An unholy alliance - Fake Anti-Virus, meet Bogus Support Call!

Filed Under: Fake anti-virus, Featured

I'm sure you're familiar with fake anti-virus scams, or scareware.

That's the stuff that pops up, usually while you're browsing, to warn you about potential security risks.

Would you like a free scan?

Of course you would, and of course there are threats: viruses, spyware, dangerous cookies, sometimes dozens of terrifying malware items that your current security software must have missed.

Would you like to clean up (recommended)?

Well, why not?

Hmm. The cleanup isn't free: you have to pay, but when you do, all the "threats" magically disappear.

Of course, there's no magic, just deceit: the software simply stops lying to you about threats, and sets a configuration setting to remind itself, "This victims's paid up, pretend they're clean."

And I'm sure you're familiar with fake support call scams.

Your phone rings, and it's a surprisingly pushy chap who claims to be "working with Microsoft," or something like it, who has spotted suspicious network activity emanating from your PC.

"Would you like to do a free check for viruses, using diagnostic software built into Windows?"

Of course you wouldn't - who on earth does this guy think he is, calling you out of the blue? - but he's not taking no for an answer, and it's free, and you've got a virus, and what if you get sued for infecting other people, and...

So you reluctantly do the diagnostic test, and of course there's a diabolical virus that your current security software must have missed.

"Would you like to clean up?"

You do? That'll be $275 please. But, look! That terrible virus has gone!

In both cases, you've been offered advice you weren't seeking, from sources you didn't know, that used scare tactics to trick you into paying money for absolutely nothing. Deceit, extortion, fraud.

But it's not all plain sailing for the scammers.

The problem with the cold callers is that, by and large, they're hideously rude bully-boys who sound just as dodgy as they are.

Click. Down goes the phone.

And the problem with scareware popups is that people are getting wise (or at least inured) to their fanciful lies.

Click. Away with the warning dialog.

So it was amusing to have my attention drawn, thanks to Naked Security reader Alain Roy, to a scareware campaign that deliberately, if rather haplessly, tries to fuse these two approaches.

Don't waste your time calling 10,000 people until you find one who is scared enough that you can intimidate them into paying up!

Pre-select your victims by getting them to call you:

(Windows must be more pervasive and perspicacious at finding scareware than I thought - that's Safari on OS X!)

Then you get the traditional bogus security scan you're used to from scareware:

And there's even the legalistic smoke-and-mirrors like the cold callers use. (You'll notice that they hardly ever actually say outright that they work for Microsoft - it's always with Microsoft, or in Windows support, as though that somehow mitigates the arrant dishonesty of everything else they tell you.)

Well, now you know.

The scareware dialog is "not to be taken literally," and has been "modified in multiple ways."

Of course, on the real fake site, the disarmingly accurate Terms and Conditions appear in about 6-point black letters on a dark blue background, and the main way the "story" has been "modified" is to remove all vestiges of truth...

...but it nevertheless brought a wry smile to my weekend.

Dealing with fake support calls

If you have friends or family who have been pestered to the point of worry by fake support callers, here's a short podcast you might like to get them to listen to.

We make it clear that these guys are scammers (and why), and offer some practical advice on how to deal with them.

Listen now:

(05 November 2010, duration 6'15", size 4.5MB)

, , ,

You might like

28 Responses to An unholy alliance - Fake Anti-Virus, meet Bogus Support Call!

  1. kim Adie · 840 days ago

    I live in France, and use a MacBook Pro, and I received one of these calls last month. I started believing them, but thank goodness my suspicious side kicked in and realised it was a scam before I gave them any passwords or money!

  2. dave · 840 days ago

    What I do is ask what my OS is when they tell me they have found a "problem" on my computer. Then what is my ISP, I have kept them talking for over 20 mins without telling them anything. They pay for the call

    • Paul Ducklin · 840 days ago

      Our recommendation, in the podcast, is not to bother, on the grounds that the very best outcome from staying on the phone with a crook is nothing.

      There is something to be said for the fact that they can't harrass anyone else while they're stuck for 20 minutes with you, but I still think that an immediate hangup without so much as a word is your most effective result.

      Winding them up is IMO a bad plan, especially when you ask yourself, "Where did they get my number? How much do they know about me? Why do I want to risk being in any sort of interaction with them?"

  3. I get multiple calls a week from Indians claiming to represent some computer support center or other and I'm heartily sick of them. I keep thinking I want to get an air horn and blast it into the phone whenever they call, but I'm afraid it will break my phone. Any tips?

    • Paul Ducklin · 840 days ago

      You might break your own ears. You won't break theirs. I don't recommend an air horn.

      The only thing I can think of (and what/how to do it depends on your jurisdiction) is that if a local number comes up as CLI (Calling Line Identifier, or Caller ID in North America), report it to the relevant telecomms ombudsman,

      The local number is likely to be some local "short stop" service (those are companies than give you a local number to make/receive calls and then route those calls overseas cheaply).

      The local provider probably has no idea what sort of scam is being perpetrated using the service, so if you have a regulator that will make sure they *are* aware, they might cut the crooks off, so the crooks will have to go somewhere else, and that will at least be a hassle and might even cost them money...

  4. Warren, F1 Systems · 840 days ago

    Colorado, USA. I have many senior customers and hear reports of these calls 4 or 5 times a month. I warn folks to spread the word that the bad guys are targeting seniors with these calls, in fact I have never had one reported by anyone who was not from the IBM Selectric generation. The callers reportedly have said they were Microsoft, Google, or Norton. All reports have the callers being extremely aggressive. I am glad to say that most of the reports end with the customer saying, "Then I pulled the plug." However, these callers are so aggressive that many of these folks let them into their computers before they they could extricate themselves. Each of those machines has had VNC left behind but no sign of them installing anything else, They do not appear to me after anything more than an overpaid unsolicited support call. Let's hope it stays that way.

    • Paul Ducklin · 840 days ago

      Hang up right away. Simple and effective.

      As far as I am aware, this isn't a Selectric (luxury!) Generation thing. The crooks seem to be utterly egalitarian in whom they target...if it's a working phone number, and someone answers, they'll try their "pitch".

  5. I've heard of people being told they have a virus when they don't even own a computer. I've been called countless times and they will not leave me and family alone. Do you have any ideas on how to rid of them? By the sounds of it it might be run from a call centre in india.

    • Paul Ducklin · 840 days ago

      See my reply to @Jennifer Evans above.

      There isn't a lot you can do.

      Australia, for example, has a strict "Do Not Call" register, but these guys don't care, because they're outside Aussie jurisdiction, and they call anyway.

      I really don't know what to suggest. If you're desperate, perhaps you could write to your MP (Congressman, I think they're called in the USA) and ask politely what he or she thinks? Maybe get a bunch of friends to do so, too?

      This is a global pestilence...perhaps it's something the dipolmatic service could take on? Y'know, make it clear at a government-to-government level that this is creating a pretty poor impression worldwide...and perhaps [offending nation's] regulator might consider rattling the scammers' cages a bit, no matter how legit those scammers might claim to be...

  6. I've seen these a lot!

  7. Ruth · 840 days ago

    We got a call like that. I told the guy to wait a minute while I handed the phone to my husband, and IT specialist. He told the guy "I'm in tech support, and I'm calling the police if you don't hang up right now." Click.

  8. Denise · 840 days ago

    Just got my third call in 3 days from these hackers. My caller ID has said "Private Name" and "Private Number". All three times it sounds like someone reading from a printed script that speaks English so poorly when you interrupt them they have to start over.

  9. Jeremy · 839 days ago

    Only had one of these calls and I said get stuffed or i'll put a virus on your computer. They instantly hung up, simple and effective.

  10. Kent Dorfman · 838 days ago

    and you've got a virus, and what if you get sued for infecting other people, and...

    Really? Are there people actually stupid enough to believe that they will get sued?

    • Paul Ducklin · 838 days ago

      Not stupid, just fearful.

      People get sued (apparently) because they've got some dodgy music downloads on their computer. In fact, they may even end up in criminal procedings. Some ISPs cut customers off if they have zombie malware and don't fix the problem after N warnings.

      So why it is so far fetched (or stupid) to imagine that you might face some sort of legal sanction if you've got a virus that is affecting others?

      Or are you saying that people are stupid because they might get infected but not notice for a while?

      It's easy to accuse other people of stupidity simply because they've misunderstood something that just happens to be obvious to you. (Everybody's got 6/6 vision when they know what they're looking at.)

  11. Diligence is the key to any security, ask yourself the question, "Why are these people calling me"? Everything in life comes at a price!!!

  12. Daz · 838 days ago

    When they call, simply say that's odd, i am running linux, how could it have a windows virus.

    They won't go any further than that

  13. Steven · 838 days ago

    Hang up the moment you realize who they are - does work, my caller ID shows an arab country - Suez Canal, Ismailia, Egypt or spoofed caller iID numbers

  14. Randy · 838 days ago

    I got a phone call from a guy with a heavy Indian accent who claimed his name was "Matthew". He said I might be infected. I was bored so I thought I'd play with him. I went through all his instructions asking him to repeat what he said several times. Sometimes I told him my computer was slow (I went and got a Coke while he waited). I had him going for about half an hour. I figured at least I kept him from ripping off three or four people due to the time I wasted with him.

  15. Rory · 838 days ago

    I get alot of these calls and the caller id displays a line of zeros and no other numbers, so it would be hard to report that call. I now have an answering machine and they never leave a message on it. Peace at last.

  16. Chris Mac · 837 days ago

    I had a call from one of these jokers the other day, when he asked if i was the owner of the computer I asked him to hold and transferred (Fake hold and transfer that is) and when I came back to him I replied " Central Intelligence Agency, international Computer Crime Division agent Jones (not my real name) speaking, Please start with your name and date of birth" The caller hung up! Cheeky Bugger!!

  17. Both sides · 837 days ago

    A recommendation I have sometimes seen posted is to forward such calls to the tekephone number of the business office of your local representative/MP/congressperson.

  18. Stacie · 837 days ago

    A couple family members have had these calls, one had worked for an ISP and the other is fairly computer savvy so nothing came of them except the callers both were laughed at and hung up on. The bad part was the calls came on their cells. Makes me wonder where they got the numbers.

  19. Dr. Semantix · 837 days ago

    The disclaimer says " a true story". Apart from the other obvious clues, the phrase "based off" is an immediate giveaway. There's no "based off" anything. The correct phrase is "based on".

  20. Dinadan · 836 days ago

    I tend to tell them my computer isn't switched on and unfortunately it takes a long time to boot up and do they mind waiting.

    If they are still hanging on, I tell them the computer screen went blue, agree it must be the virus they were talking about, and do they mind waiting again.

    I haven't personally tried this (and it's probably banned under the Human Rights Act), but I'm sure the nice man from India would really like to hear a small child singing the Wheels on the Bus or similar whilst waiting for daddy (or mummy) to get back to him

  21. rojar · 751 days ago

    Thanks for this important information. about fake antivirus tech support

  22. Fjardeson · 437 days ago

    A few good ones I've heard for dealing with these dirtbags:

    1) If your company has really bad music-on-hold (ours does), say "Just one minute, I'm on another call". Put 'em on hold and see how long they survive.

    2) Have a young child? Hand the phone to them and let'er rip.

    3) Same as #1, but make your own on-hold music with Windows Media Player or your smartphone. "Afternoon Delight", "You Light Up My Life", or anything by 50 Cent works well.

    • Paul Ducklin · 437 days ago

      I don't approve of spammer and scammer baiting, as I think you end up lowering yourself to their level, which is bad for you and a matter of indifference to them.

      But I am aware of the argument that they only have 60 minutes in every hour, so wasting their time might spare someone else, so if you are determined to go down the holding music route, I think you need a track like Greensleeves Loop played on an original Casio VL-TONE (112'45").

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog