August 2, 2012

The bogus tech support boiler rooms must be working overtime lately. I’ve recently been inundated with horror stories from readers who reported being harassed by unsolicited phone calls from people with Indian accents posing as Microsoft employees and pushing dodgy PC security services.

These telemarketing scams are nothing new, of course, but they seem to come and go in waves, and right now it’s definitely high tide.  One reader’s story in particular really creeped me out. “Ron” wrote in to say his friend’s young daughter was the latest target.

“A friend called me to tell me that someone called his house, and using some ruse, convinced his 11 year-old daughter to ‘type in some numbers’ into the Run window,” Ron wrote. “When he got home, he turned the computer off, and we assume that it’s compromised and will need to be reformatted.”

Ron said that not long after that incident, he received a similar call. The woman on the phone told him that she was “the authorized security monitoring service for Microsoft Windows,” and that they had detected that his computer was infected with malware, which naturally he needed to have removed.

“The phone number was a Georgia area code, but I’m pretty sure she was from somewhere in India or Pakistan, based on the delay,  her accent and use of English — she said her name was Nancy,” Ron said. “She was also calling me at 7:30 am.”

IF AT FIRST YOU DON’T SUCCEED…

Wednesday evening, I heard from “J.C.,” an information security officer from a community bank in Maine. J.C. said he’d just been contacted by two customers who called after being snookered by these scams.

“The scammers said they were from Microsoft and had been shadowing the customers’ computer, and saw they had a virus on their PCs, and would they please open a command prompt and download something,” said J.C., who spoke on the condition that I not print his full name or that of his employer.

J.C. said both customers had been bamboozled by a company in India called NIAS E Business Solutions, to the tune of $199. J.C. said the bank blocked the transactions and canceled the customers’ debit cards. But that didn’t stop NIAS from trying to put through the charges two more times. The first time for a lesser amount of $99. When that failed, the NIAS tried to put through a $120 charge via Western Union!

J.C. and the Maine bank are still trying to figure out another curious aspect of this scam: J.C. said that prior to attempting the charges, NIAS signed up the customer for MasterCard’s SecureCode, a security service offered by MasterCard intended to provide added protection against card fraud for customers shopping online.

“The customer had never registered with SecureCode, and the bizarre thing was that the person who made the call from this NIAS company registered it with SecureCode, almost as if to try to make the transaction seem more legitimate,” J.C. said.

TARGETING THE ELDERLY?

J.C. said it appears as though these call services are targeting the elderly and people who may have computers but little expertise about how to secure them. KrebsOnSecurity reader and security professional Sam Sharp is fairly convinced of that as well: He wrote in this week to tell me about a similar scam that targeted his mom. Sharp wrote:

A remote admin tool used by the scammers who targeted Sharp’s mom.

“My mom is 86 and lives in Florida with so many other seniors.  She is a nice old lady.  Last year I upgraded her PC to Windows 7 and removed admin access for her account. I manage her PC from Minnesota using Logmein.  Keeping it patched and help her create her monthly invoices in Word.  She works a few hours several days a week driving other seniors to appointments and visiting them to make sure they are eating and taking their medications.  On Tuesday Mom received an unsolicited phone call from someone who actually got her to go to her computer, visit a website and download a program to her PC.  I am not sure what the scam was about but the software appears to be a remote access program called AAMMY.”

The tech support people said they needed the admin password to install their diagnostic and cleanup tools, so Sharp’s mom called and left a message with him, asking for the password so she could relay it to the people who had called her (the number that called her was 888-458-9001).

“I recorded the voice message that my mom left because it is amazing to hear how convinced she was that this was legitimate,” Sharp said. “I had to be very delicate in explaining to her that this was a scam, and it actually took some effort to get her to realize that people do this kind of [stuff].”

For its part, Microsoft recently published a notice to its Safety & Security Center page warning customers about these fraudulent tech support scams from call centers claiming to represent Microsoft. The company stressed that neither Microsoft nor its partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. Ironically, Microsoft itself offers a fair amount of free tech and security support, by phone, email and online chat — but the customer has to initiate the process.


62 thoughts on “Tech Support Phone Scams Surge

    1. BrianKrebs Post author

      LOL. If I could give you 50 thumbs up I would. Best. Comment. Ever.

      Thanks for the laugh.

  1. Dickey Sopchak

    I had a customer that also received such a call yesterday. Luckily he was running WIN 7 and when the AAMMY download warning appeared, he cancelled the download. The caller urged him to continue and ignore the warning, but he hung up and called me. AAMMY.com has a warning posted on their site about the scam.

  2. Blizz

    My wife had the best reaction to the call she received. When they said her computer was infected with a virus, she just offered up a cheery “OK great, thank you for letting me know” and promptly hung up. That made my day when I got home from work.

    1. Chad

      kudos to your eng on the vid, Alfred. Nicely done.

  3. Martijn Grooten

    I think the “targeting the elderly” thing is nothing but a consequence of the fact that a) they tend to call during business hours, b) they tend to call landlines and c) many younger people just end the call – so the stories of them being called don’t make the news.

    I have no reason to assume they are targeting the elderly specifically. In fact, I’ve been called at least half a dozen of times myself. They do seem to move from region to region and country to country.

  4. Walt Conway

    My wife and I, too, received several of these calls at home. We knew immediately it was a phishing scam based on the fact that we doubted Microsoft was that concerned about us, especially since we use only Macs to connect to the Web.

  5. BillK

    This scam has also been going round the UK for several years. The police and newspapers have issued warnings to the public.

    When I got a call from them they told me they had noticed many warnings about a virus infection on my computer. I said ‘That’s strange’. She replied ‘Yes, we’ve been monitoring error messages from your pc for a while now.’ I replied, ‘ I don’t understand. My pc runs Linux, not Windows’.
    She immediately hung up.

  6. Bill

    The MC secure code was probably to make it more difficult for the victum to contest the fraud charge and easier for the owner of the merchant account to win any dispute.

  7. Chris Thomas

    Love wasting these guys’ time. I pretend to be a nervous 106 year-old codger with many gasps and cries of alarm and kid them I am trying my best to follow their instructions with many ‘typing mistakes’ to keep things rolling. After 25 minutes or so, I put them out of their misery by suddenly realising and announcing that I don’t have computer after all. Silly old fool me. I don’t think that they are very pleased. Tough!

    1. SeymourB

      “What? You mean computer isn’t a fancy word for typewriter?”

      It’d be fun to keep a typewriter lying around for just such occasions, preferably an old pre-electric model. I wonder if they’d even get the joke while hearing you peck away…

  8. Adam Slagell

    A scammer called an elderly relative pretending to be from Microsoft. She hung up. He called back and I answered as the Chief Information Security Officer of the National Center for Supercomputing Applications. The moron tried to explain why his calls aren’t phishy. He wanted me to look at their web page. I tell them no thanks but to google S-L-A-G-E-L-L and hit “I’m feeling lucky”. 10 seconds later he hung up on me this time.

    1. Old School

      I Googled S-L-A-G-E-L-L and the first entry was http://WWW.SLAGELL.INFO. My Norton Internet Security site safety information said that the site was untested. I declined to visit the site because I have a policy of only going to sites that are registered with and therefore inspected by major PC security packages like Norton. Call me Old School.

        1. Allah

          It’s not polite to call people names, Ishmael.

      1. Adam Slagell

        Heh, probably the safest bet. After I posted an indirect link to my personal web site on this forum, I wondered if my site would be defaced and serving malware by morning. 🙂

    2. dave

      These scammers are targeting the elderly…I heard from a relative at a family reunion that someone posed as a Mcafee rep and tried to get their usernames passwords….. it was a good time to give everyone a reminder about social engineering 🙂

  9. Alpeh

    Why even bother with anti viruses?they won’t protect you anyway, they fail to detect everything but the dumbest malware and the scammers are using them now to hold your systems hostage?

    1. Niclo

      Because if you don’t have any anti-virus then not only are you at risk for the newer infectors you’re at risk of the “stupid ones” that everyone already knows about. Anti-virus aren’t about pro-active defense but reactive defense. Not everyone is net-savvy enough to know how to avoid older infectors and not to mention even if you are savvy the tenacity of some older infectors will get past a seasoned user with no protection. However you can run your computer in whatever manner you find that pleases you, as I’m sure it’s served you well.

    2. JohnP

      Why run AV at all?
      * Because it is required by company policy.
      * Because the company signs contracts which make it mandatory.
      * Because, if you run MS-Windows, 50% protection is better than 0% protection.
      * Because you aren’t the only person to use that PC.

      For me, honestly, it is the first 2 reasons. I like being paid. My mortgage likes it too.

  10. fred

    Got a call from the ammyy_dot_com scammers twice. Their schtick (all delivered in a thick Hindi accent) is to say that they’re from Microsoft or Verizon and need to fix your dns and would you please visit their website and do what they say.

    I got a call from them once before and complained to their hosting service, but received a letter back from the lawyers saying they couldn’t do anything, and ammyy is obviously still around.

    So I pulled out the iPad, rerouted all traffic through some open proxy operating out of Tehran, identified my browser as Internet Explorer 6, and went ahead with the instructions that the urgent Indian provided. Sadly, their scam is to bruteforce a .EXE into the browser from the start, so I wasn’t able to provide them with the identifying code they wanted and ultimately failed to send them on a goose chase through teh Iranian internets.

    I wish there were a better way to get at these clowns.

      1. ChocolateMalt

        You’re thinking of Hindu, common mistake. There are many more Hindu adherents than Hindi speakers but obviously there’s a large overlap.

  11. vladimir

    I got the very similar calles. Caller told me that they detected some suspicious activities comming from my computer. They were very pushy asking me to run some commands for ‘scan and fix’ my computer. So it is very similar to what described in the article, however I’m in Australia, so it is world wide scam. BTW caller accent was indian or similar.

  12. Frank Mosher

    I just updated a Mastercard number and ordered a product on a secured site. The following morning, there was the telephone call with what looked like a local number. “Unknown caller”! i.e. “detected a problem with your computer- east Indian accent!” It happens all the time!! There must be a “leak” somewhere!! Either with Mastercard( most definitely) or on eBay, Epson or Costco! Someone should check it out! Guaranteed you will get a call!

    1. Chris Thomas

      I wonder if Mastercard has outsourced its operations to India to save a few pennies.

  13. SHIVA ?

    Call – centers in India are employed by businesses anywhere. The ultimate rascals could be sunning themselves in Florida, Siberia or on a UFO based on Phobos.

  14. Nick Braak

    I believe there was a legitimate online tech support industry. A pay per incident type, where you call or go to a site for help. This crap has probably destroyed that operating model and smeared the few good guys along with the bad. I don’t think the legit operations made outbound random calls either.

    1. Richard Steven Hack

      Since I do real live tech support, I’ve been interested in the “remote tech support” services floating around. They’re very cheap, but based on a couple clients who have used them – before they ended up having to call me – I’d say they aren’t that valuable. They have been known to make problems worse.

      And of course they’re utterly worthless if your machine won’t boot – which a lot of end users fail to consider before signing up for these guys.

      I like Chris Thomas’ post above. Making these fake tech support spammers run circles by acting like a naive end user trying to do tech support over the phone is a gas. I’ve been on that fruitless task before and now I just refuse to do any phone support unless I’m really sure it’s a REALLY simple problem. You get a client who doesn’t even know what Windows Explorer is called (versus Internet Explorer) and you’ll never solve that client’s problem without an onsite visit. 🙂

      1. Martijn Grooten

        I’ve “used” them is that I had them go ahead on a virtual machine and, by sheer luck, happened to enter a validating credit card number. They did make some halfhearted attempts to fix things by running some free tools – but really didn’t do anything more than that. And while I “paid” for a year full of support, the same “company” called me a month later, trying to perform the same scam.

  15. Great Lake Bunyip

    This sort of scam is tried all too often here in Australia. I am on the government’s Do Not Call List, but I still have scammers calling me a couple of times a week. I run a help desk. Many people are easily taken in by the scammer. All too often with disastrous results. Cheers

  16. Scott S

    Wait until they get their sleasy hands on the mobile network and no doubt they will. Signs are already showing up that the mobie networks – numbers and addreses etc are already compromised.
    I am about to ditch a landline phone due to all the spam it’s getting, mobiles will be next you can be sure of it.

  17. Datz

    I am intrigued. Why are these people calling users in US or other ‘advanced’ countries? Is it because there are enough ‘users’ who fall for their spiel and thus they keep trying? Is there any data for this scam being tried in India itself.

    1. SeymourB

      The incentive is probably economic, as citizens in the western world can usually absorb a $199 fee without much heartache, while locally that may equal a months pay or longer.

      In addition targeting locals will eventually involve local law enforcement who will have a real incentive to crack down on their practices… while, in many places, crimes committed against foreigners are viewed by law enforcement as not being their problem. This is why Russian criminal organizations go to great lengths to exclude Russians from their scams.

  18. Scott S

    The telemarketers do not necesarilly know they are scamming and are paid not to ask questions probably

  19. Dan

    Ammyy LLC is based out of Seattle, WA and it appears they are aware of the issue:

    http://www.ammyy.com/en/admin_mu.html

    I wonder why the scammers would choose this company’s product over better know tools like Teamviewer or LogMeIn?

    For US based readers, it is also evident that the Ammyy website content was not written by a native US speaker – there are errors in the use of definite articles, awkward clause construction, lack of proper idomatic usage, etc.

    Perhaps there are shared cultural backgrounds between staff at Ammyy and the scammers??

  20. Phill Trum

    There is a woman with an Indo-English accent who calls peddling pharmaceuticals on my cell phone and she sounds very like the woman who calls from the Microsoft Security watch group.

    In one case they can tell that I am paying too much for my prescription drugs and in the other they can tell that I have a virus or or other malware infection on my computer. The cell phone captures the incoming call with a 1- prefix and the next # 209 I think is a Seattle WA area code.

    In both cases I tell them that I eat pork stuffed roast beef and invite them to my house for dinner.

    1. TJ

      Area code 209 is in California’s Central Valley. Seattle’s area code is 206.

  21. Richard Steven Hack

    Well, this is amusing. I just clicked on the Like button for Chris Thomas’ post above and I get…

    “Error: Possible CSRF attack, Comment Rating not changed.”

    🙂

    I’m running NoScript and something isn’t working right, clearly…

    1. TJ

      I recently replied to JCitizen on this same issue in another story. I dealt with this error message for many months using the Opera browser. Eventually, I resolved the issue by enabling the “Send Referrer Information” option.

      Since several people have recently complained about the same error message, I would bet that a NoScript or Firefox update is the source of the problem.

  22. Scott S

    I believe that the world WILL evenually heavily regulate, we just have to suffer until the powers that be see votes in it

  23. Red

    I’m in Canada and I work out of my home office. I got one of these calls just 2 days ago and I decided it would be fun to waste their time by leading them on a wild goose chase. The thing that was interesting was, as soon as the person ascertained that I was willing to allow them to “fix” my computer, he transferred me to his “manager”.

    I kept this guy on the line for about 20 mins while I pretended that I was an idiot and oops, I can’t understand your accent, what is it that you are asking? And just as I was about to give him some information, oh dear, someone has just come to the door and I have to answer it. And on it went, it was quite fun.

    But eventually I needed to get back to work and when he requested some info from me I told him it said “H O N E Y P O T”. And then hung up. Hope he knows what that is.

  24. Gopal Das

    I think everybody should check out the Scam Detector app. I believe they’re online as well.

  25. Rob

    I used to get a lot of these calls not that long ago. At first I used to string them along for ages pretending I was naive and what they were telling me to do was not working, finally asking them if it could be that I was using Linux that could account for it. I then ended it telling them I knew the scam. I then got so fed up with this scam that every time I got a call I just launched into a string of abuse strong enough to make a hardened sailor cringe. It was good therapy releasing all that anger at their expense. I now don’t seem to get these calls. I wonder if I have been put onto some sort of black list.

    I do miss my therapy sessions though :))

  26. Bailey

    I am currently in this scam and don’t know how to get out! I paid the $269. The scammer said I can’t cancel out or he sill lock up my computer a nd I’ll never be able to use it again. HELP. I don’t know much about computers, so was very vunerable. He is going to call this afternoon and I don’t know how to handle him.

    1. SeymourB

      If you disconnect your computer from the internet there is no way he can attack it or harm it in any way.

      Next take it to someone knowledgeable, have your data backed up, and the rest of the system wiped out and restored to a factory state. Your data then gets copied back and you’re roughly back to where you were before the incident.

      Once your system has been exploited it’s never going to be trustworthy again.

    2. Martijn Grooten

      I’m sorry to hear that, Bailey. I second what SeymourB said: disconnect your computer from the Internet for the time being, take it to someone knowledgeable. Report it to the local police. And contact your card issuer – or the company you used to pay the amount – as soon as possible and tell them what happened.

    3. Rob

      Bailey, firstly contact your card’s fraud department and report this as fraud giving them the details. They should know about this fraud and your card should be covered by it so they should refund the money and stop any further attempts to steal money from you.

      Secondly take your computer to a place where technicians can fix it. If they can’t rid it of the ransom-ware they will have to reformat the drive. If the latter they should be able to save all your data by removing your HD, changing it to Slave, popping it into another computer where they can back up your data and then reformat it putting the OS back on and copying the data back to it. Hopefully it shouldn’t cost much.

  27. Stephen

    If they are “targeting the elderly”, where do they get the telephone numbers of “elderly” folks with PCs? Is someone collecting telephone/age/PC ownership data?

    1. Rob

      Stephen, they are not targeting the elderly, it’s just that the elderly tend to be more naive about computers so fall for the scam more and you hear about them being hit by it more. The whole thing is random as can be seen by people who don’t have Windows getting these calls and even people who do not have computers getting them. You don’t tend to hear about them though because as soon as the caller finds out you don’t use Windows or have a computer they apologize and say they must have been given the wrong data etc.

      1. Stephen

        That was indirectly the point I was making, that because (in my opinion) there is no source of correlated data of PC users with age and telephone number, there cannot be any targeting. But the security professional quoted seems to think there is and that they’re after his mother.

        I will concede, though, that calling random numbers hoping to eventually reach an easily duped, older person with a Windows PC could be considered targeting.

Comments are closed.