[Tfug] A Strange Phone Call

[Mike Abeyta]

On 07/04/2012 04:39 AM, JD Rogers wrote:
> That was some patience! My favorite was the Samuel Clemens bit. When
> you admitted that Samuel Clemens wasn't your real name, you should
> have said that it was actually Mark Twain. :-) Sadly, I doubt it would
> have mattered.
> JDR
>
> On Tue, Jul 3, 2012 at 8:29 PM, John Gruenenfelder
> <jetpackjohn at gmail.com> wrote:
>> Hello again,
>>
>> I'd like to share a very strange computer scam phone call I just
>> received today...
>>
>> At about 4 PM I received a call on the house's land line and the
>> caller ID said unknown caller and the number was all zeros.  The
>> caller had a very heavy Indian accent and I could tell that it was a
>> scam in under 30 seconds.  I have never received such a phone call nor
>> have I ever heard of computer maintenance/security "companies" doing
>> cold call scams before so I though I would play along to see what they
>> would do and what they would ask for.
>>
>> The caller, as best I could make out, was calling because my Windows
>> computer had sent them information indicating that there were errors
>> and/or malicious programs running.  He wanted to walk through some
>> steps with me to verify the problem.
>>
>> I was on the phone for just under an hour in all, primarily because
>> this first person was excruciatingly slow and didn't understand
>> English very well.  He insisted on spelling everything out and would
>> ask each question multiple times.  Now, at no time was I actually in
>> front of a computer.  Rather, I was sitting on the couch watching
>> Jeopardy, but I'm not new to this so I figured I could just wing it.
>> Also, it became apparent rather quickly that if I mumbled my answers
>> then this person would try to explain what I was "seeing" and ask me
>> to verify.  Because of this, I could usually just wait until he
>> prompted me somehow and then I would just confirm his suspicions or
>> make up numbers.
>>
>> He asked me to open Windows run prompt and to start the event viewer.
>> We then looked at several log files (or, rather, pretended to) and he
>> would ask how many warnings and errors I was seeing.  With more
>> prompting, he would ask if it was more than ten.  Each time we looked
>> at a log and I confirmed that there were many errors, he would say in
>> a concerned voice "Oh my god..." and tell me how bad this was and how
>> it was evidence of existing corruption (the errors) and potential
>> corruption (the warnings) of my files and documents.
>>
>> Finally, after doing a very thorough job of convincing me of the
>> impending doom, he transferred me to his manager.  This person also
>> had a heavy Indian accent, but he both spoke and understood English
>> better.  I really don't know where they were calling from, but the
>> quality of the connection was quite poor and I could often here my own
>> delayed and distorted echo after speaking.
>>
>> The manager's job, it seems, was to finish landing the pre-screened
>> marks.  He had me use the run dialog to start Internet Explorer at a
>> web site called www dot support dot me (I don't want the spam filter
>> hitting this, or somebody clicking on it).  For those of you keeping
>> score, the .me country code is for Montenegro.  Again, I wasn't at a
>> computer so I just had to guess as to what I was seeing, but they
>> didn't seem to mind.  After the phone call I did go to the website and
>> it is extremely plain.  All you see is a very small box in the upper
>> left hand corner with the title "Support Connection" and it asks you
>> to enter your six digit ID and then press a button "Connect to
>> Technician".
>>
>> This person explained that the copy of Windows I received with my PC
>> (which obviously never happened because I build my own PCs) included a
>> confidential security code for this included maintenance and that it
>> had likely expired when my warranty did.  I shouldn't worry, though,
>> because they can get a new code from the "Windows Department" and I
>> can use that on my computer, but I must be careful to not share it
>> with anybody else because it is linked to my license and sharing it
>> would be like software piracy.
>>
>> He then asked for my name, which today was Samuel Clemens, my email
>> address, and confirmed my phone number.  Then he asked what type of
>> credit card I would be using and which bank it was from, so I made
>> this up, too.  After this he gave me my six digit ID to use on the log
>> in page.  After using this, I would apparently me prompted with a
>> registration form where I could enter in the rest of my information.
>> Surprisingly, he was was careful to explain that neither he nor any of
>> the technicians would ask for my credit card number.  Instead, I would
>> enter that into the form on the website.
>>
>> He explained that to get this new code from the Windows Department,
>> which would entitle me to a year of remote support, I would need to
>> pay an activation fee since I had allowed me previous code to lapse.
>> He explained twice that I was *not* purchasing software, but rather
>> support from the company.  For one year, the price was $160 and there
>> were also options for two or three years which cost more.
>>
>> Now he wanted to walk me through these last steps.  After entering the
>> ID number, I was "prompted" to download some sort of program which he
>> then wanted me to run.  I suspect this would have been very bad and is
>> also likely where I would enter my real credit card information.  At
>> this point, though, it had been nearly an hour and I figured that I
>> would have a much harder time faking using a program I've never seen,
>> so I calmly told him that I was just wasting his time and that I
>> wasn't even at a computer.
>>
>> His response was, again, rather unusual.  He tried very hard to
>> convince me that this company (which I never actually got the name of)
>> was legitimate and told me at first that he didn't believe that I
>> wasn't at a computer.  We debated/argued for a few minutes while I
>> tried to explain that I really was just making it all up.  I tried
>> some logic on him, such as explaining that if his information really
>> did come from Microsoft then he should know, at the very least, me
>> name and which version of Windows I had purchased.  He said he did
>> have my name and only asked for it earlier to confirm.  He didn't seem
>> to understand, though, when I told him that the name I gave was of a
>> famous dead author and why hadn't it matched what he had on file.  And
>> so on...
>>
>> Since I was done, I really just wanted him to remove the phone number
>> he had and never call again.  All he wanted to do was try to convince
>> me that it was legitimate, though, and I finally gave up and hung up
>> on him.
>>
>>
>> After speaking with these people, I did, as I mentioned above, visit
>> the website in question.  The ID code he gave me was 618915, but when
>> I tried to use it the web page said it had expired.  I tried several
>> other similar numbers, but none worked and I never got to download an
>> actual copy of this malware.  The only identifying information on the
>> web site are links to the "LogMeIn Rescue" homepage which may to be a
>> legitimate company that makes web site login/access software that
>> these guys were using.
>>
>> Has anybody else ever received such a phone call out of the blue?
>> This wasn't even my phone number that is attached to a number of
>> things online, but rather my parents' home phone.  The amount of time
>> they were willing to spend to convince me that my Windows computer was
>> broken was quite long.  For the manager's part, he went to lengths to
>> explain that I was not buying software but rather service from them.
>>
>> I suppose they just didn't want to lose money after this much effort,
>> hence all the efforts to convince me that it was real, though it could
>> also be that they were concerned that I might have been able to get
>> too much information from them after an hour.  Unfortunately, though,
>> the ID number is now invalid and anybody else who visits the site will
>> get nothing and it is hard to investigate nothing.
>>
>> I did check the WHOIS database for support.me and it is registered to
>> Gabor Tokaji from Woburn, MA.  Perhaps not surprisingly, his email
>> address is at the logmein.com domain and the DNS info for support.me
>> shows it to just redirect to a logmein subdomain.
>>
>> Just though I'd share.  Despite the address in Massachusetts, these
>> people are almost certainly outside the country and thus cannot easily
>> be stopped.  I'm mostly curious if this has happened to anybody else
>> or if this is more common than I thought.  Scam email and web sites,
>> sure, but phone calls?
>>
>>
>> --John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
>> Try Weasel Reader for Palm OS  --  http://weaselreader.org
>> "This is the most fun I've had without being drenched in the blood
>> of my enemies!"
>>          --Sam of Sam & Max
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
I have read about this scam in fact I think there is a you tube about 
this and it is rather funny. This scam must work and with all the 
Windows computers out there that are in need of a little love well I 
guess there a few that are willing to give it a try on the olé credit 
card. People also have come to believe that phone call initiated by the 
magic box could be real and with all the info that is gathered well 
microsoft could be just looking out for them and everyone knows that it 
is normal for things to not work well after the warranty ends? It is sad 
that most know so little about the machines that they are using! Happy 
fourth to everyone!