Forgot your password?
typodupeerror
Crime Security IT

When Antivirus Scammers Call the Wrong Guy 473

Posted by timothy
from the human-engineering-with-phony-humans dept.
ancientribe writes "Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were 'Stone Age' when it came to their tech know-how."
This discussion has been archived. No new comments can be posted.

When Antivirus Scammers Call the Wrong Guy

Comments Filter:
  • by cpu6502 (1960974) on Thursday May 24, 2012 @05:25PM (#40104059)

    I got a similar call to the guy in the article. So I hung up.

    They called back, and I hung up again except the phone didn't hang up. I even held down the "on hook" button but the call would not terminate. Any ideas how the scammers accomplished this?

  • by Archangel Michael (180766) on Thursday May 24, 2012 @05:36PM (#40104165) Journal

    I had a similar call about a month ago. My wife answered it and then hung up. I wish she would have handed the phone to me. I would have had a field day, acting stupid, and getting as much info as I could so that I could return their "favor".

  • by Thud457 (234763) on Thursday May 24, 2012 @05:53PM (#40104341) Homepage Journal
    These "Dave from Houston" fuckheads have called my house repeatedly. Unfortunately, I haven't been home to screw with them. Even my wife felt bad for these pitiful lamebrains when she told them none of our computers run Windows. And then these disorganized half-wits can't remember the FAILED on their previous calls, so they call back again.
  • by Lumpy (12016) on Thursday May 24, 2012 @05:54PM (#40104357) Homepage

    Now see this would be fun, fire up a VM with Ubuntu 11 on it and let them have a go.

    Or better yet, a windows Skinned XFCE. it looks right but nothing is right......

  • by mwvdlee (775178) on Thursday May 24, 2012 @06:01PM (#40104423) Homepage

    I had one of these guys on the line a while back. Coincidentally while I was fixing some issues with the PC at my computer-illiterate parents' house. Apparently they called a few times before but they only spoke english (with a very heavy indian accent) and my dad wouldn't even know how to order a beer in english, so their "conversations" ended without any harm done.

    They directed me to try all different kinds of command line tools that would display long lists of errors (which is was supposed to do on a healthy system). I checked everything he told me to do by first searching on google and within a few minutes I got to a webpage detailing the phone script the scammers were using.

    Oddly enough I told him that I was checking everything on Google first and even told him I found this website, but we still went on for nearly 15 minutes or so (he was paying for the phone bill, I could see no harm in making it expensive). I kept asking him questions and calling him out on his lies (literally calling it lies), but still he kept going. At some point it was all some morbid curiosity trip for me, eager to find out how far this could possibly go. He even kept talking after I told him I had enough fun and was going to hang up. I can't quite understand why he kept wasting so much of his time when I identified him as a scammer after the first two minutes and told him so.

    I can understand how they could fool a less informed computer user though.

  • Re:Not surprising (Score:2, Interesting)

    by Anonymous Coward on Thursday May 24, 2012 @06:05PM (#40104453)

    Their goal is to sell the "product", not recover the machine. As soon as they have the victim's money, their job is finished.

  • Re:What I do (Score:5, Interesting)

    by The Mister Purple (2525152) on Thursday May 24, 2012 @06:10PM (#40104495) Homepage

    I once worked for a place that was going through a bankruptcy. Even though all creditors had theoretically been dealt with, there were still a couple collection agencies that chose to not understand that. Because I'm not intimidated by veiled lawsuit threats (or unveiled ones, for that matter), I wound up being "the guy who screens calls". I got quite good at stalling, getting "interrupted" and generally dragging out calls. This eliminated most of the collection calls with a couple of weeks of this treatment. However, there was one collector who, despite getting worked into a frothing rage on a regular basis, kept calling. Eventually, after he had raged for a bit and was catching his breath (I like to think I shortened his life by several years), I explained my tactics to him. At first, he didn't get it, but after I explained that I knew about call time metrics and that I was messing his up on purpose, he REALLY freaked out. After another 5 minutes or so, I pointed out that keeping on the line with me wasn't improving his numbers. He never called back after that.

    Just remember: at a certain point, they aren't wasting your time - they are wasting their own time and amusing you in the process.

  • I recorded one (Score:5, Interesting)

    by Barryke (772876) on Thursday May 24, 2012 @06:32PM (#40104655) Homepage

    Three months ago i got a similar call, recorded the conversation (me playing the silly user and him trying to scam me) and forgot to put it online.

    So here it is slashdot, i created this page just for you:
    http://barrystaes.nl/scambait/ [barrystaes.nl]

    (click the AMR file, its the original file my Android phone recorded and 10x smaller)

  • Re:What I do (Score:4, Interesting)

    by houghi (78078) on Thursday May 24, 2012 @07:02PM (#40104865)
  • Re:Sounds familiar (Score:4, Interesting)

    by Anonymous Coward on Thursday May 24, 2012 @08:08PM (#40105277)

    These guys are dumber than that. The guy uses his personal email id for the payment gateway. His email is kunal_smart22@yahoo.in (Feel free to email him). He left is photograph at http://www.askmefast.com/categorydetail.php?cmd=ulist&userid=967853 [askmefast.com]. He has even posted a question "Can i use this payment gateway for my call center which provide online technical support to usa,canada? " in the forum. I can also point out some security holes in his website, but I guess, I would doing more harm than good. So I will leave that out.

  • Re:Sounds familiar (Score:5, Interesting)

    by ozmanjusri (601766) <aussie_bob&hotmail,com> on Thursday May 24, 2012 @09:34PM (#40105711) Journal

    I have been told their enterprise version, at least with Norton, isn't like that so i have to say WTF?

    One of my (Fortune 100) clients has McAfee enterprise and I can vouch for the fact that it's horrible there too.

    Just an example; what they call "Wasted Wednesday" has nothing to do with substance abuse, and everything to do with mandatory virus scans that make computers unusable for hours.

  • by Nethead (1563) <joe@nethead.com> on Thursday May 24, 2012 @10:40PM (#40106113) Homepage Journal

    I remember working C64 BASIC code to hack out call progress detection back in the early 80's. Had a Code-A-Phone where we pulled the 8042 microcontroler and emulated it with the C64. The Teltone/SSI chips (981, etc.) really saved our asses. Then I figured out how to brute-force calling card numbers with the hardware. Long story short, three years in Club Fed.

  • by Anonymous Coward on Thursday May 24, 2012 @11:25PM (#40106319)

    To his credit;

    This very thing happened to me today. Typical call from some telemarketing co; upon answering, I was greeted with, "Please hold for an important message regarding government funding for small businesses"... or something of that sort...

    Immediately I hung the phone up. I needed to make a call, so I grabbed the receiver approx 7-10 seconds later and instead of dialtone, I could hear the message being played. So I hung up and waited a bit longer this time, perhaps 15-20 (more) seconds. Same thing.

    I was quite curious by this time because MY phones are working just fine. So I disconnected the incoming POTS line, waited about 10 seconds and reconnected. Same thing; no dialtone and I could hear the message being played as if I had never disconnected in the first place.

    Alas, I waited about 60 seconds before picking up the handset to be greeted with dialtone. I made my call, and received probably 40 more today without any problems.

    The telephone is an at&t 945 small business, 4 line, wired phone, in case you were wondering.

    Not making this up.

  • by Nethead (1563) <joe@nethead.com> on Friday May 25, 2012 @12:40AM (#40106609) Homepage Journal

    Yeah, Club Fed (Lompoc FPC) was real hell. They made me write AP/AR financial software for the BOP using Clipper Summer '87 [wikipedia.org] on an XT. Before getting in the computer department at Lompoc I was on the irrigation crew (think hay fields) with Ivan Boesky [wikipedia.org] humping lines of sprinklers through tall wet grass.

    When I got out I went back to broadcast engineering, keeping local radio stations on the air. Then the Internet started and I worked with some locals and people from Seattle to get more than 9 dial-up lines in my small town. Found a good geek woman and we both ended up in Seattle working for Wolfe.net where I answered a cry from Malda for bandwidth. Seems that slashdot's T1 wasn't able to deal with the load and they were looking for someone to host images. I was at an ISP that had a whopping T3 so I set up an old Pent 90 with slackware and apache and handed it over to them. We hosted images.slashdot.org for about a year or so.

    At that ISP I took to heart the spammers of the day, mostly teen customers that wanted to "make money fast." I would first try to call them and advise them that it was against the AUP, but would often get the parents. If that didn't work I'd disable the account until the parents would call (of course, they paid the bill.) This was back in the dial-up days and you could do that stuff.

    Anyway, my wife and I rode the I-boom up and down, saved some money and now live on an Indian reservation looking over Puget Sound. I now spend my days as an independent field tech going around and fixing things. Life is good.

  • Re:Sounds familiar (Score:4, Interesting)

    by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Friday May 25, 2012 @04:44AM (#40107389) Journal

    This is why i think words like "sheeple" or "corporate lemmings" is perfectly legitimate in certain contexts. because if an idea is bad and many do it...it is STILL A BAD IDEA and having many morons follow that bad idea doesn't magically make it good! I have dealt with Comodo Enterprise for some of my SMB customers and frankly it has everything except the crazy support costs, and unlike those other AVs you can actually get shit done while its running without it feeling like its tied a damned boat anchor around your machine.

    I have always believed in using what you recommend and I've been running Comodo for a couple of years now with ZERO hassles or bullshit, hell I even have it on my kid's gamer boxes. When i went to show them how to turn off services in Comodo for when they game they said "What for? We just tell Comodo we want to run it and that's it" which frankly blew my mind because if there is one thing an AV will usually do its slow the hell out of gaming but nope, even with games it just didn't bog down their systems.

    Contrast this with norton and mcAfee where I have yet to see it on a system that didn't feel like the entire system was running in slo mo. This is why I have been handing out Comodo to all my business customers and have started handing out to home users as well, because what damned good is an AV if it makes the whole system a royal PITA to use? To me the ultimate AV should ask you as few questions as possible and should only bother you when it has something important it needs your attention for and that's Comodo in a nutshell. the only time I hear from it is if it has blocked a site for having a malicious script or if i launch a program for the first time it asks whether or not I'd like it sandboxed, that's it. I just tell it what i want the default behavior to be for that program and it never asks again, it just does what its told.

    How anyone can put up with a boat anchor AV is beyond me, I set up a test bed and tried all the different AVs simply because the AV I had been using (AVG) had become bloated and felt like a boat anchor. If you can't use the damned machine, what good is having it clean?

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...