Sophos Cloud Optix
When I first heard about the CryptoLocker malware, I thought, “As cybercrime goes, that’s about as low as you can get.”
CryptoLocker is the neutron bomb of malware: it blows away all your data but leaves your computer and your software running just fine.
Then it says, “Pay us $300 within three days, and you’ll get your data back. Otherwise… [FX: PUFF OF SMOKE.]”
The $300 buys you the 2048-bit RSA private key needed to unscramble your encrypted data.
But, as low as CryptoLocker might have stooped, I soon decided that fake support call scammers actually crawl yet lower still.
Fake support calls
Fake support scammers are the people who phone you up out of the blue (whether you are on the Do Not Call register or not) and, not to mince words, scare you witless with a litany of lies about malware on your computer.
For $300 or thereabouts, the same price point as CryptoLocker, the scammers will fix your computer, but any “fix” you get is as honest as the “problem” you didn’t have in the first place.
Many people have told me that these guys don’t just call once if you fail to cough up the $300.
They often call again and again, with the calls getting more and more odious and insistent – outright threatening, by many accounts – and with no real hope that they will stop.
Dealing with the scam
It’s easy to say, “But all you have to do is hang up, so this scam could never work.”
But it’s also easy to see how a well-meaning but not very technically savvy user, especially someone without a network of family or friends to ask for IT help, could be menaced into paying up.
Imagine the questions that worried users might ask themselves:
- Didn’t the caller say he was from Microsoft?
- Didn’t he say that a virus on my computer was attacking his company’s servers?
- Didn’t he find evidence of it in my system log, just as he predicted?
- Isn’t most computer support done over the phone and online these days?
- Isn’t this the third time he’s called, with the symptoms getting worse every time?
- Can’t you get sued for a cyberattack because you didn’t have a virus scanner?
- Won’t it end up costing $300 anyway, or even more, if I go to my local shop instead?
Demanding money with menaces is what it sounds like to me, alias standover, alias extortion alias blackmail.
And these guys have your phone number!
With that in mind, it’s always a good result when fake support callers get brought to book, even if they end up with just a slap on the wrist, like Mohammed Khalid Jamil of Smart Support Guys out of Luton in the UK.
FTC takedown
So take heart from another small but positive outcome, thanks to the Federal Trade Commission (FTC) in the USA: Uttam Saha and Tiya Bhattacharya, who ran a company called Pairsys in Albany, New York, have been shut down by court order.
That may not sound like much, because all that’s happened is that they have to stop doing something that was dishonest, immoral and illegal anyway.
But in this case, the settlement with the FTC will see the scammers’ operation shuttered and their assets frozen.
Indeed, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said:
We are pleased that the court has shut down the company for now, and we look forward to getting consumers' money back in their pockets.
There’s a lot of money to recover: the FTC claims that the pair have pulled in about $2,500,000 in the past two-and-a-half years.
Is it a real punishment?
Of course, just giving the money back isn’t really a punishment for the crooks, because they weren’t supposed to have it in the first place.
It’s still a result for the FTC, however, so, “Well done, Bureau of Consumer Protection.”
But it does raise the question, what do you think courts should do punish fake support scammers?
Dealing with fake support calls
If you have friends or family who have been pestered to the point of worry by fake support callers, here’s a short podcast you can tell them about.
We make it clear that these guys are scammers (and why), and offer some practical advice on how to deal with them.
Listen now:
(05 November 2010, duration 6’15”, download size 4.5MB)
Image of retro phone courtesy of Shutterstock.
The only time I’ve ever gotten one of these calls, I just let them say their spiel, then replied, “I don’t think we need to continue this call” and hung up. They never called back.
I approve of that approach.
My personal recommendation, as you can hear in the podcast, is “hang up without a word early on,” but your way was polite (i.e. you didn’t lower yourself to their level) and unexceptionable (i.e. they’d be unlikely to click the “user has an attitude, call them again and offend them” flag in their call management software).
Baiting, winding them up, deliberately wasting their time, trying to outwit or embarrass them, recording their calls for smartypants value, and so on – understandable reactions, but all something of fool’s errands, if you think about it.
Doing anything antagonistic is especially not a good idea, as all you’ve got is their forged Caller ID, and they’ve got your phone number (which for land lines, means they’ve also got your address). My wife uses the same line she uses on any other unsolicited call: “Please take this number off your calll list. Goodbye.” Even for calls that aren’t honoring the DNC registry, this lets them know that they aren’t wanted — usually that’s all it takes.
Give me 15 minutes with them with a bucket of water, a car battery, and jumper cables. They’ll never scam someone again.
didn’t help when i tried that. dat mofo had too much body hair.
A fair punishment? Elevenfold money-back (as compensation for the stress, the fear, the embarrassment).
Consequence:
Those people with good lawyers will try everything to get on the call list of these “supporters”,
Or the ones called will offer their cases as lucrative business case to someone who can afford the investment of prosecution. Even a fity-fifty deal would give a return of 500%.
With such a risk, the support scam will dry out soon.
Family, friends and colleagues have been havingb these calls in the UK for several years, always withheld numbers, always an ‘South Asian’ voice, always claiming to be from Microsoft and always claiming your Windows PC has a serious problem. All that despite all being on the TPS and several are ex-directory!
We all just put the phone down – but they call back again. Last week my office of six people had 19 such calls! I do wish someone in a position of authority would find a way to punish these miscreants and stop this scam for ever.
Remember though, Microsoft do not make such calls without prior arrangements. If someone calls anonymously and unexpectedly claiming to be from Microsoft – they are not!
I wonder how many of the thousands of calls I’ve never answered were fake support scammers? I’ll never know, because my criteria for picking up a call are strict indeed.
There are all sorts of major charges that should be brought, including Wire Fraud, which by itself can be punished by up to 20 years in prison in the US.
I get one of these fake support calls at least once every 2 weeks. Increasingly the numbers are “unknown” so I ignore them but too many friends and family have fallen victim.
Why not just set the phone down and let them talk to air for a while. At least that will keep them from calling someone else for that time period. Of course you have to remember to hang up your phone after a while.
I usually encourage the people I help to hang up on these random phone calls. One other trick they are playing lately is having a web page pop up looking like the blue screen of death with an 800 number to call. What I usually end up doing is calling the number myself, collecting as much info as I can about the person, company, affiliations, and so on (they have answers for everything while your stringing them along…) then report them to the attorney general and the company they say they are affiliated with providing the info and screen shots. Not sure if anyone pays attention but at least I feel I’m doing my part. If even 1 person gets prosecuted or shut down its worth every minute i spent on it.
+1
One of my customers offered a clever solution. He politely informs the caller that he works for the FBI….no more calls.