Posts Tagged ‘phone’

Phone scammers

Thursday, June 24th, 2010

Today I received a call at about 10:05 to my home landline. I rapidly realised it was some kind of computer based scam and decided to have some fun seeing what they would try and do.
I had great fun doing this but I think that someone who does not understand computer could have easily been taken in.

As in many such scams they claimed to be a company working for Microsoft and offering this free service of finding out what is wrong with my computer as they detected that it was downloading lots of junk files from the internet which were slowing it down. Now our old Windows XP desktop is indeed old and slow and this is quite possibly due to junk. However it was obvious that they were making all this up. So they wanted me to turn my computer on – now obviously I wasn’t going to risk following any instructions on the real computer so I booted my XP VM on my laptop instead (which I will subsequently need to wipe).

Having booted the XP VM and possibly being passed onto a different call centre person. I was given a series of instructions the purpose of which was to prove that the computer had a problem. This involved going to the event viewer in computer administration (Start -> right click on “My Computer” -> Manage -> Event viewer and then to both Application and System. With a little sorting for effect we get a screen something like the following:The Event viewer screen of Computer Administration showing a screen full of errors on Application
I suppose many people might find that quite scary but I have previously looked at such screens and it was what I expected to see.

Having ‘proved’ that there was something wrong with my computer they then proceeded to try and get me to provide greater access to them. This was done by getting me to visit and use the code 807932 (which they really didn’t want me to reveal to anyone).

They then got remote access to my computer and went and installed a fake scanner from Downloading the fake scanner This proceeded to produce some fake results:Results of the fake scann

They then wanted to see if my “software warranty” had expired as this would be why my computer was “downloading junk files which can’t be removed by anti-virus”.Software warranty has 'expired'
This was done by opening cmd and doing

cd \

and while tree was running typing “expired.” so that it would appear at the bottom.

At this point they went in for the kill and opened up a form and claimed that “it is a timed http form so we can’t look at it” and that it would “automatically go in 8 minutes so you need to fill it in quickly”.Enter your card details here...
Obviously I wasn’t going to fill this form in so at that point I revealed that I knew that they were scammers. They denied this and got progressively more angry and incoherent and when I asked to be put through to their supervisor they hung up.

Follow up

Now obviously it is my duty to try and prevent this kind of thing from happening again.
So my first step was to try to find out the number which was used to call me using 1471 but unfortunately this did not work. I then tried the local police but they could not be of any help and they advised me to contact BT unfortunately BT could not help either as it was an international call with no number given.
I then reported relevant URLs to google and the exe to Stop Badware.

I contacted the company behind which seems to be a legitimate company telling them that their services are being abused and requesting comment from them about this. I received a very positive response: “Thanks for the heads up on this. We take this stuff very seriously and will investigate immediately. Any misuse of the product or trials for the purpose you describe is a violation of our terms and immediate grounds for termination of the service. Thank you for sending the PIN as it helps us not only track this down to end their service, it also gives us information we need should we decide to press legal action. …”

Now looking to see whether anyone else has discovered this scam I found that they have. So is a big scam site. Now I need to work out how to take them out. :-D

The people on #cl on were helpful in providing advice on follow up.