[Tfug] A Strange Phone Call
cjr at grundrisse.org
Tue Jul 3 21:57:24 MST 2012
This is really great. Particularly since they went to such lengths to
hold onto you. I worked as a magazine telemarketer one summer back in
high school and the m.o. there was to cut bait at the first sign of
resistance, as it was understood to be simply a numbers game.
I haven't had a phishing phone call in a while (last one was back in
Tucson when those Spanish-speaking recorded messages were going
around). But I have noticed an uptick in phishing emails making it
through my spam filter, and they're more sophisticated/psychological
than in the past. Some of the recent ones have been of the form "Hey
$FIRSTNAME! I saw this picture of your naked girlfriend on the web!"
or "$FIRSTNAME--I can't believe that you would post such lies about
me; I'm going to report you to the authorities!"--They're all designed
to agitate you such that you double-click on the attached trojan
before thinking it through. And I expect that they're far more
effective than Nigerian scams and emails about your friend being
On Tue, Jul 03, 2012 at 06:29:10PM -0700, John Gruenenfelder wrote:
> Hello again,
> I'd like to share a very strange computer scam phone call I just
> received today...
> At about 4 PM I received a call on the house's land line and the
> caller ID said unknown caller and the number was all zeros. The
> caller had a very heavy Indian accent and I could tell that it was a
> scam in under 30 seconds. I have never received such a phone call nor
> have I ever heard of computer maintenance/security "companies" doing
> cold call scams before so I though I would play along to see what they
> would do and what they would ask for.
> The caller, as best I could make out, was calling because my Windows
> computer had sent them information indicating that there were errors
> and/or malicious programs running. He wanted to walk through some
> steps with me to verify the problem.
> I was on the phone for just under an hour in all, primarily because
> this first person was excruciatingly slow and didn't understand
> English very well. He insisted on spelling everything out and would
> ask each question multiple times. Now, at no time was I actually in
> front of a computer. Rather, I was sitting on the couch watching
> Jeopardy, but I'm not new to this so I figured I could just wing it.
> Also, it became apparent rather quickly that if I mumbled my answers
> then this person would try to explain what I was "seeing" and ask me
> to verify. Because of this, I could usually just wait until he
> prompted me somehow and then I would just confirm his suspicions or
> make up numbers.
> He asked me to open Windows run prompt and to start the event viewer.
> We then looked at several log files (or, rather, pretended to) and he
> would ask how many warnings and errors I was seeing. With more
> prompting, he would ask if it was more than ten. Each time we looked
> at a log and I confirmed that there were many errors, he would say in
> a concerned voice "Oh my god..." and tell me how bad this was and how
> it was evidence of existing corruption (the errors) and potential
> corruption (the warnings) of my files and documents.
> Finally, after doing a very thorough job of convincing me of the
> impending doom, he transferred me to his manager. This person also
> had a heavy Indian accent, but he both spoke and understood English
> better. I really don't know where they were calling from, but the
> quality of the connection was quite poor and I could often here my own
> delayed and distorted echo after speaking.
> The manager's job, it seems, was to finish landing the pre-screened
> marks. He had me use the run dialog to start Internet Explorer at a
> web site called www dot support dot me (I don't want the spam filter
> hitting this, or somebody clicking on it). For those of you keeping
> score, the .me country code is for Montenegro. Again, I wasn't at a
> computer so I just had to guess as to what I was seeing, but they
> didn't seem to mind. After the phone call I did go to the website and
> it is extremely plain. All you see is a very small box in the upper
> left hand corner with the title "Support Connection" and it asks you
> to enter your six digit ID and then press a button "Connect to
> This person explained that the copy of Windows I received with my PC
> (which obviously never happened because I build my own PCs) included a
> confidential security code for this included maintenance and that it
> had likely expired when my warranty did. I shouldn't worry, though,
> because they can get a new code from the "Windows Department" and I
> can use that on my computer, but I must be careful to not share it
> with anybody else because it is linked to my license and sharing it
> would be like software piracy.
> He then asked for my name, which today was Samuel Clemens, my email
> address, and confirmed my phone number. Then he asked what type of
> credit card I would be using and which bank it was from, so I made
> this up, too. After this he gave me my six digit ID to use on the log
> in page. After using this, I would apparently me prompted with a
> registration form where I could enter in the rest of my information.
> Surprisingly, he was was careful to explain that neither he nor any of
> the technicians would ask for my credit card number. Instead, I would
> enter that into the form on the website.
> He explained that to get this new code from the Windows Department,
> which would entitle me to a year of remote support, I would need to
> pay an activation fee since I had allowed me previous code to lapse.
> He explained twice that I was *not* purchasing software, but rather
> support from the company. For one year, the price was $160 and there
> were also options for two or three years which cost more.
> Now he wanted to walk me through these last steps. After entering the
> ID number, I was "prompted" to download some sort of program which he
> then wanted me to run. I suspect this would have been very bad and is
> also likely where I would enter my real credit card information. At
> this point, though, it had been nearly an hour and I figured that I
> would have a much harder time faking using a program I've never seen,
> so I calmly told him that I was just wasting his time and that I
> wasn't even at a computer.
> His response was, again, rather unusual. He tried very hard to
> convince me that this company (which I never actually got the name of)
> was legitimate and told me at first that he didn't believe that I
> wasn't at a computer. We debated/argued for a few minutes while I
> tried to explain that I really was just making it all up. I tried
> some logic on him, such as explaining that if his information really
> did come from Microsoft then he should know, at the very least, me
> name and which version of Windows I had purchased. He said he did
> have my name and only asked for it earlier to confirm. He didn't seem
> to understand, though, when I told him that the name I gave was of a
> famous dead author and why hadn't it matched what he had on file. And
> so on...
> Since I was done, I really just wanted him to remove the phone number
> he had and never call again. All he wanted to do was try to convince
> me that it was legitimate, though, and I finally gave up and hung up
> on him.
> After speaking with these people, I did, as I mentioned above, visit
> the website in question. The ID code he gave me was 618915, but when
> I tried to use it the web page said it had expired. I tried several
> other similar numbers, but none worked and I never got to download an
> actual copy of this malware. The only identifying information on the
> web site are links to the "LogMeIn Rescue" homepage which may to be a
> legitimate company that makes web site login/access software that
> these guys were using.
> Has anybody else ever received such a phone call out of the blue?
> This wasn't even my phone number that is attached to a number of
> things online, but rather my parents' home phone. The amount of time
> they were willing to spend to convince me that my Windows computer was
> broken was quite long. For the manager's part, he went to lengths to
> explain that I was not buying software but rather service from them.
> I suppose they just didn't want to lose money after this much effort,
> hence all the efforts to convince me that it was real, though it could
> also be that they were concerned that I might have been able to get
> too much information from them after an hour. Unfortunately, though,
> the ID number is now invalid and anybody else who visits the site will
> get nothing and it is hard to investigate nothing.
> I did check the WHOIS database for support.me and it is registered to
> Gabor Tokaji from Woburn, MA. Perhaps not surprisingly, his email
> address is at the logmein.com domain and the DNS info for support.me
> shows it to just redirect to a logmein subdomain.
> Just though I'd share. Despite the address in Massachusetts, these
> people are almost certainly outside the country and thus cannot easily
> be stopped. I'm mostly curious if this has happened to anybody else
> or if this is more common than I thought. Scam email and web sites,
> sure, but phone calls?
> --John Gruenenfelder Systems Manager, MKS Imaging Technology, LLC.
> Try Weasel Reader for Palm OS -- http://weaselreader.org
> "This is the most fun I've had without being drenched in the blood
> of my enemies!"
> --Sam of Sam & Max
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
More information about the tfug