When I got "scammed"

An archived post from my previous blog, written in 2013.  This kind of scam is still being used today.

The good news is I didn't really get scammed, I knew what was happening and practically scammed them, however, if I entitled this "an analysis of phone scams" you wouldn't be reading it.

It was a bank holiday Monday morning, an ideal time to cold call as you know people are at home.  I received a phone call from "Microsoft" reporting there was an issue with my computer and that I might need a  new "security code".  This immediately set alarm bells ringing - Microsoft don't have my home phone number.  Moreover, the caller explained if my "security code" expired I wouldn't be able to boot Windows any more.  For those unfamiliar with Windows licensing, home users don't generally have a subscription based license (or didn't in 2013 anyway).

Pretending to know nothing about IT, I was talked into event viewer (eventvwr) where I was quickly shown "critical errors" with my computer.  Windows event logs always contain warnings and errors so this isn't necessarily reason for concern.  I allowed the caller to connect to a Windows 7 honeypot (consider this a trap computer) using Team Viewer.   This remote control application is free for personal use and I can assure you Microsoft don't use it!  There is a paid for version but the caller wasn't using that edition.

Next the "technician" ran "tree c:\windows" which produces a recursive directory listing - this runs for quite a while.  I was told if the text goes red my "security code has expired" and, surprise surprise, the text went red and stopped to display that my code had expired.  (I didn't actually see how they made the text go red, I must have looked away then).

While that's been running, a tool ("Advanced Windows Care") has been downloaded to my desktop to scan for problems.  A lot are "found" by the tool and the caller begins to discuss support maintenance plans ("cheaper if you buy the gold package for 3 years").  I began to "fix" things myself and was told I shouldn't do that as I might release the spyware.  Sneakily, the "technician" also runs "seckey" and sets a password.  Seckey encrypts the Windows account database, requiring a password at boot, and I have no way to know what this password is.

During this process I've pulled over the TeamViewer chat box and have quickly typed that I actually work in IT, know this is a hoax and that I also have an interest in IT security.  I get the impression the "technician" doesn't read English as they minimise the chat, despite me having alerted them to the fact they've been rumbled.

We continue...

A PayPal page is opened and I'm encouraged to pay £130 in order to receive a replacement security code and my support subscription of 1 year. My other option is to purchase a 3 year plan at $299.  A 2 year plan is also available and will cover 2 computers.  Very reasonable charges from "123 iSupport" (hold on, they were Microsoft earlier...).  I get passed to "Matt" in accounts.

"Matt" then takes another remote session using a free trial of LogMeIn Rescue.  During this time I reboot the computer and the password screen  pops up.  "Matt" was expecting that as "your security code has expired" (I'm expecting it because they ran "seckey") and tells me these passwords take 2-3 hours to generate as part of the security code system.  Clearly I now can't pay them because I can't get into Windows.   No problem - they ask if I have a second computer or if I can borrow one from a neighbour.  Explaining they weren't in and I had no other computer they offer to call me back tomorrow!

We're now 52 minutes into the call and I've spoken to "James" (the supervisor), an unnamed technician (albeit 1 way via chat) and "Matt" in accounts.  I decide this is time to call it a day.  I explain to them what a honeypot is, that they've been working in one, and that they really need to stop scamming people.  "James" then asks me to hang up and tries to convince me to do so for about 3 minutes (meanwhile I'm telling him he should hang up because I'm not going to).  Finally he hangs up.


Note: Microsoft do not make unsolicited, cold calls to tell you they  know about a problem on your computer.  Generally, they don't make cold calls to private individuals at all.

If you receive a call from a computer company, and you don't have a contract with any such companies, do not let them connect to your computer.  Just hang hang up.  Don't even begin to do what they ask you to do.