Skip to main content

Windows Support Hoax

Keeping the hoax callers busy...

It's Monday morning, about 10am and I get a call on my land line. The lady explains that her name is Shirley and she's calling from Microsoft about a security issue on my computer.



Well, already I know it's a hoax and I know what 'Shirly' is going to ask me to do, it's the same old script but I do notice a few improvements this time that could mislead an unsuspecting user, even if you don't give over control of your computer. First up, she's introduced herself adding a bit of a personal touch, not sure if the criminals have been studying psychology or if by accident, but introducing yourself as a person with a name is known to help foster a false sense of trust. Secondly, she said she was from Microsoft. This is the first time I have heard Microsoft used, previously they have said they are from 'Windows' which is of course a product line, not a brand.

So I'm intrigued by how many other changes they might have made, and I feel it's my little way of helping the community by keeping their phone operative busy for as long as I can.

Shirley asks me to startup my computer. Well I'm actually working on my computer at the time but I don't tell her that, instead I startup VirtualBox and startup a virtual computer running Windows 7, I also startup a Linux Virtual Computer that can act as a TOR Gateway so I don't disclose my real IP details. Once up and running I tell Shirley that I am logged on and she instantly falls back to the old script; Click the Windows Key + R (this opens the RUN dialogue box) and type in EVENTVWR and press enter (Windows Event Viewer, this is where the OS and installed apps log events that help diagnose issues on your computer, NOTE: It's completely common for there to be 10's or thousands of log messages, with lots of red crosses and yellow triangles. If you are worried about anything you see in the Event Viewer, contact us and we can tell you if it's something that needs urgent attention)

I've duly opened up the event viewer and Shirley asks me to click on the FILTER CURRENT LOG and to tick the WARNING and ERROR boxes, this is another new part to the script, as previously I've just been asked to read out the NUMBER OF EVENTS listed at the top of the screen. With the log filtered, it's now a sea of scary looking error messages.

Shirley informs me that those are all infected files, this is a revert to the old script again. She tells me that unless I fix the files in 1 hour, Microsoft will cut off my computer from the internet and I will have viruses that allow people to access my computer.

Well, obviously I don't want a virus riddled computer that been disconnected from the internet, right?

But not to worry, just a few questions and install a file to connect me to the Microsoft central computer and I'll be fine to go about my business.

Shirley asks me if I use online banking, I say 'yes' and she asks me who I bank with. I don't know why but the first bank I can come up with is Deutsche Bank. I get asked a series of questions that will help 'them' find out where the viruses came from. In reality what these questions are doing is helping to build a list of information they need to get from me or my computer, and a list of files they will be looking for when they eventually get onto my PC.

How many people use the computer for online banking, online shopping or online gaming?
Do I use any other computers?
How often do I change my passwords?
Do i use the same password on many sites?
Do I have any antivirus software?
... and so on...

Log Me In & TeamViewer

Once I have given satisfactory answers to the questions, I am directed to the Team Viewer website and asked to download the app so they can connect me to the Microsoft Central Computer, which sounds very exciting. But I have to be quick as I might get my computer cut off soon (I have been trying to waste their time without arousing suspicion, so I gave VERY long detailed answers to the questions, including why I bank with a German bank (and my fictitious 2 years in Germany helping the Kremlin to move funds and gold into off-shore banks based in Panama) and asking for everything to be spelt out in the phonetic alphabet, but then mixing up my phonetic names 'H' for Hoax, 'S' for Scam)

So I start to download TeamView.... and then the internet breaks!! Virgin have an outage and I am left unable to finish the download. But not to worry, I have used TeamViewer lots of times in the past, I can bluff this!

I pretend the download has finished and I have installed the application, Sheila asks me to read out the 9-digit user ID (good job she told me how many digits as I couldn't remember!) "it's 456 123 789" I say, and the passcode "that's 654321" I tell her.... a pause, then "can you read that out again, it's says it's not recognised"

At this point, Sheila was hoping to log into my computer and take control over it. Probably she would have tried to make copies of the files in the folder called "Bank Account Details" (the contents of which are two word documents, one infected with the EmpireMonkey macro script that renders the boot disk of the infected computer unbootable, the other is full of apparently random data that spells out "Who watches the Watchers" in long hex) and look at my online history, maybe install a cryptoware or keylogger virus and setup a backdoor so others could log on in the future.

But instead she spends about 20 minutes trying to figure out why the number I have given her is not working, which is not helped by me changing the numbers around each time.

Eventually she gives up and moves onto www.support.me (Log Me In) again witout any actual internet access I know I can't start this, but I bluff and ask her for the session code, she gives me a code and I write it down, making a note of the exact time so I can email t to the LogMeIn abuse email account once I have access.

I manage to make this last another 10 minutes before saying that my computer is restarting after doing Microsoft updates. Shirley is getting quite impatient with me now but doesn't give up. She almost shouts at me that i am going to get my computer cut off and all these viruses are going to infect my other computers.

After nearly 2 hours (I think this must be some record) I am the one who 'admits' defeat, well actually I am getting peckish and feel I have done my bit for the day, so I ask Shirley if she can call me back after I have been to the pub, thinking she will cotton on at this point, but Shirley is not going to give in so easily. She tells me she will call me back after I have been to the pub!! and she does. But it's her home time now and she can't fix my computer today so she is going to call back tomorrow to try again.

Microsoft won't call you

If you get an unsolicited call from Microsoft, McAfee or anyone else telling you that you have a virus on your computer, it's most likely a scam. Take a note of the callers name and company name, and ask them for a phone number. Check out the details on line to put yourself at ease, or contact us and we will check up on them for you.

Don't ever go onto websites or download anything from people you do not know and trust 100%

If ever you think you have a computer virus, contact us and we can come to do a security checkup on your computers.


tinsleyNET IT Services Consultant
IT Support for small to medium sized businesses, home office workers and home users across the West Midlands and Shropshire.

Comments

Popular posts from this blog

Talk Talk Cyber Attack

Facebook Security Settings

2-Step Authentication Scam

Google Goes Sans-Serif

Everyone in the UK should have access to fast broadband internet by 2020