The Unstoppable 'Tech Support' Scam

Barence writes "A pernicious new type of scam is targeting British computer owners, reports PC Pro. The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise. The spoof site behind the scam is approved by McAfee's Site Advisor and bears Microsoft logos, something which both companies have failed to act upon. Meanwhile, an assortment of British regulators have said there is nothing they can do to stop it."

My (non-techie) dad got a call from these people

[Anonymous Coward]

He rang me to relate an annoying but amusing call where someone with an unintelligible accent had been excitedly telling him that something must be done about his PC because it was sending out "the signals!"

He asked for a number to call them back on, then called me. I googled the number: obvious scam, lots of people reporting it.

Re:Duh

[blueg3]

Part of the scam is that they get you to download the remote-control software before they tell you they'll charge you. At that point, they can hold your computer hostage.

Re:Wow

[IshmaelDS]

You would be surprised how many there are. I work as a network admin and I have dealt with some .... interesting?.... people. One emailed me to tell me their email wasn't working. Yes I know we have all read it in a comic but it's true. I had one of the CFO's I did some work for fill in and almost send a scam bank email form. He at the last second called me to see if I thought it was legit. sigh. I have had people call me up in a panic cause the system was "doing something illegal and they didn't want to get in trouble" (illegal exception errors). I could go on and on. This doesn't surprise me at all. A lot of people when it comes to anything to do with a computer are struck dumb immeditatly and stop using whatever intelligence they have.

Not even remotely new

[damn_registrars]

The spoof site behind the scam is approved by McAfee's Site Advisor and bears Microsoft logos, something which both companies have failed to act upon

Spammers have been doing the same thing for years. The "Canadian Pharmacy" sites always claim to be "verified by visa", "hacker safe", "bbb approved", etc... Any half-wit knows how to copy the logos from some other web page and use them to make your page look more legit than it really is.

Re:And ...

[Anonymous Coward]

Real tech support quality may often be poor but:
- Customers call in to them, not the other way around
- They only call out as call backs to customers
- The customer has a legitimate problem (at least in the customer's viewpoint though their system may be working as intended)
- Software level service fees are not nearly as expensive as these charges are. The price of that charge is a full service agreement for at least a year (based on what extra support they might entail, durations beyond that varry). The price listed appears to be for a _single service_.

This is actually what happens

[Anonymous Coward]

Actually, they kept calling me for weeks, every couple of days. Here's what actually happens.

It's a Bangladesh call centre.

They call up and say that a problem on my computer has been reported to them. Of course, I know this is not true. But one time, I went along with it to find out what they were up to.

They actually talk you through getting the windows event log up on the screen - and make you count the "error" entries. Of course there are error entries.

So, they say, that proves you have a problem. My parents, for example, would be completely convinced at this point.

Then they make you go to a web site, and download a remote control application. At that point I hung up. There is no way I'm giving control of my PC over to some whackjob on the phone.

They kept calling for about two weeks, every couple of days. We're on the do not call list - which in the UK means its illegal for them to call us. And they call asking for "Mr Bruce" after I answer - my wife's name and mine are different, and the phone is in her name.

The last time they called I asked to speak to their "manager" and I told them to look out the window because the police are coming to get them. What else am I going to do? Then they finally stopped calling.

Re:Scum

[causality]

"Yes, but they are non-violent and require the cooperation of their 'victims'... They provide a limiting function. They disincentivize ignorance and stupidity by making it more painful, just like those natural pests disincentivize improper sanitation. By becoming knowledgable and savvy, the 'victim' can have total control over whether he/she is successfully targeted."

You're a fucking sociopath. Have a little empathy or fuck off.

I have enough empathy to be honest about their weakness. Would you prefer I help them to remain in denial so that they forever remain victims? It's amazing how angry people sometimes become when you tell a victim that he/she doesn't have to be a victim anymore. You'd think that would be welcome news, a message of hope.

I get it alright. I understand your point of view while you fail to grasp mine. You think that when I say "you were vulnerable to this scam because of a weakness or shortcoming, but that can be corrected and you can eliminate your vulnerability" that I am assigning blame. You think I am pointing a finger and am happy to see this happen. Not really. I merely accept the futility of trying to catch and shut down all present and future scammers and take instead an approach you might call "harden the targets".

I also reject the notion that an individual has to be a helpless victim, at the mercy of anyone who would wish to do him/her harm. To tell people that they are helpless victims who can do nothing to better their own situation, who will always be exploited by criminals, who are completely screwed since the regulators won't protect them and they cannot protect themselves, well, I say that is sociopathy. It's telling them that they are forever doomed to just bend over and take it. Does it ever occur to you that this victim mentality is precisely why we have so many petty criminals?

My longing to live in a kinder, wiser, more sane world is beyond my power of expressing it. Really, there are not words for how badly I wish to see that. The way to get from here to there is to be honest about our weaknesses and our problems, to seek realistic solutions to them. This absolutely includes the notion that an individual can better himself or herself, that honesty about one's shortcomings and understanding one's weaknesses is the first step towards overcoming them. It's not "blaming the victim". It's "empowering the victim". And you can't stand it, can you?

You can call me names some more if it makes you feel better. When you do that, all I see is an equal who is extremely determined to be an inferior. If you should get over that you won't receive an "I told you so" from me. You'd put a smile on my face.

Re:Scum

[insertwackynamehere]

Um actually it would be violent because coercing someone by displaying a firearm has the implicit attachment of "do what I say or I will shoot you". If you fuck around and hold someone up with a toy gun and think you can get cutesy with the police saying "hang on officers let me remember just what those ACLU videos told me about getting arrested oh and by the way it was a toy gun lol so you guys cant even get me in trouble" you would be in for a shitty surprise. Fucking around with toy guns can get you in trouble; for example making them appear real and threatening someone with violence is also illegal even if you had no intention or ability to follow through.

We're so smart

[AnAdventurer]

I don't give out information over the phone. PERIOD. Even companies I pay, if I forget to mail out a check and they ask I make a payment over the phone, I ask them if a bill has been emailed of USPS'ed. If they say yes, I say thank you, I will pay it when I get it. If they ask me to "verify" my account details, I ask them to go first. Like asking for the 3rd set of numbers on my card in question or my first 3 SS numbers. They always tell me they have to verify my identity first and I simply tell them that they called me. Then I point out that I have no way to verify who they say they are, the response is almost always "but we are Bank of America, why would I say I am if I am not, I really am!". Rarely do they understand my point: They called me and are asking for money over the phone.

Re:Scum

[manicb]

It's common assault [wikipedia.org] in the UK, and I believe the law is similar in the US. (Sorry for wiki link, lots of references on legal sites but not as clear.) In assault the victim only has to believe that they can receive an injury, by malice or recklessness. If said injury is dealt, that is battery (or worse). When people say "assault" they usually mean "assault and battery" as it is rarely brought to court on its own.

Re:Scum

[totally bogus dude]

The story below that recently appeared [notalwaysright.com] on Not Always Right [notalwaysright.com] seems appropriate:

(A customer is wondering why her anti-virus is asking her to purchase the program.)
Me: "What is the name of your anti-virus?"
Customer: "It is [name of a well-known fake anti-virus program]."
Me: "Ma'am, that is a fake anti-virus. Do not purchase that program because it will not protect your computer."
Customer: "No! Why do you want me to disable my anti-virus? I will not get rid of it! It's keeping my computer safe! I already purchased it three times and it still wants me to pay again! All I want to know is how to stop it from asking me to pay!"

This started months ago...

[aug24]

...when I and several other people submitted it to slashdot, complete with links to the PC Pro story that ran in February IIRC.

Thanks for the public service announcement Timothy.

If only it had been put out when it was first starting, hundreds of other people might have been warned.

Grrrrr.
Justin.

Re:Scum

[Anonymous Coward]

Fools?

My Mother got a phone-call from this company. Luckily, she called me and I told her to not do anything apart from purposefully waste their time if they call again.

You can't call the older people in our society 'fools' for not understanding technology that is the definition of 'confusing' and 'scary'. These guys did a great job of putting the fear of God into my Mother, they told her they were from Microsoft and that various horrible things were going to happen if she didn't disinfect her system.

Oh yes, her system was clean when I checked it. Technically, under British law we can do something. They are telling customers lies about their product. They are offering to disinfect clean systems by scaring the most vulnerable among us!