Indian Tech Support Scam

Post Reply New Topic

I'm wondering whether some members might like to share their experiences or opinions on this phenomenon.

For the benefit of anyone who's not familiar with it, here's a summary:

A man or woman with a fairly heavy Indian accent (but is mysteriously called 'Bill' or 'Jennifer') rings you up and says he/she is from 'Windows Technical Department', or your Internet Service Provider, or even Microsoft itself. You will then be told that they have been receiving 'messages' from your computer, which indicate that it has viruses or serious security problems. To 'prove' the point, the technician will invite you to bring up the Event Viewer on your PC's operating system, and show you a page full of red and yellow triangles, which supposedly indicate a problem, or you'll be directed to msconfig's 'services' page, showing that many of these have been 'stopped'.

Then the technician, if you allow it, will take remote control of your PC and explain the charges for remedial work, usually $200-$500 (more than the value of the computer in some cases). If you agree to this, they'll do some worthless and unnecessary 'work' on your machine (actually introducing malware onto it, apparently). If you refuse to pay, or call them out on the scam, they will either start deleting your folders, or even the operating system itself, or put a password ('Syskey') on the computer, locking you out of it until you pay up.

Until recently, I just used to put the phone down after telling them I'm not interested, or that they're crooks, but then I finally summoned the confidence to mess these guys 'n' gals about and play them at their own game. The last time it happened, I managed to keep the technician on the line for 20-25 minutes, wasting his time and finally directing him to open a command prompt on his own computer, type in 'netstat', then explaining to him that the foreign IP addresses which came up on his screen were hackers that had got into his system, and that for only $500 my technician would sort it out for him.

Obviously the game was up now, so he did what any self-respecting scammer does at this point, and put a Syskey on the Virtual Windows XP machine I'd allowed him access to. I regarded that as my 'badge of honour', lol! Needless to say, such action on a VM doesn't affect the real computer, and can be reversed anyway with a click of the mouse. I've got to say that I didn't perform anything like as brilliantly or amusingly as the people who put up recordings of this sort of thing on YouTube, but it was a start, and I'll do better next time.....

Good work fella , I usually just pretend to be a dufus and pretend I'm doing what they ask and try to keep them on the phone as long as possible.

Maybe this thread should have been allowed to continue its slow slide into oblivion, but I had an experience earlier today which maybe sheds new light on the latest tactics of the tech support scammers.

The call followed its normal pattern initially, with a heavily accented man calling himself 'Jordan' from Microsoft going through the usual routine - showing me the stopped services via msconfig and claiming this was evidence that the laptop had been 'hacked', following which he assumed remote control of my Virtualbox XP machine.

What happened next though was that he claimed Microsoft had been tipped off about this by the CIA. He then supposedly went to the CIA website and showed me an impressively professional looking intelligence document (would like to have screenshotted it, but he had control of the VM), which revealed the identity of the mastermind who had hacked my computer, in this case a Russian gentleman (whose name I've forgotten) operating out of Dayton Ohio. At this point I was struggling to avoid blowing my cover by bursting out laughing.....

The next phase of the scam was also an unusual departure. Instead of asking me to pay US$ 200-500 for a 'fix', he simply said it would cost £2.90 to renew my 'licence', which the hackers had apparently stolen. He then presented a form for my personal details, including credit card numbers.

I ought to have continued playing along by giving bogus details, but at this stage I lost my nerve, called him out, and the encounter rapidly descended into the usual 'Madarchod' insults, following which he proceeded to delete my files and lock the VM via Syskey.

I think this is of interest because it's probably getting much harder for these crooks to pull their stunts, owing to increasing public awareness, and the CIA business shows the imaginative lengths to which they're prepared to go. Using Sterling prices for UK 'customers' and lulling them into a false sense of security by quoting such minimal amounts is also a new departure in all likelihood.

Afterwards I couldn't get back into my VM, perhaps because I'd messed up the 'snapshots', but also because maybe the scammers have upped their game in this area too (unlikely). I'll now have to reinstall in time for the next round.....

It only happened once. The PC was powered-down, so it was off-line. I knew it was a scam when they said that they has just received a report from my computer that there was a problem.

So I sat next to the computer and just made tappity-tap noises with the keyboard whenever they asked me to do something.

Then I said "Pulis jald hee aapase mil jaegee" (The police will be with you shortly). They hung up and have never called back.

The last time one of them called me, I had plenty of time and was going to string him along as long as possible. However, the guy had such a bad accent that I could hardly understand what he was saying.

He wouldn't have got too far anyway because I don't use Microsoft operating systems.

In preparation for the next time, I've created a dummy account for him to log into on this machine which runs OpenBSD.

^ Despite the often quite heavy Indian accents, many of these people speak English to a high standard, more grammatically correct than a large number of native Brits certainly.

I've acquired a number of modified, custom-made versions of Windows (titles like 'XP Vortex Red', 'XP Black Edition', 'XP Vienna','Windows 7 Gold', etc), all of which ironically enough seem to have originated on the Subcontinent. I won't provide any links, as they are in what one might euphemistically describe as a 'grey area' as to their legality, but it'll be interesting to see what the scammers make of them when they encounter them on my Virtualbox. I've even got a copy of Windows Longhorn, which was to be Microsoft's original replacement for XP before they abandoned it in favour of Vista - but there are problems trying to install it.

There are almost certainly a few viruses or Trojans lurking in these systems, so I'll be installing them in Virtualbox on a Linux host system, to avoid the risk of cross-contamination.

As far as I'm concerned those morons are nothing more than prime mugu baiting targets. I've had a few calls over the years but since I keep my phone disconnected unless I'm making a call I generally don't have to deal with them anymore. Those stupid card holder services as*holes on the other hand ...