Trying to unmask the fake Microsoft support scammers!

"This Is Called Full Co-Operation"....

"This Is Called Full Co-Operation"....I am Proud To Be Me http://t.co/tduagA0 via @wordpressdotcom

Martijn Grooten

Re: 10 - I did get lucky once and my fake CC details were accepted. What they did afterwards was make some halfhearted attempts to clean up my machine with some free tools. Nothing that would have been worth the 90 pounds I supposedly paid - but at the same time, it could have made some victims' machines a little better/faster/cleaner.

(I will speak about this at VB2012 btw.)

re: 10

Hi Martijn,

Thank you for your comment! Thats great, i will also be presenting at VB2012, we should hook up for a beer. If you would want any of my information from this scam, just mail me at my kaspersky-mail and i can share some info.

Im looking forward to hear what you have to stay about these scams.

See you in Dallas man!

I also managed to get one of these guys on the phone, it seems they are using various VOIP services to make it look like in country calls, they will also tailor the call geographically as well to the nearest city to you. I made various audio recordings and videos of what they were up to. All very entertaining, I think I managed to keep them on the phone for 45+ mins.

In this instance they were using logmein services and specially one of their URLs that made the call look very legit.

Speaking to logmein after the scammer called, they said they were almost powerless to stop the scammers using their systems as the scammers used the trail versions of their products. All seem a little bit of an excuse to be honest. I had expected more from logmein.

I could share some of the material you would like it.

rferris

Similar Scam in UK

Hi David
I too am plagued by similar phone call at the rate of at least 2 a week, by somebody purporting to come for 'Windows', who told me that my PC was infected. I did once get as far as them directing me to a website that has a home page that looks like "My Computer", (well My Computer if you were still running Xp that is). The page showed that my "C" Drive was very infected with numerous virus' and other malware, but then he hung up, I guess he had cottoned on to me trying to sound worried at the sight of all these warnings. I guess the next step would be along similar line to the one you encountered, with somebody accessing my PC to 'Clean' it up and then charge me.

Regards

Richard

Telephone Scammers

Nice post, thank you!
In Japan, such scams are not that sophisticated, 'they' just call some old folks and state "Hey, I am your son and I am in trouble, please wire me some money". Sadly it still works again and again and again :/

One of Martijn's co-presenters...

Nice summary. I hadn't come across the VERIFY wrinkle: just commented on it (with credit, of course) for the ESET blog. ;-)

Very interesting article.

I received a phone call from my mother the other day as she had received a call like this in the lawyers office where she works in Scotland.

I have received similar calls over the years from people purporting to be from a variety of software companies however I have heard many more instances of this particular scam being reported in Scotland and Ireland recently (which is unusual as you usually hear these reports coming from England more than those places).

Just glad my mother had the sense to ask me first before putting her company credit card at risk!

I've been receiving these calls a lot the last few days. I haven't actually answered the phone (I don't answer from numbers I don't recognize) but when I google the phone numbers the comments are always about this scam. The phone numbers the last few days were from 122538203089 and tonight it was 516-746-9347 (which is an area code that is similar to a local one).
My question/comment is this: Could they have already placed a virus on my computer because I just realized tonight that at least the last couple times they've called was about 10 to 15 minutes after I turned my computer on. Kinda creeps me out.
And a week or so ago my husband answered the phone to a private number and it was someone with what he said was a heavy Indian accent trying to sell us something related to our electricity bill (well he asked for me). The phone calls from the numbers associated with the scam started a couple days later.

Please Help Kaspersky Lab

This is a Canadian Law Enforcement Address,And a Cleveland Fbi Address.How long do we have to piut up with such Ignorant Human beings?This is very,very serious.Locking up Phone Service,Isn't a joke.We have Officials,Military Intelligence,That use computers to communicate.

I´d like to point out that the same happened to Mac OS users. As long as i noticed mostly located in Germany UK. Some reports show that targeted persons were perplexed by the fact that the caller knew their OS. But since there is no indication of compromised devices, they might used a few simple sounding questions indicating the used OS. Most of them were told that their system is infected and is sending mails/spam everywhere, their "company" noticed that and will help to clean the system. They advise them to visit a website, enter a told code, download and execute a file, enter their admin password in this process and allow a remote session.

The phone id is from UK, the caller are not native german or english speaker. Since most reports came from people who found that behavior suspicious and didn´t followed through the complete process, their is atm no indication what would have been installed and i wasn´t able to get hands on an infected device yet.

Fox Hounds?

Well done on use of very standard anti-crime technologies to bring about a better game of Fox Hounds! These (for me) India based operatives pose themselves as being from Microsoft (to whom they seem to have an inside informant) and tell me that they are here to help me resolve my computer problems... and then they want to access my computer remotely. They are nosy and open up strange files that do not do anything such as the task manager. They want me to believe that normal operations are defects and then tried to download "Spybot.exe" - When I resisted because this would conflict with my anti-virus program the session was closed and this alien hung up. They can be avoided, but a better game would be a reverse flim-flam or Sting. Trouble with this is that Law Enforcement has no interest in crime prevention only in questioning victims. Unfortunate, but true. Any bright ideas? << Wm

Got called yesterday.

I hadnt heard of this scam before but I got called yesterday but it was pretty easily to identify that something was fishy. Apparently they are from microsoft.. too bad for them that I'm running redhat linux on my pc.

www.fastsupport.com scam

I actually do have an issue after I tried downloading microsoft office 2010 to my PC
I was instructed to download xp service pack 3. When I did my PC started rebooting.
I was sent a survey asking how my experience was after my download. I expressed I was unhappy. So when I got the phone call I thought it was in response to my survey. I was already in my PC in safe mode. The indian dude asked me to log on safe mode with networking and had me go to www.fastsupport.com. Then I was told that the technical support rep was taking over my computer and would call me shortly. We got disconnected and I was called back. They restated that a tech was taking over my PC and that I would be called. The first number was a CA number. The second number was a NY number. As I watched the remote access I noted that no one called me and that they were going to various web sites. When they went to western union I decided to a shutdown my PC. No one called back. When I tried calling both numbers I got the disconnected recording. Although I gave no information I am concerned if they accessed any info from my PC. What should I do?

The beat goes on, also in Holland.

Yes, I also got a call a couple of weeks ago. English speaking help desk people. Luckily I had already learned about this scam thing and David's brilliant setup, so I kept the scammers in the dark at first and just played along.

First of all, I had a hard time not to laugh since the scammers told me of all the Windows' system errors they had received from my computer. I then asked them, which of my computers had sent the errors (since I have several of them running). They told me "the one you used most". Yeah, right...

Anyway, I had my fun for a few minutes, after which I told them and explained to them that they were simple frauds (I didn't have a Windows VM ready). None of my computers actually run Windows software since I use Ubuntu Linux. I told them that I just kept them on the phone long enough for me to track them and notify the police, who would arrive in seconds.

Somehow the guy hung up the phone very quickly... :o)

Haha good one

I work for an MSP myself and would deal with allot of viruses. You know those fake ones that say regular system files are infected OR just makes a fake list period. Well for a while the moron who wrote the software was stupid enough to include a phone number. That number went to a supposed 3rd party call center where they would provide "support". More like hustle you for more money.

I had a chance around that time to also speak with a public servant who worked in computer crime. He told me straight out that most of the time nothing is done due to jurisdiction. If the number isn't in your respective country then good chance you may be @$$ed out. Part of the other reason aside from jurisdiction is that some of these scams are government sponsored. Not much of a shocker really. On the other hand though it is perfectly legal for you to say whatever and I mean whatever you want to them. Goes both ways hehe :)

So whenever I feel blue or just angry and want to cheer myself up I would give those jack holes a call. One time in a drunken rage I was asked for the last 4 digits of a credit card. I gave him a random number and he asked "are you John Asdflkashjd". I was toasted so I didn't catch the last name but I yelled 'YES I AM GIVE ME MY {bleeping} MONEY BACK'. Long story short the scammer got scammed muahahaha!

Unfortunately I haven't gotten any calls from those fake MS guys, I would soooo gank those fools too haha.

My little story.

I’ve had many of these bogus calls. The latest was yesterday. This guy with an Indian accent and called himself Jack Martin. He gives me the usual nonsense of my computer is infected. I ask him what operating system I’m running, he tells me Windows 7. This is wrong so I know full well it’s a scam. I lose my temper to quick and politely tell him to **** off.

I remember one chap went through all the operating systems Microsoft brought out in order for him to pick the right one. Another one after he introduced himself, I can’t remember the name he used, but after a few minutes I asked him for his name again, he gave me a different name from the first. I assume they have a list of names they use. I won’t go very far with these idiots. I’d never let them into my computer.

I just got this call yesterday and unfortunately did not know about it. I didn't give them credit card information because when they overreacted about my computer being so out of date I thought it sounded a bit dodgy and looked on my other computer while they were on the phone and saw all the scam alerts. They had already gained access and I had a heck of a time logging off. Called Microsoft and spent 3 hrs and $100 to get everything uninstalled. I'm trying to let everyone know. Truly truly made me mad.

francisvoignier

This just happened to me this morning. Someone with a heavy Hindu accent in a busy call center rang to informed me my computer was being used by a 2nd party to send spam, and that they, at Microsoft could help me clean things up. I was wondering why this guy was putting me through steps which could be done with the use of much more simple paths... Same thing as with your article with the pseudo security code, etc... By curiosity, I stuck with the caller for a while and when he directed me to the Teamviewer main page, I knew the game was over. But for a sec, he had me confused... Yes, they are still at it people!

Entertaining half hour with a scammer.

I had a similar experience to David, having been called on and on for the last year for at least 8 times or so, me as well as my wife. I always get an English speaking guy on the phone with an Indian accent and a lot of call center noise in the background who says he calls from the windows computer center and my computer has been sending errors and warnings so they suspect that it is infected. I normally just hang up or yell something mad at them first. But this morning when they called again I decided to play along with them for a while because I was intrigued by their persistence and who these guys are.
I asked him for his name and company and how they got my phone number. He gave a fake name and said he was from Microsoft. He even gave me a fake jobid number (8007). He said he got my number because I gave my personal information when I bought my computer. Then I asked: so my computer store gives my phone number to Microsoft? Then he made up some confusing story about my software license and the personal information I gave them. I decided to go on and see what he was going to do. So I asked him what his intention was. He said he wanted to show me the threats on my computer and asked me to logon and enter the event viewer. I started being careful but pressed on. There he asked me to set a filter on errors and warnings and asked me how many errors there were. When I told him there were more than 2000 he faked to be shocked and asked when the first error was occurring and then said OMG in only two months you have this number of errors. This shows there is something definitely wrong with the computer. Then he asked to start the url www.fastsupport.com from the run box to check on the threats on the computer. This was going to far for me, so I said I don't trust you, why would Microsoft call every computer owner with a virus. They would have a hell of a job. He then said that my computer was sending errors and warnings to Microsoft, just like when you have a program that crashes and the OS asks you to send an error report to Microsoft. I was not the only one but he was checking other computers in England and Canada this morning. I than said please prove to me that you're not fake. I must say that he was not in the least taken aback and persisted in a friendly manner that he was from Microsoft and that they wanted to help me because of the threats to my computer. I said well then I will call Microsoft to see if they have an employee with that number and name. Then he claimed that he could prove he was not fake because he knew the license id Microsoft issued to me and I was curious how he would pull that one off, so I agreed and he started enumerating the digits of the same CLSID as used with David above and after that he told me how to start a cmd window and then execute the assoc command. I was wandering what was coming but wanted to go on while harmless actions where asked from me. He showed me that the CLS ID was in the output of the assoc command. When he said: you see this proves that I'm not a fake so you can type in the url www.fastsupport.com in the run box. I told him I now was completely sure he was a fake as this number was just a class identifier that is the same in every windows computer. And than I was fed up with all this and hung up on him.
I must say I am surprised how friendly and persistent these guys are even when confronted with the truth. And I can imagine people without computer knowledge being fooled by them. It's a big shame. I hope these criminals get caught soon.

Thanks to all for confirming my own experience with your stories and beware!.

Regards Pieter de Kam, The Netherlands

Scammers

I, too, have been bombarded with these calls from these creeps and their MO is the same as many people here have reported.

The phone number simply showed 1234567890. I didn't take the time to get creative like David but past experience capturing this info didn't go far. The US doesn't regulate foreign sources.

I am well aware this is a scam and got fed up this time. I've told them repeatedly NOT to call but they do it again anyway.

After about 20 minutes, they started giving me bunch of double talk when I persisted in seeking answers to specific questions. When I insisted he give me his phone number, he said "I don't want to talk to you anymore". LOL. Finally. Geez

I wish we could nail these creeps...

Teresa Farquhar, California

Annoying Fake Microsoft Technician

I was searching for some information on this subject to see how others were dealing with these calls ,I see the story and post started last year,and it's still going on. I have received two calls this week along ,from these pests.Hanging up on them don't work they still call back usually from blocked numbers,but today I guess (Spencer?)forgot to block because a list of numbers showed up on my caller id M41215570200022. It would really be great if all of these creeps could be caught.

Claudia Hunter,Alabama

I got one today

Yep. Got a call from someone with a Vietnamese accent. They were from "New York" (of course ;-))
Unknown caller showed on the ID, and I had to answer Detective Martin, cyber crime unit, start talking. They went through the same spiel, but seemed quite nervous and hung up after I asked for a call back number and their supervisor's name. I wanted to ask what time it was in "New York", but they ended the call. Too bad.

My wife got scammend, South Africa

They phoned yesterday and she thought this was the right thing to do.I walk in onto this hole thing still in prosess but to late to stop the payment. Whe stopped the bank cards and ask for a reversal, they said we need to wait 5days...they will ivesticate.

Never the less, where can I report this who would actually do something about the scammers to prevent them scamming the next one.

Problem is that my wife runs her own accounting bussiness from home and all her clients detail is allso on the her PC they hacked onto and we do not know what type of information they will be able to use.

chin wag with Indian scammer

I'm plagued with "are you the owner of the computer and it may be infected"
I take them all the way to final ID box for remote connection, then fumble which annoys them intensly - then stop.
This time I got talking to the scammer and found out they operate from Deli from a call center with 14 people in it.
Outside of the script they have little idea of computer technology, only trained in leading you on to reveal your ID.
Phone numbers come up automatically on their screens.
The web site they use is www.ammyy.com but also www.universaltechcare.com
If connection is made to your computer then total remote control of desktop, loading files, uploading personal details, malware etc. It's possible that login details are passed to another agency and who knows what they can do!
If infected I have advised to wipe hard drive and reload operating system.

Edited by oldbloke, 2013 May 20, 14:09