Sophos Cloud Optix
When his phone rang and he began to listen to the crook on the other end, Jakob Dulisse wasn’t fooled for an instant by the “Microsoft tech support” scam.
The con artist claimed to be calling from California.
But when Dulisse stayed on the phone, calling the person a thief and a scammer, it turned a lot more vicious than most of those calls do, with the crook threatening that he had Dulisse’s address and would send assassins to kill him.
The call grew homicidal after Dulisse accused the scammer of trying to install malware on his computer that would steal banking information, passwords, and PayPal credentials.
You can listen to excerpts of the call, which Dulisse recorded, at CBC News.
Beyond what’s in that excerpt, Dulisse – of Nelson, British Columbia – told the news outlet that the caller threatened him about “Anglo people” getting treated like stew ingredients when in India:
He started getting kind of nasty and angry.
He admitted that he was in India ... and then he said, 'If you come to India, you know what we do to Anglo people?' I said, 'No.'
He said, 'We cut them up in little pieces and throw them in the river.
The scammer claimed to know Dulisse’s full name and address, telling him he would send someone to his home to kill him.
Dulisse said the threats, albeit chilling, sounded more like a ploy to get him to cooperate, rather than something to take seriously:
He was still trying to get me to do what he was trying to do with my computer. He was actually threatening me as a tactic.
Fake tech support scams like this one net criminals lots of cash from victims who believe they’re talking to legitimate tech support representatives.
The scams follow a fairly standard pattern: victims get a call out of the blue from a scammer posing as a technician, either from Microsoft, another company or an affiliated support firm.
The crooks then persuade their victim to check out alerts on their machine, usually via a standard, built-in tool such as the Event Viewer in Windows.
There, the target views alerts that are actually perfectly normal, trivial error messages, but which the lying huckster claims are serious signs of horrific malware infection.
The caller may also try to get their target to grant remote access to their machine, so the scammer can demonstrate the made-up “danger”.
From there, the victims are pressured into allowing installation of software, usually free security tools but occasionally malware, and then have to pay for the tools and assistance – a pricey prospect that can bleed them of anywhere from £35 to £150 (roughly $60-$250).
It may be tempting to waste scammers’ time by pretending to go along with their ploys.
Granted, doing so can provide a fascinating look into how social engineering works in these support desk scams.
But we urge you to refrain. It’s far safer to just get off the call as soon as possible.
Bear in mind that Dulisse isn’t the first to have been threatened when these phony tech support calls turn nasty.
One such case was when New Zealander Sean Flintoff answered the phone at night.
When he resisted the call from a “computer support” guy from “Windows”, the caller threatened to rape his wife – even though Flintoff was recording the call.
Maybe the crooks are relying on customer lists illegally acquired from other call centres. Even if the scammers are cold-calling by just flipping through the phone book, that still means they know your address – not a comforting thought.
Nothing good can come from playing with crooks. You have nothing to gain.
Or, in the words of Sophos’s Paul Ducklin, don’t buy. Don’t try. Don’t reply. Just get off the phone ASAP!
As Sophos Senior Technology Consultant Sean Richmond noted in a Sophos podcast about avoiding fake support calls, if you manage to get a number to call a scammer back, you can report it with a call to the authorities.
(Audio player above not working? Download the MP3, or listen on Soundcloud.)
Here are some places to report scammers:
- In Australia: The Australian Competition & Consumer Commission’s SCAMwatch.
- In the UK: ActionFraud, the UK’s national fraud and internet crime reporting centre.
- In the US: the Internet Crime Complaint Center, at IC3.
Image of tech support courtesy of Shutterstock.
I have also been affected by a customer support scam. Actually from both “Microsoft Tech Support” and “Apple Tech support. Our home has both products.
The first time was with “Microsoft” and I took the phone call over, told them they were lying, that they were a scam and to take us off their list. It is definately coming from India(Both times were at least Indian sounding techs). They also asked us (We are in Germany) if we spoke English first (A MAJOR HINT OF A SCAM!)
The second time was exactly the same, except from Apple. I didn’t hang on, told them I didn’t call them, I wasn’t going to do it because it was a scam and to stop calling and hung up also said put us on the Do not Call list.
They ALWAYS want remote access to the computer to FIX it… No way…. Not ever from someone I didn’t call.
I use one rule of thumb, if I need tech support I CALL TECH SUPPORT, they do not out of the blue call ME….. If I didn’t call you, write to you or ask for you, you do NOT have my best interests in mind and forget getting anywhere NEAR my info.
Think, the biggest thing is to always think first, ask questions and if they will not or can not answer them, do not give into their requests.
I’ve found that “Can I have your credit card number?” has become very effective at getting these callers to hand-up immediately, they seem to have been told to react this way, with no discussion.
I had one of these. There were several red flags (especially as I had just read a security alert that some of them were calling from US numbers, instead of international ones.
1> Indian Accent.
2> Windows Support
3> Called my cell phone
When he started with “I am _____ from Windows technical support calling because our servers report that your computer has a virus.” I just kept saying either “No, you’re not.” or “No, it isn’t.” until he hung up.
My cell phone isn’t linked to my computer on any documents I may have submitted (warranty, site registration, etc.) as both are company resources.
I always wondered if I asked what OS I was using how they’d respond. Not worth the trouble, though.
Oh my god! That’s got to be the most polite potential scam victim I’ve ever come across. How does he keep his cool like that when he knows he’s talking to a deplorable human being? I wish I could keep my cool like that guy.
I’ve found that speaking very softly for the first few minutes whilst tagging them along and then screaming as loudly as possible into the phone gets them quite worked up and issuing similar threats of rape and murder.
Anyone who takes these even remotely seriously needs to get a grip on reality, These are the poorest of poor living in rubbish countries, you really think they are going to have the resources to get an “assassin” in a foreign country.
Give me a break!
I am in Canada and fequently get calls from these scammers. It has got to the point that if I see a phone number that I don’t recognize, especially one that is obviously coming through a computer (they are easy to spot), I just don’t bother answering. When they first started and were a bit entertaining to me, I did frustrate on caller to the point of him exclaiming that he was going to send a male prostitute to my house. I laughed and told him to bring it on if he could actually find out where I lived. Not the response he was looking for. I geuss as an Indian man he assumed this was the most shocking thing he could say to a woman. I have been getting these calls for about five years or so now. If I do accidentely answer one of them, I quickly tell them not to bother because I run Linux, not Windows, which is the truth. I have found that it is pointless to engage these people. I can always hear what sounds like a lot of similar calls in the background, so there must be whole call centers dedicated to this scam. To keep from gettin too angry I try to think about how tough things must be for these people that they have to resort to this kind of employment. For the most part they probably aren’t bad people, just desperate. From their perspective us rich westerners should be able to afford loosing a few bucks…….Unfortunately this is not true. This must be a profitable scam for it to have run for so many years. Thank goodness I was aware enough not to be sucked in by the extreme scare tactics that were used on me when I first started getting them. Good luck to others.
“If I see a phone number that I don’t recognize, especially one that is obviously coming through a computer (they are easy to spot) …”
I am in the U.S. and get robo-calls every day and I’m sick of it. I block the number of the robo-caller after he/she/it stops ringing, but this is just playing whack-a-mole. I don’t answer numbers I don’t recognize, but I am always afraid I might block the occasional legitimate call.
How are you able to spot a computer-generated phone call?
Whack-A-Mole: excellent metaphor for trying to block robocalls. It’d also apply quite well to reactive firewalling of 4 billion IPv4 ssh clients.
2.52 (Demographics Mac users) hilarious
One or two people didn’t quite like that bit, back when we recorded the podcast. They made sure to tell us, too, as you can probably imagine 🙂
I got the same call from “Microsoft Tech Support” saying that my computer reported a problem. I told the guy that I knew it was a scam and not to call back. He told me “go fu*# yourself” and hung up. About 10 minutes later I got another call. They keep insisting “don’t you want your computer fixed?” Etc. Etc. Etc… I told her to take my number off their list and don’t call back. I haven’t been called since.
If I have the time, I like to start asking them how much they are making and if I could get a piece of the action. Also that my other “businesses” need covering with something a little more innocent like a phone scam. 😉 I hint that other callers are making quite a bit more then they are.
They usually hangup and I find that no one calls me back in a long time. 🙁 I also troll bullies and trolls online. 35 years ago it was trolling BBSs and starting flame wars. Good times.
I don’t agree that one shouldn’t mess with them. I applaud anyone who do.
Whatever you do, waste their time for an hour, end up hurling racial slurs on them, it doesn’t matter. Scammers are subhuman and exempt from basic human dignity, so whatever you can come up with, there’s no moral concerns.
At the very least one might succeed in making them feel bad and humiliated for a while and although that’s minor and not likely to deter them any, at least it’s possible to inflict some pain on them.