Microsoft Cold Call Scam

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Mon Oct 31, 2011 2:50 pm

I had a very odd phone call this morning. An Indian woman called and introduced herself as being from Microsoft Technical Support. She told me that they were calling everybody that was running Windows XP and Windows 7 because there were some files that were slowing PC performance. Now I used to be in IT support so bells were ringing immediately but I went along with it just to see where this was going. I asked her if she meant that Microsoft was phoning everybody on Earth that was using XP or W7 and rather stupidly she said yes. I retorted that this was a very large number of people and she agreed with a forced giggle. I then asked how she knew I had a problem (which I didn't) and she replied, "We are Microsoft, we know these things"...Complete rubbish. Microsoft error reporting from user PCs is anonymous. I again pushed her to explain HOW they knew, but she would not deviate from her script. I let it pass. She then asked me to navigate to the C:\windows\prefetch folder (which she did so V E R Y slowly presumably to make sure that I could follow the instructions given...she was assuming I had little or no computer literacy) She said the files causing the problem she alleged were in this folder. The prefetch folder contains essentially index files that windows refers to in order to help speed up the start process. They should not be deleted or your PC WILL slow down. At this point she told me that they needed to connect to my computer in order to sort out the "problem".
I then told her there was absolutely no way I was going to allow that at which point she simply hung up without another word being spoken.

This is a scam I've never come across before. These criminals are trying to get vulnerable and technically unaware people to allow remote connections to their PCs at which point these tow rags will raid them of any and all data that they feel would be of use...ID and bank details, addresses....you name it. Make sure you make people you know aware that these guys seem to be doing the rounds and that under NO CIRCUMSTANCES should anyone allow these people to make a remote connection, no matter HOW plausible their reasoning sounds. Microsoft NEVER phones people up out of the blue and asks to connect to their PC in order to maintain it! NEVER!

Not quite a Newb Joined: 22 Jul 2011 Posts: 50

Yes, unfortunately these companies are doing the rounds again. It's a good job you are computer savvy as the pitch doesn't hint at remote accessing your computer.
They will just give you a six digit code to type into a box which automatically lets them in to all your files.

I had great fun with one yesterday, i managed to keep them on the line for a full 25 minutes Very Happy

FOOTNOTE: They never had the ability to log into an AppleMac, the Trojan they plant was for Windows only, but they do now. So be warned, as you used to say 'I have a Mac' made them hang up. Not anymore i'm afraid.

Posted: Wed Nov 09, 2011 10:10 pm

In my real life i actually work for a IT support company and one of these Microsoft scammers called our office one day. It was a pretty slow day and id heard of this trick before, so the scambaiter in me came racing the surface and i managed to keep the guy on the phone for about half an hour, just messing around with him.

He wanted me to open up the event viewer and tried talking me through doing this via the run prompt.. and i typed EXACTLY what he told me to but it didnt work suprisingly.

echovictorechonovembertangovictorwhiskyromeo

Dunno why it didnt work Confused

Hello I'm New here! Joined: 25 Jul 2011 Posts: 5

this scam is truly global (even hit australia).
The suckers know that:

A) Most computers are running on Windows
B) Everytime you will analyze event viewer you will see system errors

To make it even more believable they started calling victims in advance to do surveys, this way when they call back 3 days later they have even more valuable information on the victim to make the scam seem even more legit

Sophisticated bastards

Let's hope another country (no names) won't figure this one out, because I'm sure they'll find a way to bring it to a whole new level

Hello I'm New here! Joined: 28 Nov 2011 Posts: 1

When I got the same scam call from "Microsoft" I pointed out that I'm using a mac and not windows and hung up. Smile

Or you check the number on http://www.tellows.com to see who's calling

Posted: Mon Nov 28, 2011 3:34 pm

^^^ Interesting little tool there.

I put in my cell number and it showed the right state for the area code, but that the phone was 250 miles from my location. Must be the location for the provider's HQ.

Hello I'm New here! Joined: 18 Jan 2012 Posts: 1

I know this post is a little dated, but maybe it needs to be resurrected?

Hi everyone,

I'm kinda new here, but I love what i have seen so far! Just recently, these same folks have been calling me non-stop.

As of a few minutes ago, I got off the phone with a "supervisor" as I couldn't understand what the first guy was saying. The supervisor was almost as unintelligible, but I managed to waste about half an hour of his time while I "tried to follow his directions" and "rebooted my modem" and yadda yadda yadda. He wanted me to run logmein123 . com and I assume he would have had me enter an access code if I hadn't mentioned that my modem's "internet light is red".

He said he'd call back in about an hour after I call my ISP to get my line fixed.

So... I have a bit of time to figure out a good way to mess with them. I think I will tell him that my ISP is sending out a tech to fix a hardware problem so that I can get an extra day or two for planning my offensive.

Unfortunately, the guy kept evading me when I asked for a direct phone number or email address to contact them once my line gets fixed.

I'm going to really try hard to get him to give up some sort of contact info. The number on my caller id (425-998-1533) has a recorded message from the FTC claiming it is a scam center, so I can't get through with that particular number. From what I can tell, the number is based out of Bellevue, Washington.

There are quite a few hits on google when you enter the number, so it is a commonly known scam.

Anyone want to play?

Posted: Wed Jan 25, 2012 4:39 pm

I had one of those too.
Enjoy..

http://www.youtube.com/watch?v=YxlCTI2LETM

If you want to have some fun, set up a Virtual PC using Linux and install the linux version of Teamviewer, let them in to the Virtual PC and have some real fun..

Posted: Wed Jan 25, 2012 7:19 pm

Consumer Reports, February 2012, has an article on "Scam Alert" entitled "No, your computer isn't infected"

They reported that the scam is so widespread that Microsoft has studied the problem in four countries, including the U.S. The study found that scammers stole an average of $875 from victims and caused $1,730 in damages to their computers.

In October, the BBB (Better Business Bureau) issued its second alert about the scam.

CR suggests to ignore the messages saying your computer is infected and to never click on a link that leads to a website (or downloads a program) promising a free computer scan.

That one should install a virus-protection program such as the free AVG Anti-Virus 2012 and make sure it's set to update automatically to protect against the latest viruses.

Elite Baiter Joined: 19 Apr 2008 Posts: 1301

Yeah, I've had at least 4 attempts from the same company to get me to buy their useless service contracts/software. All in all I've wasted a good 2 to 3 hours of their time with them footing the phone bill.

For the less tech minded their ploy is the same:-

1. Get you to look at the event log for any kind of error. They then use this of proof that you've been hacked or have a virus
2. Get you looged on to a remote control website (ammyy.com or letmein.com) so they can take control and sign you up. Once you've entered your credit card details heaven alone knows what use they could make of your CC details.

My advice. If you're not happy with the technicalities of handling these calls hang up. If you're savvy then log on to the aammyy.com site but DON'T GIVE THEM FULL ACCESS (you get an option with this provider). Give them a view of the screen only and you can have hours of frustration with them as you mistype/misunderstand all they tell you to do and they get increasingly annoyed they don't have keyboard/mouse control themselves. DON'T use logmein.com as they get FULL access straight away..

Not quite a Newb Joined: 14 Sep 2011 Posts: 54

I wonder...

Let them log into a virtual machine, or a real machine with imaged drive etc. but with software running that interferes with the mouse and keyboard.

I'm not sure if that would work the same via remote though but it's quite easy to move the mouse pointer by writing a structure into some Windows buffer (I can't remember the details but I've wrote one before). I imagine you can do similar with the keyboard input. Like a joke virus but a bit more subtle.

The software would have to run for all users in the background though, not sure if that would be a problem when you're logged out when they log in on a single session OS.

I might have a go at some "disruptive" programs but I don't answer my home phone so I can't have a play with a scammer.

Elite Baiter Joined: 19 Apr 2008 Posts: 1301

Spectre - yes I forgot to mention that a VM is the best security when playing with these people. As regards to mouse/keyboard control the point I was trying to make was that with aammyy.com you get presented with a menu which allows you to select what kind of access the remote user has before they are allowed access. Just let them view the screen and not have any input facilities. That tends to really rile them as they are convinced you are 'fighting' with them for mouse/keyboard control. They normally releent and ask you to do the 'work' they would have done remotely - i.e. sign you up for their crappy service contract etc.

Not quite a Newb Joined: 14 Sep 2011 Posts: 54

pete515 wrote:

Spectre - yes I forgot to mention that a VM is the best security when playing with these people. As regards to mouse/keyboard control the point I was trying to make was that with aammyy.com you get presented with a menu which allows you to select what kind of access the remote user has before they are allowed access. Just let them view the screen and not have any input facilities. That tends to really rile them as they are convinced you are 'fighting' with them for mouse/keyboard control. They normally releent and ask you to do the 'work' they would have done remotely - i.e. sign you up for their crappy service contract etc.

I was just thinking along the lines of letting them have control but it being more-or-less impossible to click on things or type Smile

. By working out the coordinates of buttons you could preset the software to do things too.

A haunted PC.

Master of Master Baiters Joined: 23 Mar 2006 Posts: 669

Hmm...so many ideas come to mind. Having time to prepare certainly would present some interesting opportunities.

A few that come to mind...

- If you aren't opposed to it, have a really raunchy porn pic as your background image. If you happen to be using Windows 7, set it up to change the background image (to other raunchy pics, of course) using the smallest increment of time possible.
- Should you have the necessary hardware and licenses available, set up a painfully slow installation of Windows 95 or even 3.1, assuming the desktop control software will run on those operating systems. Very Happy

- Pose as a young person who lives with parents. The only account you're allowed to use on the computer has limited permissions. I believe you could lock down the account to prevent access to the event viewer and other relevant stuff, but still allow installation of their desktop control program.
- Adjust the expected double-click speed to be much, much faster than normal. I doubt they'd have the know-how to do everything with just the keyboard.
- Unplug the network connection (assuming you're using an ethernet cable) when it looks like they're about to accomplish something.

If only they'd call me!

Posted: Mon Jan 30, 2012 12:56 am

Perhaps some of you have been talking to this caller!!

Posted: Tue Jan 31, 2012 12:00 pm

I had another one of these calls yesterday and I had a bit of fun with the lad. Some of the things he told me were laughable, for instance, "The software maintenance contract installed on your hard drive has expired and is causing your softwares (sic) to give you less than optimum performance". I kept him on the phone for about half an hour, during which I asked him once or twice if he would excuse me while I "answered the door", at which point I would put the phone down on the desk and go away and make a cup of tea. When I came back ten minutes later, he was still there patiently thinking he had a mug on his hands (I'd said earlier that I had no problem with being charged $200 for a new "software maintenance contract") At the end he gave me the six digit number for him to access my PC and I then told him I knew he was a scammer and that I would have his call centre shut down.
I then contacted Logmein.com's customer service line and gave them the six digit number I had been given and was told by them that the account would be suspended and the local Police informed.
Result I think.

Elite Baiter Joined: 19 Apr 2008 Posts: 1301

Jim, well done. As you say once they think they are dealing with someone who doesn't understand computers they are leeches. Like you, I have found going to make a cup of tea is something which wastes a good amount of their time and phone bill. When they are waiting on the phone for you to answer the door they are not scaring some little old lady with their stories. My only comment is that when you get to the 'business' of them remote controlling your computer and signing you up for their 'services' hanging up guarantees a flurry of follow up phone calls (if you want to extend the amount of time their time is wasted even more).