By now, this scam should feel incredibly familiar.
The phone rings. At the other end is someone claiming to be from “Microsoft Technical Support”, or something similar. They’ll have a thick Indian accent, and an improbably Anglicized name, like “Richard Smith” or something.
They’ll then tell you that your computer has been compromised. This virus, they say, is so severe that even Microsoft themselves picked it up. The virus, they insist, will damage your computer and your reputation, as it will somehow intertwine you with the sordid world of child pornography and exploitation. But, there’s something you can do.
You can trust them, and give them access to your computer. They’ll then rigorously search through your computer, and install some software. Then, they’ll hit you up for an eye-watering sum of cash. The problem is, it was all a scam.
They don’t work for Microsoft. Even if they did, there’s no way they could possibly know you’ve got a virus. You’ve just given your money – and access to your computer – to someone sitting in a boiler room somewhere in Bangalore.
The Internet Fights Back
The fake tech support scam is one that’s surprisingly effective. It piggybacks off Microsoft’s good name and employs scare tactics, to catch tens of thousands in its snare, often for as much as $500 at a time. But people are fighting back, simply by wasting as much of the scammers’ time as possible.
The modus-operandi of many of these good-natured trolls is simply to pretend to be as dumb, tech-illiterate and hard of hearing as possible. One of the best known for this is Aussie security expert Troy Hunt, who once kept a phone scammer on the line for an agonizing 44 minutes and 26 seconds by pretending to barely know how to use a computer.
Others have taken to winding them up by giving them access to virtual machines beset with viruses, fake antivirus programs and dozens of browser toolbars, and watching them struggle.
Even MakeUseOf’s security editor Christian Cawley has taken a pop at them.
It’s a fun – and easy – sport. There are thousands of examples on YouTube and Reddit where people have taken these guys for a ride. But that’s not always a good idea. Trolling these tech support scammers can turn dark, really quickly.
“Do you know what we do to Anglo people in India?”
Jakob Dulisse is a wildlife photographer from Nelson, British Columbia, Canada. Earlier this year, he got a call on his landline.
On the other end of the line was a man with a heavy Indian accent. He claimed to be calling from Los Angeles, California on behalf of “Windows Technical Support” and said his name was Harry Stevens. Harry said Jakob’s computer was infected, and he needed to do something about it, right now.
Jakob isn’t stupid. Almost immediately, he realized that he was on the phone with a scammer. He’d seen the news reports, and heard all the warnings. So he played along, acting stupid and cooperative.
After he’d strung him along sufficiently enough, Jakob told him what he thought of him. “I think you’re a scammer, a thief, and a bad person”.
As insults go, it was pretty milquetoast. Canadian, even. But it provoked a furious reaction.
“It’s not like we’re living in India and we don’t have anyone in Canada. We have our people, our group, in Canada. I will call them and I will provide your information to them. They will come to you, and they will kill you.”
Jakob, decidedly unimpressed, reiterated that he thought “Harry” was a scammer and a bad person.
“I’m a killer, not a scammer. Do you know what we do to Anglo people in India? We cut them up and throw them in the river“
Firstly, let’s state the obvious. Nobody is going to kill Jakob, especially not for winding up a tech support scammer. It was a threat completely without merit. But I still don’t think it was fun to receive. It probably played on Jakob’s mind for the rest of the day, and deeply unnerved him.
Sometimes, it’s just better to put down the phone.
How Much Is Their Time Worth?
I’ve read, again and again, that you should keep these people on their phone. It’s a public duty, I’ve heard, to occupy as much of their time as possible, in order to ensure that their activities are as unprofitable as possible. But I’m not convinced by that.
I read a brilliant Forbes article the other day which looked the Indian call center industry. The average entry level call center salary in India is about $300. Now, suppose they’re working four, forty hour weeks. That means they’re earning an hourly wage of about $1.75.
Given that I’ve seen examples of these scams earning as much as $350 at a time, there’s simply no way you’re going to stop this from being immensely profitable.
Do You Trust Them With Your Computer?
Often, those doing the trolling will grant them access to a virtual machine that had been especially set up for that reason. These are, as the name suggests, virtual computers that run on top of an existing, real computer. What happens on a virtual machine doesn’t have any impact on the underlying computer, so they’re ideal for malware analysis, and other security-related tasks.
But it should go without saying that you should never, ever, grant them access to your real, main computer.
Troy Hunt, who we mentioned earlier, decided to follow a scam until its near-conclusion, and found that the remote access software used allows an attacker to remotely access the machine at any time. He also noted that you can never really know the intent of the software they install on your computer. While it might be an anti-virus package, this in turn might be a backdoor, or have some other nefarious purpose.
Freelance journalist Carey Holzman also found that when the scammers don’t get what they want, they’ll often resort to vandalizing the computers they’re on. The scammer Holzman dealt with tried to open the SysKey utility and set a system password. This would have prevented him from booting into his computer.
These aren’t nice people.
Take The Higher Road
There’s this Confucius quote I really like. It goes like this. “Before you embark on a journey of revenge, dig two graves.”
I genuinely believe that. I genuinely believe that it’s inherently self-destructive to get riled up, and angry. I genuinely believe that instead of picking a fight, you should just let it slide and move on. I genuinely think that picking a fight with a phone scammer is a bad idea, and you should just hang up.
And, it goes without saying, you should probably tell your family about this scam. Prevention is always, always better than a cure. If you, or someone you know, have been stung by this scam, you might want to check out this piece.
But what do you think? Would you troll these guys, or would you just put the phone down? Either way, I want to hear about it. Drop me a comment below, and we’ll chat.