[Tfug] tfug Digest, Vol 108, Issue 3

chuck chuck at allthehowards.com
Sun Jul 8 17:20:46 MST 2012 

seems pretty cool to me - great job, John!


At 12:00 PM 7/5/2012, tfug-request at tfug.org wrote:
>Send tfug mailing list submissions to
>         tfug at tfug.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>         http://tfug.org/mailman/listinfo/tfug_tfug.org
>or, via email, send a message with subject or body 'help' to
>         tfug-request at tfug.org
>
>You can reach the person managing the list at
>         tfug-owner at tfug.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of tfug digest..."
>
>
>Today's Topics:
>
>    1. Vintage 1977 "Heavy Sixer" Atari 2600 VCS (Bowie Poag)
>    2. Re: A Strange Phone Call (Liz Ravenwood)
>    3. Re: A Strange Phone Call (Nate)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 4 Jul 2012 16:41:13 -0700
>From: Bowie Poag <bpoag at comcast.net>
>To: Tucson Free Unix Group <tfug at tfug.org>
>Subject: [Tfug] Vintage 1977 "Heavy Sixer" Atari 2600 VCS
>Message-ID: <21490F9C-AE17-4874-A12B-6113AE8B6214 at comcast.net>
>Content-Type: text/plain; charset=us-ascii
>
>In case anyone's interested...
>
>http://tucson.craigslist.org/vgm/3119006928.html
>
>
>
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 5 Jul 2012 14:47:06 +0000
>From: Liz Ravenwood <Liz_Ravenwood at beaerospace.com>
>To: 'Tucson Free Unix Group' <tfug at tfug.org>
>Subject: Re: [Tfug] A Strange Phone Call
>Message-ID: <5DFF9F575E0BEB49A2C77DD0801376D0192C82DF at DC0604.BEAV.com>
>Content-Type: text/plain; charset="us-ascii"
>
>A colleague of mine had a similar phone call at his cell phone.
>
>Liz Ravenwood
>Database Developer / Programmer
>Super First Class Products
>B/E Aerospace
>O: 1.520.239.4808
>www.beaerospace.com
>
>-----Original Message-----
>From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf 
>Of John Gruenenfelder
>Sent: Tuesday, July 03, 2012 6:29 PM
>To: Tucson Free Unix Group; Randy Mathews
>Subject: [Tfug] A Strange Phone Call
>
>Hello again,
>
>I'd like to share a very strange computer scam phone call I just
>received today...
>
>At about 4 PM I received a call on the house's land line and the
>caller ID said unknown caller and the number was all zeros.  The
>caller had a very heavy Indian accent and I could tell that it was a
>scam in under 30 seconds.  I have never received such a phone call nor
>have I ever heard of computer maintenance/security "companies" doing
>cold call scams before so I though I would play along to see what they
>would do and what they would ask for.
>
>The caller, as best I could make out, was calling because my Windows
>computer had sent them information indicating that there were errors
>and/or malicious programs running.  He wanted to walk through some
>steps with me to verify the problem.
>
>I was on the phone for just under an hour in all, primarily because
>this first person was excruciatingly slow and didn't understand
>English very well.  He insisted on spelling everything out and would
>ask each question multiple times.  Now, at no time was I actually in
>front of a computer.  Rather, I was sitting on the couch watching
>Jeopardy, but I'm not new to this so I figured I could just wing it.
>Also, it became apparent rather quickly that if I mumbled my answers
>then this person would try to explain what I was "seeing" and ask me
>to verify.  Because of this, I could usually just wait until he
>prompted me somehow and then I would just confirm his suspicions or
>make up numbers.
>
>He asked me to open Windows run prompt and to start the event viewer.
>We then looked at several log files (or, rather, pretended to) and he
>would ask how many warnings and errors I was seeing.  With more
>prompting, he would ask if it was more than ten.  Each time we looked
>at a log and I confirmed that there were many errors, he would say in
>a concerned voice "Oh my god..." and tell me how bad this was and how
>it was evidence of existing corruption (the errors) and potential
>corruption (the warnings) of my files and documents.
>
>Finally, after doing a very thorough job of convincing me of the
>impending doom, he transferred me to his manager.  This person also
>had a heavy Indian accent, but he both spoke and understood English
>better.  I really don't know where they were calling from, but the
>quality of the connection was quite poor and I could often here my own
>delayed and distorted echo after speaking.
>
>The manager's job, it seems, was to finish landing the pre-screened
>marks.  He had me use the run dialog to start Internet Explorer at a
>web site called www dot support dot me (I don't want the spam filter
>hitting this, or somebody clicking on it).  For those of you keeping
>score, the .me country code is for Montenegro.  Again, I wasn't at a
>computer so I just had to guess as to what I was seeing, but they
>didn't seem to mind.  After the phone call I did go to the website and
>it is extremely plain.  All you see is a very small box in the upper
>left hand corner with the title "Support Connection" and it asks you
>to enter your six digit ID and then press a button "Connect to
>Technician".
>
>This person explained that the copy of Windows I received with my PC
>(which obviously never happened because I build my own PCs) included a
>confidential security code for this included maintenance and that it
>had likely expired when my warranty did.  I shouldn't worry, though,
>because they can get a new code from the "Windows Department" and I
>can use that on my computer, but I must be careful to not share it
>with anybody else because it is linked to my license and sharing it
>would be like software piracy.
>
>He then asked for my name, which today was Samuel Clemens, my email
>address, and confirmed my phone number.  Then he asked what type of
>credit card I would be using and which bank it was from, so I made
>this up, too.  After this he gave me my six digit ID to use on the log
>in page.  After using this, I would apparently me prompted with a
>registration form where I could enter in the rest of my information.
>Surprisingly, he was was careful to explain that neither he nor any of
>the technicians would ask for my credit card number.  Instead, I would
>enter that into the form on the website.
>
>He explained that to get this new code from the Windows Department,
>which would entitle me to a year of remote support, I would need to
>pay an activation fee since I had allowed me previous code to lapse.
>He explained twice that I was *not* purchasing software, but rather
>support from the company.  For one year, the price was $160 and there
>were also options for two or three years which cost more.
>
>Now he wanted to walk me through these last steps.  After entering the
>ID number, I was "prompted" to download some sort of program which he
>then wanted me to run.  I suspect this would have been very bad and is
>also likely where I would enter my real credit card information.  At
>this point, though, it had been nearly an hour and I figured that I
>would have a much harder time faking using a program I've never seen,
>so I calmly told him that I was just wasting his time and that I
>wasn't even at a computer.
>
>His response was, again, rather unusual.  He tried very hard to
>convince me that this company (which I never actually got the name of)
>was legitimate and told me at first that he didn't believe that I
>wasn't at a computer.  We debated/argued for a few minutes while I
>tried to explain that I really was just making it all up.  I tried
>some logic on him, such as explaining that if his information really
>did come from Microsoft then he should know, at the very least, me
>name and which version of Windows I had purchased.  He said he did
>have my name and only asked for it earlier to confirm.  He didn't seem
>to understand, though, when I told him that the name I gave was of a
>famous dead author and why hadn't it matched what he had on file.  And
>so on...
>
>Since I was done, I really just wanted him to remove the phone number
>he had and never call again.  All he wanted to do was try to convince
>me that it was legitimate, though, and I finally gave up and hung up
>on him.
>
>
>After speaking with these people, I did, as I mentioned above, visit
>the website in question.  The ID code he gave me was 618915, but when
>I tried to use it the web page said it had expired.  I tried several
>other similar numbers, but none worked and I never got to download an
>actual copy of this malware.  The only identifying information on the
>web site are links to the "LogMeIn Rescue" homepage which may to be a
>legitimate company that makes web site login/access software that
>these guys were using.
>
>Has anybody else ever received such a phone call out of the blue?
>This wasn't even my phone number that is attached to a number of
>things online, but rather my parents' home phone.  The amount of time
>they were willing to spend to convince me that my Windows computer was
>broken was quite long.  For the manager's part, he went to lengths to
>explain that I was not buying software but rather service from them.
>
>I suppose they just didn't want to lose money after this much effort,
>hence all the efforts to convince me that it was real, though it could
>also be that they were concerned that I might have been able to get
>too much information from them after an hour.  Unfortunately, though,
>the ID number is now invalid and anybody else who visits the site will
>get nothing and it is hard to investigate nothing.
>
>I did check the WHOIS database for support.me and it is registered to
>Gabor Tokaji from Woburn, MA.  Perhaps not surprisingly, his email
>address is at the logmein.com domain and the DNS info for support.me
>shows it to just redirect to a logmein subdomain.
>
>Just though I'd share.  Despite the address in Massachusetts, these
>people are almost certainly outside the country and thus cannot easily
>be stopped.  I'm mostly curious if this has happened to anybody else
>or if this is more common than I thought.  Scam email and web sites,
>sure, but phone calls?
>
>
>--John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
>Try Weasel Reader for Palm OS  --  http://weaselreader.org
>"This is the most fun I've had without being drenched in the blood
>of my enemies!"
>         --Sam of Sam & Max
>
>_______________________________________________
>Tucson Free Unix Group - tfug at tfug.org
>Subscription Options:
>http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>This email (and all attachments) is for the sole use of the intended 
>recipient(s) and may contain privileged and/or proprietary 
>information. Any unauthorized review, use, disclosure or 
>distribution is prohibited. If you are not the intended recipient, 
>please contact the sender by reply e-mail and destroy all copies of 
>the original message.
>
>
>
>
>------------------------------
>
>Message: 3
>Date: Thu, 05 Jul 2012 08:53:28 -0700
>From: Nate <nate at torzo.com>
>To: tfug at tfug.org
>Subject: Re: [Tfug] A Strange Phone Call
>Message-ID: <4FF5B878.3070600 at torzo.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>I'm impressed at how well they've hidden their real info.  Everything
>goes back to LogMeIn.  All domain records are either CNAMES or A records
>to LogMeIn's IP space.  Even the whois on support dot me shows the same
>mailing address as logmein.com.  So they are in effect completely hiding
>behind LogMeIn's skirt.  That said, if you reported this to LogMeIn,
>they could kill the account and get them off of their site.  I don't
>think LogMeIn would appreciate this company smearing their reputation
>like this, unless of course they are the one and the same, but I doubt
>it.  I'm sure this company is just using all the tools that LogMeIn
>offers in order to host their entire scam.
>
>Nate
>
>On 07/03/2012 06:29 PM, John Gruenenfelder wrote:
> > Hello again,
> >
> > I'd like to share a very strange computer scam phone call I just
> > received today...
> >
> > At about 4 PM I received a call on the house's land line and the
> > caller ID said unknown caller and the number was all zeros.  The
> > caller had a very heavy Indian accent and I could tell that it was a
> > scam in under 30 seconds.  I have never received such a phone call nor
> > have I ever heard of computer maintenance/security "companies" doing
> > cold call scams before so I though I would play along to see what they
> > would do and what they would ask for.
> >
> > The caller, as best I could make out, was calling because my Windows
> > computer had sent them information indicating that there were errors
> > and/or malicious programs running.  He wanted to walk through some
> > steps with me to verify the problem.
> >
> > I was on the phone for just under an hour in all, primarily because
> > this first person was excruciatingly slow and didn't understand
> > English very well.  He insisted on spelling everything out and would
> > ask each question multiple times.  Now, at no time was I actually in
> > front of a computer.  Rather, I was sitting on the couch watching
> > Jeopardy, but I'm not new to this so I figured I could just wing it.
> > Also, it became apparent rather quickly that if I mumbled my answers
> > then this person would try to explain what I was "seeing" and ask me
> > to verify.  Because of this, I could usually just wait until he
> > prompted me somehow and then I would just confirm his suspicions or
> > make up numbers.
> >
> > He asked me to open Windows run prompt and to start the event viewer.
> > We then looked at several log files (or, rather, pretended to) and he
> > would ask how many warnings and errors I was seeing.  With more
> > prompting, he would ask if it was more than ten.  Each time we looked
> > at a log and I confirmed that there were many errors, he would say in
> > a concerned voice "Oh my god..." and tell me how bad this was and how
> > it was evidence of existing corruption (the errors) and potential
> > corruption (the warnings) of my files and documents.
> >
> > Finally, after doing a very thorough job of convincing me of the
> > impending doom, he transferred me to his manager.  This person also
> > had a heavy Indian accent, but he both spoke and understood English
> > better.  I really don't know where they were calling from, but the
> > quality of the connection was quite poor and I could often here my own
> > delayed and distorted echo after speaking.
> >
> > The manager's job, it seems, was to finish landing the pre-screened
> > marks.  He had me use the run dialog to start Internet Explorer at a
> > web site called www dot support dot me (I don't want the spam filter
> > hitting this, or somebody clicking on it).  For those of you keeping
> > score, the .me country code is for Montenegro.  Again, I wasn't at a
> > computer so I just had to guess as to what I was seeing, but they
> > didn't seem to mind.  After the phone call I did go to the website and
> > it is extremely plain.  All you see is a very small box in the upper
> > left hand corner with the title "Support Connection" and it asks you
> > to enter your six digit ID and then press a button "Connect to
> > Technician".
> >
> > This person explained that the copy of Windows I received with my PC
> > (which obviously never happened because I build my own PCs) included a
> > confidential security code for this included maintenance and that it
> > had likely expired when my warranty did.  I shouldn't worry, though,
> > because they can get a new code from the "Windows Department" and I
> > can use that on my computer, but I must be careful to not share it
> > with anybody else because it is linked to my license and sharing it
> > would be like software piracy.
> >
> > He then asked for my name, which today was Samuel Clemens, my email
> > address, and confirmed my phone number.  Then he asked what type of
> > credit card I would be using and which bank it was from, so I made
> > this up, too.  After this he gave me my six digit ID to use on the log
> > in page.  After using this, I would apparently me prompted with a
> > registration form where I could enter in the rest of my information.
> > Surprisingly, he was was careful to explain that neither he nor any of
> > the technicians would ask for my credit card number.  Instead, I would
> > enter that into the form on the website.
> >
> > He explained that to get this new code from the Windows Department,
> > which would entitle me to a year of remote support, I would need to
> > pay an activation fee since I had allowed me previous code to lapse.
> > He explained twice that I was *not* purchasing software, but rather
> > support from the company.  For one year, the price was $160 and there
> > were also options for two or three years which cost more.
> >
> > Now he wanted to walk me through these last steps.  After entering the
> > ID number, I was "prompted" to download some sort of program which he
> > then wanted me to run.  I suspect this would have been very bad and is
> > also likely where I would enter my real credit card information.  At
> > this point, though, it had been nearly an hour and I figured that I
> > would have a much harder time faking using a program I've never seen,
> > so I calmly told him that I was just wasting his time and that I
> > wasn't even at a computer.
> >
> > His response was, again, rather unusual.  He tried very hard to
> > convince me that this company (which I never actually got the name of)
> > was legitimate and told me at first that he didn't believe that I
> > wasn't at a computer.  We debated/argued for a few minutes while I
> > tried to explain that I really was just making it all up.  I tried
> > some logic on him, such as explaining that if his information really
> > did come from Microsoft then he should know, at the very least, me
> > name and which version of Windows I had purchased.  He said he did
> > have my name and only asked for it earlier to confirm.  He didn't seem
> > to understand, though, when I told him that the name I gave was of a
> > famous dead author and why hadn't it matched what he had on file.  And
> > so on...
> >
> > Since I was done, I really just wanted him to remove the phone number
> > he had and never call again.  All he wanted to do was try to convince
> > me that it was legitimate, though, and I finally gave up and hung up
> > on him.
> >
> >
> > After speaking with these people, I did, as I mentioned above, visit
> > the website in question.  The ID code he gave me was 618915, but when
> > I tried to use it the web page said it had expired.  I tried several
> > other similar numbers, but none worked and I never got to download an
> > actual copy of this malware.  The only identifying information on the
> > web site are links to the "LogMeIn Rescue" homepage which may to be a
> > legitimate company that makes web site login/access software that
> > these guys were using.
> >
> > Has anybody else ever received such a phone call out of the blue?
> > This wasn't even my phone number that is attached to a number of
> > things online, but rather my parents' home phone.  The amount of time
> > they were willing to spend to convince me that my Windows computer was
> > broken was quite long.  For the manager's part, he went to lengths to
> > explain that I was not buying software but rather service from them.
> >
> > I suppose they just didn't want to lose money after this much effort,
> > hence all the efforts to convince me that it was real, though it could
> > also be that they were concerned that I might have been able to get
> > too much information from them after an hour.  Unfortunately, though,
> > the ID number is now invalid and anybody else who visits the site will
> > get nothing and it is hard to investigate nothing.
> >
> > I did check the WHOIS database for support.me and it is registered to
> > Gabor Tokaji from Woburn, MA.  Perhaps not surprisingly, his email
> > address is at the logmein.com domain and the DNS info for support.me
> > shows it to just redirect to a logmein subdomain.
> >
> > Just though I'd share.  Despite the address in Massachusetts, these
> > people are almost certainly outside the country and thus cannot easily
> > be stopped.  I'm mostly curious if this has happened to anybody else
> > or if this is more common than I thought.  Scam email and web sites,
> > sure, but phone calls?
> >
> >
> > --John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
> > Try Weasel Reader for Palm OS  --  http://weaselreader.org
> > "This is the most fun I've had without being drenched in the blood
> > of my enemies!"
> >          --Sam of Sam & Max
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
>
>
>
>------------------------------
>
>_______________________________________________
>tfug mailing list
>tfug at tfug.org
>http://tfug.org/mailman/listinfo/tfug_tfug.org
>
>
>End of tfug Digest, Vol 108, Issue 3
>************************************

More information about the tfug mailing list