[Tfug] A Strange Phone Call

Claude Rubinson cjr at grundrisse.org
Tue Jul 3 21:57:24 MST 2012

This is really great.  Particularly since they went to such lengths to
hold onto you.  I worked as a magazine telemarketer one summer back in
high school and the m.o. there was to cut bait at the first sign of
resistance, as it was understood to be simply a numbers game.

I haven't had a phishing phone call in a while (last one was back in
Tucson when those Spanish-speaking recorded messages were going
around).  But I have noticed an uptick in phishing emails making it
through my spam filter, and they're more sophisticated/psychological
than in the past.  Some of the recent ones have been of the form "Hey
$FIRSTNAME! I saw this picture of your naked girlfriend on the web!"
or "$FIRSTNAME--I can't believe that you would post such lies about
me; I'm going to report you to the authorities!"--They're all designed
to agitate you such that you double-click on the attached trojan
before thinking it through.  And I expect that they're far more
effective than Nigerian scams and emails about your friend being


On Tue, Jul 03, 2012 at 06:29:10PM -0700, John Gruenenfelder wrote:
> Hello again,
> I'd like to share a very strange computer scam phone call I just
> received today...
> At about 4 PM I received a call on the house's land line and the
> caller ID said unknown caller and the number was all zeros.  The
> caller had a very heavy Indian accent and I could tell that it was a
> scam in under 30 seconds.  I have never received such a phone call nor
> have I ever heard of computer maintenance/security "companies" doing
> cold call scams before so I though I would play along to see what they
> would do and what they would ask for.
> The caller, as best I could make out, was calling because my Windows
> computer had sent them information indicating that there were errors
> and/or malicious programs running.  He wanted to walk through some
> steps with me to verify the problem.
> I was on the phone for just under an hour in all, primarily because
> this first person was excruciatingly slow and didn't understand
> English very well.  He insisted on spelling everything out and would
> ask each question multiple times.  Now, at no time was I actually in
> front of a computer.  Rather, I was sitting on the couch watching
> Jeopardy, but I'm not new to this so I figured I could just wing it.
> Also, it became apparent rather quickly that if I mumbled my answers
> then this person would try to explain what I was "seeing" and ask me
> to verify.  Because of this, I could usually just wait until he
> prompted me somehow and then I would just confirm his suspicions or
> make up numbers.
> He asked me to open Windows run prompt and to start the event viewer.
> We then looked at several log files (or, rather, pretended to) and he
> would ask how many warnings and errors I was seeing.  With more
> prompting, he would ask if it was more than ten.  Each time we looked
> at a log and I confirmed that there were many errors, he would say in
> a concerned voice "Oh my god..." and tell me how bad this was and how
> it was evidence of existing corruption (the errors) and potential
> corruption (the warnings) of my files and documents.
> Finally, after doing a very thorough job of convincing me of the
> impending doom, he transferred me to his manager.  This person also
> had a heavy Indian accent, but he both spoke and understood English
> better.  I really don't know where they were calling from, but the
> quality of the connection was quite poor and I could often here my own
> delayed and distorted echo after speaking.
> The manager's job, it seems, was to finish landing the pre-screened
> marks.  He had me use the run dialog to start Internet Explorer at a
> web site called www dot support dot me (I don't want the spam filter
> hitting this, or somebody clicking on it).  For those of you keeping
> score, the .me country code is for Montenegro.  Again, I wasn't at a
> computer so I just had to guess as to what I was seeing, but they
> didn't seem to mind.  After the phone call I did go to the website and
> it is extremely plain.  All you see is a very small box in the upper
> left hand corner with the title "Support Connection" and it asks you
> to enter your six digit ID and then press a button "Connect to
> Technician".
> This person explained that the copy of Windows I received with my PC
> (which obviously never happened because I build my own PCs) included a
> confidential security code for this included maintenance and that it
> had likely expired when my warranty did.  I shouldn't worry, though,
> because they can get a new code from the "Windows Department" and I
> can use that on my computer, but I must be careful to not share it
> with anybody else because it is linked to my license and sharing it
> would be like software piracy.
> He then asked for my name, which today was Samuel Clemens, my email
> address, and confirmed my phone number.  Then he asked what type of
> credit card I would be using and which bank it was from, so I made
> this up, too.  After this he gave me my six digit ID to use on the log
> in page.  After using this, I would apparently me prompted with a
> registration form where I could enter in the rest of my information.
> Surprisingly, he was was careful to explain that neither he nor any of
> the technicians would ask for my credit card number.  Instead, I would
> enter that into the form on the website.
> He explained that to get this new code from the Windows Department,
> which would entitle me to a year of remote support, I would need to
> pay an activation fee since I had allowed me previous code to lapse.
> He explained twice that I was *not* purchasing software, but rather
> support from the company.  For one year, the price was $160 and there
> were also options for two or three years which cost more.
> Now he wanted to walk me through these last steps.  After entering the
> ID number, I was "prompted" to download some sort of program which he
> then wanted me to run.  I suspect this would have been very bad and is
> also likely where I would enter my real credit card information.  At
> this point, though, it had been nearly an hour and I figured that I
> would have a much harder time faking using a program I've never seen,
> so I calmly told him that I was just wasting his time and that I
> wasn't even at a computer.
> His response was, again, rather unusual.  He tried very hard to
> convince me that this company (which I never actually got the name of)
> was legitimate and told me at first that he didn't believe that I
> wasn't at a computer.  We debated/argued for a few minutes while I
> tried to explain that I really was just making it all up.  I tried
> some logic on him, such as explaining that if his information really
> did come from Microsoft then he should know, at the very least, me
> name and which version of Windows I had purchased.  He said he did
> have my name and only asked for it earlier to confirm.  He didn't seem
> to understand, though, when I told him that the name I gave was of a
> famous dead author and why hadn't it matched what he had on file.  And
> so on...
> Since I was done, I really just wanted him to remove the phone number
> he had and never call again.  All he wanted to do was try to convince
> me that it was legitimate, though, and I finally gave up and hung up
> on him.
> After speaking with these people, I did, as I mentioned above, visit
> the website in question.  The ID code he gave me was 618915, but when
> I tried to use it the web page said it had expired.  I tried several
> other similar numbers, but none worked and I never got to download an
> actual copy of this malware.  The only identifying information on the
> web site are links to the "LogMeIn Rescue" homepage which may to be a
> legitimate company that makes web site login/access software that
> these guys were using.
> Has anybody else ever received such a phone call out of the blue?
> This wasn't even my phone number that is attached to a number of
> things online, but rather my parents' home phone.  The amount of time
> they were willing to spend to convince me that my Windows computer was
> broken was quite long.  For the manager's part, he went to lengths to
> explain that I was not buying software but rather service from them.
> I suppose they just didn't want to lose money after this much effort,
> hence all the efforts to convince me that it was real, though it could
> also be that they were concerned that I might have been able to get
> too much information from them after an hour.  Unfortunately, though,
> the ID number is now invalid and anybody else who visits the site will
> get nothing and it is hard to investigate nothing.
> I did check the WHOIS database for support.me and it is registered to
> Gabor Tokaji from Woburn, MA.  Perhaps not surprisingly, his email
> address is at the logmein.com domain and the DNS info for support.me
> shows it to just redirect to a logmein subdomain.
> Just though I'd share.  Despite the address in Massachusetts, these
> people are almost certainly outside the country and thus cannot easily
> be stopped.  I'm mostly curious if this has happened to anybody else
> or if this is more common than I thought.  Scam email and web sites,
> sure, but phone calls?
> --John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
> Try Weasel Reader for Palm OS  --  http://weaselreader.org
> "This is the most fun I've had without being drenched in the blood
> of my enemies!"
>         --Sam of Sam & Max
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org

More information about the tfug mailing list