So last night “Bob from Microsoft” called me because my computer was infected and “he was there to help me”. Yeah right.
Because the Internet is such a wonderful, sharing place, I’d been alerted to these types of cold-call, social engineering attacks a while ago. One of my neighbors had received one of these calls too. In fact, months ago I received two of these calls in the same week. If you are not lucky enough to be on the “right” phone lists to get them, read on.
The general progression of the call is someone calls you and says that they are calling to help you and that your computer has malware, viruses, trojans and other bad stuff on it. They run you through some “checks” (which are all fake) and then offer to remotely connect into your computer to help you. Troy Hunt, an Aussie infosec researcher, has a wonderful hour-long video of his conversation with these guys here http://www.troyhunt.com/2014/01/scammer-identifies-viruses-in-brand-new.html.
Once these guys get on your computer via the remote control software, they do all sorts of bad things to it.
But last night, I was feeling puckish and decided to let Bob “help” me to a point.
Scripts and English
Educating My Family
In fact, now that my whole family has heard these guys and what they say, they LOOK FORWARD to their calls and listening to me play with the callers. Love that.
For those of you that have not received these calls yet and don’t want to watch/listen to Troy Hunt’s video above, here is kinda how the call went last night. For readability, I’ll note the caller’s statements with Bob: and mine with Me:.
Bob: Hi this is Bob from Microsoft. Your computer, when it goes on the Internet and contacts our servers has been shown to have a security problem. I am here to help you.
[Now, I’m a geek. Bob doesn’t know this but I have 5+ laptops in my home, servers, NAS devices, Virtual Machines (VMs) and other things that I KNOW go out on the Internet. So when someone assumes I only have 1 computer, I know he really is not for real]
Me: Thanks for calling Bob. I’ve noticed weird things on my computer and I’m very concerned about these things.
Bob: OK. Are you in front of your computer?
[I was…just I happened to be in front of my Mac and not my Windows system. But Bob didn’t need to know that. And of course, there was no way I was going to let him touch my system anyway.]
Bob: Is your computer on?
[I thought this was a nice touch. Nothing like trying to do tech support on a computer that is off. I used to do help desk work and was really surprised by a user who couldn’t turn their computer on because they had plugged the plug-strip the computer was plugged into, into itself. Where did you think the power would come from??? But I digress. Yes. We need the system to be on.]
Me: Yes it is.
Bob: OK. Go to the Start menu and….
Me: There is no Start menu.
Bob: What? In the lower left there is a Start menu.
Me: No Bob. On my Mac there is no Start menu.
Bob: You have a Windows computer right?
Me: Of course Bob. It is on the Mac. I have Virtual Machines (VMs) of many Windows systems from Windows XP to Vista, 7, 8, 2003/2008 server and more. You are Microsoft. You know all about VMs right? Which VM do you want me to spin up? Heck Bob. I’m really concerned that one of my VMs may have a botnet on it and be participating in a Distributed Denial of Service (DDoS) against the financial sector companies. Can you help me with that?
[There was this long pause. Then he started at the beginning of the script again…]
Bob: Hi this is Bob from Microsoft. Let me transfer you to my supervisor.
[Translation: “You used big words and complex phrases that confused me. I will give you to someone who can make you conform to my script.]
Supervisor: This is the supervisor can I help you?
Me: I sure hope so. Bob was helping me out and he wanted me to start my Windows computer but I have about 10 different versions of Windows on VMs and I got confused.
Supervisor: Do you have Windows 7?
Me: Of course! [What kind of a tester would i Be without at least 1 Windows 7 VM?]
Supervisor: Use that.
[And I was transferred back to Bob.]
Bob: Hi this is Bob from Microsoft.
[Back at the beginning again. I was getting bored and dessert was ready. So I decided to end this.]
Me: Bob. I’m having trouble with my phone. Can you tell me if this sounds like a dial-tone?
[Then….I hung up.]
- No one that is legit is going to call you out of the blue and tell you your computer is doing bad things. We just don’t live in that kinda place yet.
- We should NEVER let anyone into our computers to “help us” without consulting a trusted, computer-savvy person. Get the “helpful” caller’s name and phone number and tell him you’ll call him/her back. Phone a friend, Google the issue…do something to verify that there is an issue. Don’t let some foreign Snake Oil Salesman make you do things to hurt yourself and your computer.