed there can confuse and frighten the average computer user. This can make it easier for scammers to sell and of the offered services.
And, hell yeah, this guy showed some incredible patience! He must have been trained well to talk to (alleged) computer illiterates – obviously, because the computer-savvy folks already know about the scam and either hang up or play the game as we played it, too.

Anyway, after some discussions, I revealed that I was working for a security company whose name I didn't want to mention. It turned out that, by acting as I did, he suddenly also refused to say for which company he worked for. What a polite person and trustworthy support-technician he was!

Willems:           And for which company are you working now? So, you are calling from which company?
Technician 2:    Sir, first of all I have to ask you a question like what is your ### company name. Then now you are asking to me. So, if you are not who you are telling me your company name, why should I would tell YOU? *angry*

 

Actually, he vented his anger and implied that I was lying about my profession:

Technician 2:     If you'd be really the like working for the like, eh, some security company, then it should be known like Windows is manufacturing such a way anything can be happen at any time.
Willems:           Yes.
Technician 2:    They are not complete applications. It's not complete software! Ok?

 

 

Now, the surprise:

After saying that I was working for G Data he told me that he was actually *drum roll* … offering me a job! Unbelievable! I just started to discredit his ‘work’, to blame him to dupe unknowing computer users and he offers me a job!

Technician 2:    Ok, ### will talk to you, because I put you to work with us. Because you are also a nice technician.

He then even revealed what company he is working for. At least he wanted me to believe that he works for a well-known company:

Technician 2:     […] We are working for, like a, Windows technical dept. We do provide help and support on the Windows operating system.
Willems:          Yes.
Technician 2:    I do hope, sir, you have heard about like Symantec. Have you heard about Symantec? Company name? Symantec?
Willems:    Symantec? Yes. Yes, I know them, yes.
Technician 2:   Yes.
Willems:          Yeah.
Technician 2:   Yeah.
Willems:         Yes.
Techician 2:    We are working for that.

He asked for my email address (for the necessary paperwork), which, of course, I refused to give. Then, I started a new round of reproof and just when I gained momentum, I heard a surprising but somehow satisfying ‘beep beep beep beep’. The line went dead.



Cold calls such as this one are nothing entirely new. Scammers have used the phone lines to dupe Windows users into putting malware on their machines or paying for worthless help before. Microsoft is aware of the problem and was one of the first to put up the problem two years ago.

This call was in English but, of course, these scammers operate internationally and might also talk various other languages when they are calling you! Listen to the whole recorded conversation and be prepared for the moment you receive a phone call like this:


And remember: “You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes”, says Microsoft.

Advice when encountering such calls:

  • Do not fall for self-proclaimed descriptions like “Windows Expert” or similar. Remain cautious is someone insists on being a “Microsoft Partner” - Almost anybody can easily become an official Microsoft Partner.
  • Do not reveal any (personal) information to the caller – neither names nor phone numbers, email addresses, computer configurations, software registry keys or bank account details!
  • Do not pay for any of the proposed services!
  • Do not grant remote access to your computer!
  • Do not install any software that is recommended to you by the alleged technician!
  • Do not visit any website the alleged technician wants you to visit – it might be prepared to infect your machine!