Pages

Thursday 29 May 2014

Technical support scam

I was phoned today by someone running a tech support scam. His idea is that he'll get me to run the "event viewer" on my computer and then point out issues that every computer has every day and he'll pretend that they are nasty symptoms of a nasty virus. Then, he hopes, I'll use a RAT (remote administration tool) that lets him take control of my computer, telling me it's to deal with the problem - actually, so that he can install malware on my computer.

My idea is that I'm going to waste an hour of his time. Maybe more.

So, he started off by talking me through getting up the "run" box on my windows computer, and running eventvwr (Events Viewer). So I typed what he said, and pressed enter. "What does it say now?" he asked. "The computer is rebooting", I replied, in a tone of voice that said that I thought this was normal, which of course it isn't.

All this is, of course, happening in my imagination. But I'm giving him an accurate description of what might happen if I actually did what he asked.

So then I made him wait three minutes "This computer always takes a long time to boot", and we tried it again. I told him "It's rebooting" again. Then he talked me through going to the web site "www.teamviewer.com". So I told him it's rebooting again. He tried "support.me". Another reboot, and remember, each reboot takes three minutes. So then he got a bit fancy, and we brought up the run box again and tried "iexplore www.ammyy.com", and I told him it's rebooting again.

So then he told me to switch the computer off, hold down the F8 key, and switch the power on. What that should do, is bring up the "Advanced boot menu". But what it actually did, was elicit the explanation from me that the keyboard and power switch were too far apart, I couldn't reach both. Hmmm. A bit of an impasse, I don't think he'd encountered this before.

So I suggested that I move the computer. He thought that was a good idea, so I told him that this would take me a few minutes, as I'd have to move the computer. He held on. I did suggest that I could call him back, but he declined that offer.

After several minutes (I had him on speaker while I got on with some stuff I was doing) he came to life, and suggested that I just move the keyboard. "Good idea," I said, "I'll put the computer back and just move the keyboard" and he was back on hold for several more minutes. Eventually, I said "OK, I have the keyboard near the power switch."

He talked me though switching off, unplugging, finger tapping F8, plug in, still tapping F8, switch on, still tapping F8, And he asked me what I could see on the computer screen. And then the phone went blank.

OK, I thought, he's given up. So, after a few minutes, I hung up.

But he hadn't given up! He called me back, ten minutes later. A glutton for punishment. I told him that I had thought I'd lost him, and I'd put everything back the way it was before.  And so he talked me through moving the keyboard to be near the power switch again. While I was doing that, I asked him why he'd gone blank. "So,e technical problem," he said. "Oh," I said, "maybe you have a virus." Silence from his end. "That was a joke," I explained.

Now you have to imagine the situation (which is entirely imaginary in the first place). I have a power switch, a keyboard, a screen and a telephone. And these four items are in potentially different places. Now I have the keyboard near the power switch. But the telephone isn't near that.

So, I'm switching off, unplugging, tapping F8,  switching on, back to the phone. "What do you see?" "It's a black screen". "Keep on typing F8" "OK, I'll do that." Long wait ... "What do you see?" "The screen is still black." "Still black?" "Yes. Should I have plugged it in?"

He's so patient! "No problem, yes, plug it in." "Sorry, I forgot to plug it back in before." "Yes, plug it in."

So I did that, and came back to the phone. "Now you need to turn it off and on again, same process". Oops, he forgot to tell me to do the F8 thing. So, I did that ... without doing the F8 thing ...

He's not so patient now. "Sir, I told you ....!" Yes, he did, I must be stupid or something. "Turn it off again!!" So I did. "Now you need to tap the F8 key and turn the computer on." He's calmed down now.  So I said "OK, I'll do that" and left him hanging again. I can hear him now, asking if I'm done ... I'll talk with him now ...

So, I can see "Advanced boot options". "You see the arrow keys?" "Yes". Use the arrow keys to move down." "I can't reach them" "What?" "I'm on the phone, I can't reach the keyboard from here, because I moved to to where the power is." It's getting hard not to laugh.

"So move the keyboard back!" "OK"

And, of course, I had to power off to move thngs back, so we're back were we started. He is *so* patient.

So, he got me to bring up the run box, and "iexplore www.ammyy.com". And I told him that the computer is rebooting. Well, that's no surprise, that's what we did before.

At this point, he heard me typing while the computer was, supposedly, rebooting. "Don't use the keyboard while the computer is rebooting!" I told him that I was using a typewriter. He didn't seem surprised. I asked him if it was safe to use the typewriter. He explained that it was a completely different device, so not a problem.

So, when the computer finished rebooting (in my imagination), he asked me what I saw. So I read out a list of icons, and he asked me to open "internet Explorer". And put in "www.support.me". "It's rebooting" I said.

And I was writing all this up in this blog, and he could hear the typing, and chided me about this "Please don't use your typewriter while we're doing this, it's so important." But I want to write this up while it's happeneing, otherwise I won't remember it all. I didn't tell him that.

So when it had finished booting, he asked me if the computer worked, How do I use the internet? So I started up Internet Explorer, and told him I saw the Google page. He told me to search for ""support.me" and we diddled around with that.  He asked me what I saw, and I said "Logmein123.com" and "support ME" and "Support.me scam", and you'd think that the last one might have flustered him a bit, but it didn't.  "Double click in the first one". He means single click, and I did that.

"What so you see?" so I read out what was on the screen "Logmeinrescue" and "support connection" and "start download". So he told me to click on "support connection", but actually that isn't a link, so nothing happened, and I told him "Nothing happened". "Go back to the previous page". So I did, and that's Google again. We went back and forth on this for a while, and then I rebooted again (in my imagination), and when it came back, he told me to use google again to search for "showmypc.com"

I hadn't realised that there were so many legitimate RATs (remote access tools). And all of them can be used by scammers!

So Google found "showmypc.com" and we had a bit of fun while he worked out that I needed to go to the "remote support" option.

And at that point, my computer rebooted.

He was ever so nice about it.

Apparently, I have a really severe problem. He asked me if I'd done this with anyone else. I told him that yes, his colleague who had just passed me on to him (his name is, he said "Shane Peters", ho ho), But he said, no, not just right now, he meant in the last few days. He was thinking that a competing scammer had got in first. "No, I said, no-one".

At that point, I think he needed to think about all this. We have a computer that reboots every time it tries to access a RAT, we can't start it up using "Advanced boot" because of the geography of my power plug, screen, keyboard and phone, and he's invested nearly two hours of his time on me already. Will he give up now?

He told me he'd call back in half an hour or so. Maybe he will, maybe he won't. We'll see. My guess is, he will, because when a scammer like this decides to give up, they usually just hang up without even saying "goodbye".

While I was waiting for the call back, I "1471"ed him. The call was from 00120981155. Google gave nothing on this.

 ...later ...

Yes, he called back, and he's still called "Shane"

So we went to Google, and to "Showmypc.com", then to "View PC", then to "View PC download run". Clicking on that should install the RAT software on my windows computer. Guess what - reboot. So he gave me a long silence - I think he's consulting someone who is more technical than he is. He must feel he's so close ...

So now we tried ctrl-J. and i read out what that said, but that didn't help.

So we tried ctrl-G, and that didn't help either. So he talked me though looking for the RAT in my download folder, but it wasn't there. So he was a bit non-plussed, and went back to his script and gave me a long lecture of meaningless jargon, and reassured me that everything would soon be OK.

And then he told me there would be a one-time charge.

But earlier, he told me that there would be no charge.

So I asked him about that. He clarified,there is no charge. I pay a nominal charge to activate the software coverage. And that covers the ipad, iphone, ipod also!

So, Shane offered me to activate the coverage from his end. Because it's needed to be safe and secure. And there will be a one-time nonimal charge. And I can see what this is working up to, he's going to want my credit card number, and I have a little surprise for him there.

3 years $99, 6 years, $199, lifetime $299.

But I'll probably get a new computer in the next six years, I explained. He particularly recommends six years and lifetime, because the coverage will be extended to any new computer I get! A bargain!!

And it also covers my digital camera. And I get a username and password, which I mustn't share.

So I plumped for six years.

He talked me up to lifetime.

I asked for a discount. "Not a problem", said Shane. He has to clear it with his manager. And since I'm offering to pay loads-o-money and get nothing, guess what! He came down to $199!

"What's that in pounds", I asked. "Canadian dollars" he said. "In UK pounds," I asked. "£99" he said, "for lifetime coverage."

I suggested we reboot the internet connection. He didn't think that would help. And he pressed for me to pay. He wants his £99. Of course he does. Of course he does. I can hear the sound of a saleman salivating, close to closing.

His registration officer is waiting ...

So I told him, "I can get to Ebay, I can get to Facebook, I can get to Paypal ..." I could hear his ears prick up when I said Paypal. "You don't need to give personal information, everything will be safe and secure." Yes, right.

So then he passed me over to the Registration officer. Mark Nicholson. Ho ho ho.

He asked my name "William Hanford", I said. Date of birth 17 March, 1954. I made those up. If they're making up names, I can too. If there's a real person with that name and date of birth, I apologise. I was tempted to be William Nicholson, what a coincidence, but I resisted. Then he asked for my card number.

"I don't have a credit card." "Debit card, then?" "I don't have a debit card".

Mark passed me back to Shane.

"I don't have a credit card." "Debit card, then?" "I don't have a debit card".

"So how do you buy things online?" "I use Paypal". "How do you use Paypal without a credit or debit card?" Oops. I hadn't thought of that one, so I improvised. "I pay Paypal with cash". He accepted it, even though it's complete nonsense. "So how will you pay us?" "I'll pay you with Paypal".

"Where's your nearest post office?" "Four miles away."

"Go to the post office. Tell then you want a Visa or Master prepaid card. Tell them you want £119 " "But you said £99". "I was wrong,""You said £99" "I apologise, it's 119 GBP. Tell them you need to activate the card right now, you need to make a payment"

"Couldn't I pay you with Paypal". "It's not secure" "I'm not bothered about that." "No, go to the post office and get a prepaid card." "OK, I'll do that." "And I'll call you back in 45 minutes." "OK".

It is now 3:45. I'm sure that he's going to call me back, he's so close now!

So, off I go, in a virtual way, to the Post Office.

Sadly, they don't do prepaid cards. Maybe the real ones do, but my imaginary Post Office doesn't. Oh well. I'll get a Postal Order instead. Then all I need is the address to post it to. Ho ho ho.

The second call also came from  00120981155. I dialled that number; I just got silence. So I'll just have to hope that Shane calls back.

... later ... two hours later, 5:45, and Shane hasn't called back.  Maybe he's starting to wonder if maybe I'm too good to be true.

11 comments:

  1. Sadly, I've never yet had one of these scammers call me. Do they know I run a computer repair shop?

    ReplyDelete
  2. Hello Mr. Hanford. This is Shane. Ha ha ha. Very funny your post. You still owe us £199. What is the Visa prepaid card number?

    :)

    Nice one, Alan.

    ReplyDelete
  3. More patient by far than I am. I talked to one of them who said my "Windows computer" was generating errors. I asked if it was the one running Windows ME or Windows XP. He only had a script that said "Window computer" and couldn't deal with the variable.

    ReplyDelete
  4. Excellent! I bet you enjoyed that almost as much as I enjoyed reading it!

    I had one of these a while back but I'm sorry to report I just told him I knew he was a scammer (at least I think that's what I called him) and he hung up. Next time... :)

    ReplyDelete
  5. I also play a game with the scammers when they call. I keep them on the line for 45 minutes to one hour with problems that occur while doing what they ask. One time when they told me to turn on my windows computer I led them on for 10 minutes and then said "I did turn on the computer by the windows, it's and Apple computer, is that OK?" The scammer about lost it. Usually after 45 minutes or so I divulge to them that I am a retired systems engineer and I hope they have enjoyed me wasting their time. They get really mad and I then begin to insult their intelligence, their mother, sisters, brothers and any other family member they may have. It's really funny to listen to an Indian guy named Adam try to curse me out with an Indian accent. On days when I am bored I hope to get a call from the scammers so I can entertain myself.

    ReplyDelete
  6. I'm torn because by wasting his time, you also end up wasting yours... but I suppose it was worth it. It was worth it to me anyway, because it gave us this great story, lol!

    ReplyDelete