Pity the poor employees of companies like “Windows Technical Support” — scammers who make money by “fixing” computers that were never broken in the first place. For the people who pose as Windows support technicians and cold call unsuspecting victims to warn them about bogus viruses, life is good as long as they can wrangle credit card numbers and remote PC access from the gullible.
The scammer — who is generally from India but claims to live in the same country as the victim — tells whoever picks up the phone that their computer has been identified as having a virus. The scammer directs the user to look in the Windows Event Viewer, which shows a generally harmless list of error messages, and then says that this is a sign of serious infection. From there, the scammer convinces his mark to install a piece of software allowing remote access into the computer to clean up the problem, and to pay several hundred pounds in fees for the service. It’s often known as the “ammyy” scam because users are sometimes directed to www.ammyy.com to install the remote desktop software.
Not everyone falls for it. The US Federal Trade Commission (FTC) didn’t, last week busting six fake tech support companies with names like Virtual PC Solutions and PCCare247 after having undercover agents pose as victims. Ars editor Nate Anderson didn’t fall for it, either, playing a helpless victim on the phone for 15 minutes before revealing that he knew what had been going on the whole time.
But the serious “scam trolls” elevate scammer-baiting to an art form, sometimes wasting as much as two hours on the phone as they see just how long a scammer will stay on the line. The tech support scam is an international phenomenon, and the scam trolls likewise come from across the globe. Many record their interactions with the scammers and post them for the world to hear — and learn from.
While some troll scammers as a public service to prevent people from being victimised, others are simply out for laughs. Case in point: a person calling himself “Ted” kept a scammer on the phone for nearly two hours, recording the last 43 minutes and posting them to SoundCloud last week.
A good troll is a prepared troll, and Ted was ready. He dragged out the call by pretending to connect his Windows 95 and Windows Vista computers to CompuServe via dial-up internet, by providing an expired credit card number, and by providing absurd answers to basic questions.
Ted spent much of his call pretending to struggle to connect to the internet. “OK, so you want me to connect to the internet with this. God, it’s an hour and eight minutes we’ve been on the phone, this is taking forever. All right, hold on, so this is called — I need to connect it to the phone. It’s called an acoustic coupler…
Hold on one second. All right, it’s not connecting to my CompuServe account for some reason. Let me try my AOL account, hold on.”
Ted switched back and forth between his Windows 95 and Windows Vista computers. On Vista, Ted claimed he couldn’t follow the scammer’s instructions until he finished installing the non-existent Service Pack 3 (Vista only has two service packs).
Ted asked the scammer if he could make his Windows 95 computer run as fast as his Windows Vista one, and professed his desire to be a good citizen. “I want this machine to be secured, for sure,” he said. “And I don’t want my machine being dangerous, for sure, I mean that would be bad, that would be very bad, I don’t want it to be bad, I want it to be good. I’m a responsible internet user, I don’t want to be some of these hacker types that infect the web and stuff like that.”
Incredibly, the scammer continues as if Russell had said nothing at all, saying “OK, thank you for your time, we will be waiting for you. We will be open nine to six. Any time you feel you can just visit us and speak with the server team, OK?”
But Russell wasn’t done. “That’s all you have to say?” she added. “You don’t have any kind of regret that you’re preying on people who don’t have computer knowledge, that you’re picking on elderly people, that you’re trying to scam people? I know for a fact you’re not going to just charge £80, and actually what you’re doing is not removing a virus. You’re just deleting a few broken files from installations and service updates… Don’t you feel bad?”
The scammer hung up.
The internet gets angry, and clever Russell is not the only one to get aggressive with a tech support scammer. Just last week, a British man living in Germany named Steve Paine allowed a scammer to install remote desktop software on his computer so he could obtain the person’s IP address. “Just to let you know, the call is being recorded here, and I’m a journalist and also a security expert,” Paine told the scammer. “And I have also been communicating at the same time with some people who are on the internet, this has been streamed live on the internet. And I now have your IP address, your name, and your company name, and I will be following this up as a security issue because I believe you have tried to hack my computer. Do you understand what I’m saying? Hello?”
On the lighter side, one reddit poster named aveilleux really wanted a tech support scammer to call him. Waiting for such an occasion, he had prepared an unpatched Windows 2000 virtual machine and a flash drive filled with viruses. After toying with the scammer by pretending not to know what a keyboard was, he let the “technician” take remote control over the system. He put the viruses in an archive titled “bank_data.zip” and put some you-will-want-to-scoop-your-eyes-out pictures from a notorious subreddit into a file called “passwords.zip.” He recounts what happens next:
Naturally, the guy at the other end of the line grabs passwords.zip and bank_data.zip and uploads them to a fileshare server. (Why he didn’t just use the LogMeIn VPN is beyond me.) I make a note of the deletion links. This takes maybe 45 minutes (I have a fast connection). After that’s done, he snags some files from \WINNT\ (to grab registration info and such; of course, the system’s data is all incorrect). I get a call from Jason [the scammer]. “Okay, Mister aveilleux. We have all the information we need and we’ll be back in touch with you if we need anything.” “Thanks much, Jason. I hope you enjoy my data as much as I did.” “I’m sorry?” “Never mind. Goodbye!”
One Ars commenter with the username Albatron reports getting in on the action, feeding the scammers an elaborate set of lies. “The ‘Expert’ directed me to install TeamViewer, which I did. I let him into my PC and watched him open Event Viewer and show me all the messages. While he was telling me about the dangers of all the harmless debug messages in Event Viewer I pulled up an elevated command prompt, ran ‘netstat’ and copied down the results,”
Albatron writes. “By then he had stopped talking and was asking me what I was doing. I told him I was ‘backtracing’ him and that I was
‘behind 7 proxies’. I also told him I worked for the FBI as a DBA (none of which has a shred of truth). He told me he was only 17 and had been working at the company for just 14 days. I asked him where they were based out of and he told me Orlando.”
The tao of the Troll Are those who troll the scammers performing an important public service? While we hope the FTC crackdown has a chilling effect, we’ve already seen “Windows Technical Support” squads continue to operate as if nothing is amiss. If they’re making tens of millions of pounds, as the FTC claims, why would they stop? Ultimately, they’ll keep right on scamming until no one is gullible enough to fall for it anymore.