Programmer Develops Phone Bot To Target Windows Support Scammers (onthewire.io) 97
Trailrunner7 quotes a report from On the Wire: The man who developed a bot that frustrates and annoys robocallers is planning to take on the infamous Windows support scam callers head-on. Roger Anderson last year debuted his Jolly Roger bot, a system that intercepts robocalls and puts the caller into a never-ending loop of pre-recorded phrases designed to waste their time. Anderson built the system as a way to protect his own landlines from annoying telemarketers and it worked so well that he later expanded it into a service for both consumers and businesses. Users can send telemarketing calls to the Jolly Roger bot and listen in while it chats inanely with the caller. Now, Anderson is targeting the huge business that is the Windows fake support scam. This one takes a variety of forms, often with a pre-recorded message informing the victim that technicians have detected that his computer has a virus and that he will be connected to a Windows support specialist to help fix it. The callers have no affiliation with Microsoft and no way of detecting any malware on a target's machine. It's just a scare tactic to intimidate victims into paying a fee to remove the nonexistent malware, and sometimes the scammers get victims to install other unwanted apps on their PCs, as well. Anderson plans to turn the tables on these scammers and unleash his bots on their call centers. "I'm getting ready for a major initiative to shut down Windows Support. It's like wack-a-mole, but I'm getting close to going nuclear on them. As fast as you can report fake 'you have a virus call this number now' messages to me, I will be able to hit them with thousands of calls from bots," Andrew said in a post Tuesday.
Re:Scammers don't use real numbers (Score:5, Informative)
Go read how it works. You transfer crap calls to one of the robots and it talks to them for you. It now works with sip, so I added an extension on my pbx to transfer it to them. It emails you the recording but I also record it on my pbx.
Re:Scammers don't use real numbers (Score:4, Interesting)
The summery says " 'you have a virus call this number now' messages" so it sounds like they are giving out a real number they expect the victims to call.
Re: (Score:2)
It's wintery here.
Re: (Score:2)
Are any of the popular tech support scam baiters on YouTube based out of Australia or New Zealand?
Re: (Score:2)
Yes, that's how it works. They get you to call them back, because it gives the victim more confidence. People have got the message that if random people call you claiming to be your bank, it's probably a scam, so you need to call them on their official number... And somehow telling people to call back with a number left in a voice mail fulfils this requirement.
It also means you have plenty of time to prepare a Windows 98 VM and set up a Skype account to call them with. Someone needs to make a VM with random
Re: (Score:2)
It also means you have plenty of time to prepare a Windows 98 VM and set up a Skype account to call them with.
The scammers have become wise to this. They refuse to deal with Windows 98 and Windows XP on grounds that Microsoft has announced their end of support.
Someone needs to make a VM with randomly generated user data and a virtual user who wastes the scammer's time
Someone needs to go on YouTube and watch Lewis's Tech, Thunder Tech, Each&Everything, etc. do exactly this.
Re: (Score:2)
> The scammers have become wise to this. They refuse to deal with Windows 98 and Windows XP on grounds that Microsoft has announced their end of support.
So much effort anyway....its easier to not setup a VM and...get this.... Lie to them.
Its fun. Treat it like a video game. Its role playing practice. Your just rolled a new character "stupid user". Just pretend to be the dumbest user you ever tried to help, and imagine what issues they might encounter. Feel free to be "too smart for your own good".
My favo
Re: (Score:2)
its easier to not setup a VM
One of the first things a scammer does is get you to install a remote assistance application to give administrative access to Windows. No VM means the scammer can use syskey.exe to apply a boot password you don't know or otherwise completely wreck it.
My favorite was when one guy asked me to open a link "in chrome", I agree. 3 mins later he is asking "whats going on now?"
So your strategy appears to involve stalling the scammer to keep him from even getting to the LogMeIn or GoToMyPC or TeamViewer step. Are there videos of that strategy?
Re: (Score:2)
Right, I don't actually DO any of the things I was claiming, I just lie to him. Its so much easier than actually going through with it. I put him on speakerphone and go about my business while I fuck with him.
No videos, but one dude totally caught on and started singing to me before he hung up.
Legality (Score:2, Funny)
How is this even legal? It is a crime to waste the money of corporations. Maybe some of these tech support companies will put him in prison or send someone to physically harm him.
Re:Legality (Score:5, Funny)
Re: (Score:3)
It's all part of a bigly 4-D chess game! This American hero is going to flood Indian call centers with thousands of cyber. It's the biggest cyber anyone has ever done. And when those Indian call centers get overwhelmed with cyber, Microsoft Support scamming jobs will come back to America!
It will be the easiest of the EASY D
Re: (Score:1)
They'd have to admit who they are first. They're not a corporation they're a bunch of scamming assholes. Wasting their time is nothing compared to lying to people and probably stealing millions of dollars.
Re:Legality (Score:5, Insightful)
How is this even legal? It is a crime to waste the money of corporations.
What planet do you live on? It cannot be planet Earth!
In no way, shape, or form is it a crime to waste the money of a corporation. Besides, they are free to hang up at any time and to stop wasting their own time.
This is a completely ridiculous thought. Almost as laughable as when people write things like "Corporate officers are obligated by law to make a profit." This is a completely false statement.
Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so. Stockholders or owners would like a company to be profitable and to make them money. They may choose new corporate leadership if a company is doing poorly, but they seem to be just as likely to hire a Carly Fiorina and run the company into the ground, while patting each other on the back for their great ability to pick such a great leader!
Corporate officers are required by law to follow legal accounting practices, and to follow the law when reporting their accounting to government agencies for things like paying taxes, or complying with insurance reserve laws, or payroll employment insurance obligations. This is just the same as an individual filing their taxes must be honest. They would be subject to fines if they don't follow these tax and accounting laws. Jail may be possible if criminal intent or negligence could be proven. However, they can be losing money, wasting money and frittering it away and still be completely in compliance with the law.
If it were truly a crime to waste the money of a corporation, pretty much all corporate managers and officers would be criminals.
Re: Legality (Score:1)
Ironically.
Re: (Score:2)
(Score:+1, Ironic)
Re: (Score:2)
Ironically sarcastic.
Re: (Score:3)
Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so.
In the USA you can sue publicly traded companies if you feel that management has been derelict and hope for the best in the court system, but in general you are quite right. My previous job was working for a US subsidiary of a European telco. I don't like to name who I worked for because I don't want to give them free publicity as I still, years later, have some grudges against them and how they treated their US based employees. Anyway, we competed in a market segment as a minnow against much bigger fish
Re: (Score:2)
How is this even legal? It is a crime to waste the money of corporations..
It is a crime to waste the time of Slashdot readers with idiotic drivel like this.
Maybe some of these tech support companies will put him in prison or send someone to physically harm him.
The first of your suggestions is ludicrous. The second is (surprisingly, coming from you) indeed possible -- provided they can find him. They are criminal enterprises, after all. And there's hope for you! You actually had a coherent thought!
I liked it (Score:2)
Some of the youtube calls are funny. I have salty sally on quick transfer. Its only six bucks a year.
Re: (Score:1)
Re:Solution (Score:4, Insightful)
Impractical for those who are job hunting, or those who are a major contact in some community organization (such as for a church, community group, etc.)
Re: (Score:3, Insightful)
I just use a Google Voice number for that. Cuts down on a lot of obvious scams, is easy to report numbers that make their way through, plus the numbers are tied to the email address I use for said group.
Re: (Score:2, Insightful)
Jesus, we're a community of nerds - MOST of us are required to answer our personal phones and we don't always have the luxury of having everyone's contact information in our address book.
And for Mr. "this is illegal!" above, what these assholes are doing is illegal to. Put me in the same fucking cell and I'll teach them a lesson the courts aren't allowed to teach.
Re: (Score:2)
There is an Android app called TrueCaller that is great for screening calls. It uses crowd sourced data to identify numbers and shows you how many people marked them as spam.
Re: (Score:2)
Don't answer calls from unknown numbers. Problem solved.
My provider, Ooma, does a really good job of keeping an up to date listing of Telemarketing numbers, plus they allow you to deny any calls that don't provide a valid ANI. All I do is turn on their filters and I rarely get any unwanted calls. They are also cheap (after you buy the device that is).
Re: (Score:2)
Re: (Score:3)
As someone who runs the IT department at a retail establishment where half of our orders are placed via phone calls, it would be near impossible to just "not answer" the phone. Not every entity has this luxury. Though, I do personally have the luxury of fucking with all these "tech support" callers every time they contact us!
Re: (Score:2)
Don't answer calls from unknown numbers. Problem solved.
Nah, you answer calls from unknowns with "Hello, Burger King" or some other random company. If it scam you can get rid easily if it's legit you change track and they forget all about that first bit.
Hi (Score:5, Funny)
Hi, this is Lenny!! Come again? [youtube.com]
Re: (Score:1, Offtopic)
Re: (Score:3)
Typical... Scammers just provide spoofed data for the caller ID. Apart from having the right kind of trunk connection with ma bell (pretty much anything except a POTS line) you can set up the caller to receive just about ANY number. I had our PBX operator show me how once. He knew the White House switch board number so he used that to set up the PBX and called my cell phone. Voilà, I got a call from the White House! Great to amaze your friends or hide your true identity from the hapless person you
Re: (Score:2)
Providers should pass the ANI number [wikipedia.org] down to the SIP trunk, separate from caller ID. Then the PBX would see the same number calling in each time on that side.
I know you automatically get that on incoming calls if you have an 800-number, but I don't know if it's possible with normal numbers or whether it's part of the SIP standard.
Re: (Score:3)
Sometimes the ANI isn't what you send for the Caller ID data. It's like the difference between E-mail "from" and "Reply TO" headers.
There ARE valid reasons to do this slight of hand, so the phone company usually allows it from PBX operators.... At least the ones who don't abuse the privilege...
I'm sure that part of this SS7 ISUP signaling protocol is mirrored in SIP, but I left the Telco world right when SIP was getting started so I'm not well versed in the various protocols used to handle signaling in t
Re: (Score:2)
I don't mean send it as caller ID, but rather as extra metadata. That way, you can block further calls entirely. I suppose if it's a large call center, there's going to be a large block of numbers anyway. But a lot of these scammers are lone operators. I get phone calls every day on my business line from Houston, TX and Chicago, IL and I have no business with either area, vendor or otherwise.
And yes - I use caller ID spoofing every day to have certain outgoing calls from my PBX show up as my Google Voic
Re: (Score:3)
I usually use my local FBI Field office number when I'm testing a new system I setup. There's next to no controls on CID reporting on any voip provider.
This Man is a Goddamned Superhero! (Score:5, Insightful)
Vigilante justice has never been funnier.
Scam (Score:4, Interesting)
When your scam relies upon a script, it is easy to script a response that falls within the norms of what you're expecting out of your victims.
Queue the robot that checks the "I am not a robot" check box ... because it can.
Re: (Score:3)
If you just want to get rid of them, a very short disconnected tone or the sound of a fax machine modem for a second or two is usually enough to turn robocallers away. They won't even bother to hand the call to a human, and may even mark the number as dead.
Re: (Score:2)
Why would I want them to stop? There is nothing more fulfilling than playing dumb while walking them through the long line of stupid questions, wasting their time. We should all waste as much of their time as we can, that is the only way to make them stop. Cost of finding a victim goes way up, the profits go way down.
Re: (Score:2)
Isn't the point of wasting their time to make them stop though? To make it unprofitable. Or do you mean you actually enjoy wasting their time in person?
Scammer Sub Lounge (Score:2)
You could waste their time, upload the waste of time to YouTube, and possibly even make a little money on ads. It works for the Scammer Sub Lounge partners [scammersublounge.com].
Re: (Score:2)
"What's Chrome?"
"What's Firefox?"
"Whats IE?"
"Is that like AOL?"
"I'm on Compuserve is that like the Internet?"
they don't know any better (Score:1, Informative)
Most call center scammers are blissfully unaware they're commiting a scam. They really think they're trying to help people solve their computer "problems" by having them sign-up for support plans. They're just script monkies. Some of the reps may know that their "services" are bogus and commit the scam anyways as long as they get a paycheck, they don't care. The ones that really know what's going on are the C-level types within the call center company. Check out Lewis's Tech [youtube.com] channel some time. Really funny
Re:they don't know any better (Score:4, Insightful)
Bullshit. They know. Once they know you have found them out they invariably start cursing at you and being rude. Don't be so fucking naiive.
Re: (Score:1)
Only the sole scammers. The larger ones hire a generic call center which follow given scripts. You can buy these services for next to nothing through the massive data capture services running in Manilla (cheaper than India). If you want 100,000 people contacted within a few days, they'll do it and follow your precise script (that's question flow, not some bash/perl/python file), and provide you with a uniformed export. You can even handle the calls and hook them through to their people who'll do the rest wi
Re: (Score:2)
No, many are real. They fool the listener into installing a variant of TeamViewer so that they can remotely control the computer. And my mother nearly fell for this three times. Once was "Microsoft" saying they detected a virus on the computer, but she figured out something was funny and hung up and turned off before too much happened. Second time it was "Best Buy" (actually bestbuy??.us) who called her, shortly after a fake "you've got a virus!" messaged showed up. They offered to help fix her computer
nothing new (Score:5, Interesting)
I was doing this 10 years ago with Asterisk phone server. get a phone call at the house, press *1 and it transfers them to telemarketer hell where it plays random human responses that are a lot better than his as I was looking for pauses in audio to respond, his is just random audio that is not responding to the audio coming in.
There was a asterisk guru that published all the goodies on how to do this over a decade ago and I used his code and modified it a bit. worked great and the longest I tired up a telemarketer was 2 hours.
about 4 years ago someone had a better one called "this is lenny" that emulated an old senile man and was recording the calls for everyones entertainment.
Re:nothing new (Score:4, Interesting)
Lenny is still going! https://www.reddit.com/r/itsle... [reddit.com]
Re: (Score:2)
You've been pushing this virus for YEARS now on here. When will you give it up?
Re: (Score:2)
I heard somebody posted an article about you on Encyclopedia Dramatica but it got deleted. I wonder why anybody would do that.
Re: (Score:2)
Such modesty from one who's got a whole archive dedicated to him at Ars Technica. How touching.
Re: (Score:2)
And this is why you're too much of a coward to sign in with an account here, right? It would have nothing to do with you getting banned time and again from the Ars forums?
And this is also why I spent last evening enjoying a 10-course dinner for the Lantern Festival at the Great Happiness Restaurant in Guangzhou while you dined on Cheet-Ohs in your mother's basement in Poughkeepsie? In your world, this somehow makes you a winner and me a loser? I'm having trouble following your logic here.
As for the postcard
Re: (Score:2)
Oh, right, it's Syracuse, not Poughkeepsie. Whatever.
Turing Test (Score:4, Funny)
I hav one ... (Score:2)
... 1-800-whitehouse.
Thanks, Roger.
You're a peach.
Re: (Score:1)
http://i.imgur.com/9Ybgz.gif [imgur.com]
Hilarious (Score:2)
Never heard of it before. Youtubed it. Absolutely hilarious!