ISC Diary

Refresh Latest Diaries

Handler on Duty:
Adrien de Beaupre
Contact Us

Fake tech reps calling

Published: 2012-03-30,
Last Updated: 2012-03-30 21:38:53 UTC
by Daniel Wesemann (Version: 1)

Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys.

ISC reader Fred received such a call earlier today. The caller claimed to be from the "Tech department of Windows" and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed "You indeed have the deadly errors" .. and proceeded to ask Fred to connect to www.ammyy.com and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.

Bottom line: If "tech support" calls you without you having opened a ticket with them first, be veeery suspicious. Chances are high it is a scam.

Keywords: scam

Comments

I had a relative who fell for this. She "bought" a package from them to fix it and it came with yearly maintenance.

They took her credit card info over the phone and processed it through google checkout. They created the google checkout account for her. I had her cancel the card.

They installed some generic speed boost and registry fix stuff on the computer. I didn't see anything malicious installed, but I re-formatted it anyways.

They used ammyy to access her computer as well, but from what I can tell it's legitimate software. I've heard stories about the scammers using logmein rescue as well, which is definitely legit software.

posted by JRS, Fri Mar 30 2012, 22:01

The BBC's technology correspondent, Rory Cellan-Jones has tweeted this conversation with one of the scammers:

http://soundcloud.com/rorycellan/another-call-about-my-windows

posted by Phil, Sat Mar 31 2012, 16:01

I've had over 50 customers in the past 12 months that have had this phone call. It is also interesting to note that the "Microsoft rep" on the line also has the name of the potential victim and sometimes other personal information Many times they will announce that Microsoft can see their computer is infected with a worm and it must be removed or the computer will be deactivated. Luckily, with a little education, most people will not fall for this bogus come-on.

posted by Seedy, Sun Apr 01 2012, 06:38

Oh how I wish they would call me. I don't have a single Microsoft product in my network ;) Just think of the fun I could have.

posted by Jeff@HackDefendr, Sun Apr 01 2012, 21:25

My father's girlfriend got called by www.webtecsupport.com - who told her they were from Microsoft - and having scared her, she paid $230 for them to run a spyware scan and defrag her hard disk. I expected the system to be loaded with malware when I got my hands on it - but not a bit of it. If you check their comedy website, one of the terms you have to agree to is that you understand they really are NOT affiliated with Microsoft. Still bastards, however.

Reason she never checked with me? "You were on holiday and I didn't want to bother you".

ARGH!

posted by lans, Mon Apr 02 2012, 08:38

I received a call last night from one of my clients about a wireless network issue, and she happened to mention in passing that Microsoft called her about a virus. Luckily she was savvy enough to call their bluff, and when she asked "Who are you?" to the 'technician' on the phone, he simply said "Your husband" and hung up.

She then promptly ran a virus scan and found no threats.

Gotta love the different angles the bad guys are exploiting these days.

posted by Steve B., Mon Apr 02 2012, 12:11

"one of the terms you have to agree to is that you understand they really are NOT affiliated with Microsoft. Still bastards, however."

Just because they put it in there terms doesn't mean what's going on isn't fraud and illegal.

posted by dsh, Mon Apr 02 2012, 13:22

I got this call today and it took me a second to get in the mindset to record the conversation. However, I did... and it almost matches word for word with what happened to me. However, they hung up before we got to the remote control piece.

posted by TrustedDefense, Mon Apr 02 2012, 18:51

This scam has been widespread in New Zealand for perhaps a year. I've had three calls claiming to be "Microsoft Tech Support", all with strong Indian accents. The last two calls I've simply told them I know what they're up to, and they just hang up. The first time I pretended to run the command and when she asked what I saw I replied "My PC has crashed". "What is that?" she asked. "It has crashed. I cannot do anything", I replied. "But Sir, that is not possible" she said - with a surprised tone, and hung up on me. They're not only scammers, they are rude scammers.

posted by lanceanz, Mon Apr 02 2012, 20:13

I had one call and I was curious where it would go, so I pretended to look in my event log, etc.

Eventually they had me install some remote control software, which naturally wouldn't work with the link they gave me. So being helpful, I installed the Mac version and let them come in and do their thing.

They asked me to log into my bank account so I could pay for the services at which point I sadly had to decline.

posted by nowakca, Mon Apr 02 2012, 21:24

Next they will be visiting people at their door to gain physical access and go that one step further. Watch this space.

posted by amilroy, Thu Apr 05 2012, 08:34

New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form

Diary Archives