Phony tech support scammer escapes with a slap on the wrist

Filed Under: Fake anti-virus, Featured

Call centre operator, courtesy of ShutterstockA UK court has handed down a sentence of suspended jail time plus fines and costs to the operator of a phony tech support cold-calling scam.

Mohammed Khalid Jamil ran a firm called Smart Support Guys based in Luton, and staff at his India-based call centre are thought to have carried out the deceptive cold calling.

The scam has a fairly standard pattern - victims are called out of the blue, and informed that their computer is in some kind of danger, with the caller posing as a technician either from Microsoft or from an affiliated support firm.

The victim is persuaded to look at some alerts on their machine, usually a standard built-in tool such as the Event Viewer in Windows, and tricked into believing that normal, trivial error messages are a sure sign of horrible malware infection.

The caller may also try to get their target to grant remote access to their machine, so the scammer can demonstrate the phony danger.

From here the victims are pressured into allowing installation of software, usually free security tools but occasionally malware, and then have to pay for the tools and assistance.

In Jamil's case it seems Microsoft's free basic anti-malware was installed for a fee ranging from £35 to £150 (roughly $60-$250).

The scam has been a fairly common sight for several years now, spinning off from earlier fake anti-virus scams and evolving over time with the occasional tweak to its techniques.

A survey in 2011 suggested that 15% of people in the UK and Canada had received one of these calls, and of those 22% paid up for the bogus services.

Call center. Image courtesy of Shutterstock.Jamil insisted that staff at his call centre had carried out the scams against his wishes, and he had been powerless to prevent them.

At York Crown Court last week, Jamil was given a sentence of four months, suspended for 12 months - so basically, he avoids actual jail time if he manages to stay out of further trouble for a year.

He was also ordered to pay a fine of £5,000 ($8,315), plus a little more than that as compensation for his victims, and of course a third sum for legal fees amounting to over £13,000 ($21,620), rather more than the first two chunks of cash combined.

Those involved in the prosecution of the case have described it as a "landmark case" and "an important turning point for UK consumers", which sends out a "stark warning" to those engaging in such scams.

However, many may see the non-custodial sentence as little more than a slap on the wrist, and although the associated fines are a step in the right direction, they seem on the low side given the huge amounts being made from this sort of scam.

A 2012 case brought by the FTC in the US targeted six similar boiler-room firms, freezing assets amounting to $180,000 (£108,000) and predicting damages in the tens of millions.

If a "stark warning" like that isn't enough to deter these people from pestering the vulnerable, it seems unlikely that this latest case will have much impact, but it is good to see at least some scammers being shut down.


Image of call centre operator and call centre courtesy of Shutterstock.

, , , ,

You might like

19 Responses to Phony tech support scammer escapes with a slap on the wrist

  1. Lesley Ross · 201 days ago

    I received a call from someone offering similar software. I realized it was a scam and told him NO, he didn't want to take no for an answer so I hung up on him. I can see how people would fall for his heavy handed tactics especially if they don't know much about computers A friend was sure his computer was running slow because he gets a pop up on his screen telling him so, it infuriates me to see people getting ripped off by these scammers.

  2. Spit Shine · 201 days ago

    I wouldn't even call that sentence a slap on the wrist, more like a warm, gentle breeze across your face.

    It does show who are the most important victims here - the lawyers.

    • Boss Hogg · 200 days ago

      Right--doing a little math--"A survey in 2011 suggested that 15% of people in the UK and Canada had received one of these calls, and of those 22% paid up for the bogus services." (22% of 15% of 100,000,000 is 3.3 million.) So, his "compensation" amounted to less than a half cent per victim. How can this be considered punishment?

  3. Non-TiPpSy · 201 days ago

    Unfortunately in the UK the phone system is thoroughly abused by hard-sell cold callers (despite opt-out preference schemes). I have set up elderly relatives with phones with internal directories, put in their valid numbers and then strongly advised them not to answer calls from unrecognised numbers. (Setting them up with a non-Administration rights user account gives a further line of defence - provided someone with Admin rights can visit to do basic maintenance.)

    I wish all commercial calls had to declare their origin on Caller Line Identification (CLI) - particularly calls from overseas (even if they only identified as 00 91 XXXXXXXX). I would have thought that a modern telephone system (such as we are meant to have in the UK) could flag calls from overseas in such a manner at the point of entry into the UK network.

  4. Chris · 201 days ago

    I had one of these. "There seems to be a problem with your Windows computer." "Really? That's odd, I'm using Linux."

    • Concerned Observer · 201 days ago

      I string them along... Only after wasting at least 5 minutes of their time do I tell them that I'm using Linux and that I have just been "playing" with them.
      The last call, I managed to confuse the original caller so badly that he ("Jack") had to call his "supervisor" onto the phone...

    • Moms Basement · 200 days ago

      > "Really? That's odd, I'm using Linux."

      I did that once and the caller started laughing at me :(

  5. Anonymous · 201 days ago

    always fun to mess with these guys when the call :). let them go through the process for about 10-15 mins then tell them you are on a mac

  6. Warren · 201 days ago

    Mmmm.........I do like the "Mac or Linux" lines.
    I was having a lot of repeat calls (very irritating) probably because I was rude and I suspect each caller didn't tick the "completed contact/call" box deliberately so that this would continue indefinitely.
    Simple solution .............. "ah yes, thank so much for calling to check .......... the technician that fixed my computer last week did a very good job"
    There was a blank moment in time while this information was digested and absolutely nothing since, lol

  7. Here's a great way to deal with these scammers: String them along until they get to the part where they want ask for your computer's password, then advise them the password is "Go f*** yourself". Works every time.

  8. Tricia · 200 days ago

    The ridiculously low fine meted out in this case in no way reflects the stress suffered by many elderly victims when faced with this kind of call.

  9. Juan · 200 days ago

    "Sure...we'll accept your offer to provide services. However, we require all contractors to post a $100,000 bond before we agree to have them do any work. If you can't post a bond, then you can send a $5,000 security deposit via cashier's check or money order. When we verify that the funds are good, we'll contact you and you can start the work. After we have verified that you've solved the problem and you're not working some kind of scam, we'll return your deposit within 30 days. Now, here's the address where you can send the..." (click)

    I don't get those calls any more.

  10. Larry · 200 days ago

    "Punishment" like this is nothing more than a tax on the illegal operation. It's the government skimming a bit of the profit.

  11. LisaH · 200 days ago

    I got one of these. He said I had a problem with my Windows. I knew it was a scam, I use a Mac. I wasn't busy, so I wound him up for about 30 minutes to keep him off the phones. "The IP address? Is that the one with the dots in it?..."

  12. Anonymous · 200 days ago

    This scam is still going on, we have received several calls, even as recently as last week. I just hang up.

    • Paul Ducklin · 200 days ago

      That's our recommendation. The only thing you know about these guys are that they're crooks. You don't know whether they're cold calling you or have an illegally acquired list (even if it's just names and numbers). So there is nothing in it for you to gain by winding them up, but possibly something to lose.

      To explain this advice, and in order to set it down so you can pass it on to friends a family, we did this:

      https://soundcloud.com/sophossecurity/avoiding-fake-support-calls

      • Anonymous · 200 days ago

        "So there is nothing in it for you to gain by winding them up, but possibly something to lose."
        But what is there to lose? Winding them up and toying with them doesn't gain the individual anything, but wastes time and money of the scammer making the phone call, possibly saving someone else from receiving the scam call (at least for that day)
        Personally I love wasting their time, when I've nothing better to do, especially when you turn it back on them that you know more than they do..

        • Paul Ducklin · 199 days ago

          Have you listened to the way some of these scammers behave (and the threats they make) in recordings people have published who *have* tried to wind them up?

          Any, don't forget, if they got your details from an illegally-acquired contact list - imagine it was bought from an unscrupulous mobile phone operator in a country where SIM cards require formal registration on purchase - then they might actually know where you live.

          I hear the argument that it wastes their time and "saves" someone else, but as I assume these guys are paid on results, any scammer who stays on the phone when he could have moved on to the next guy is probably going to get sacked (or leave through earning nothing) pretty soon anyway.

          Best way to avoid punch? No be there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.