Criminals are a tricky bunch. One of their favorite scams targets those who own a computer, but lack any real technical knowledge other than how to browse the Web.
The scam starts with a call that warns of problems, and immediately offers to connect you with a Microsoft support staffer. Their goal is to remotely control your system and install malware and rogue anti-Virus software.
When my phone started to ring on Wednesday evening, I was busy researching a different story and I didn't immediately recognize the number. Normally, those calls are ignored. However, curiosity got the better of me so I answered.
MORE ON CSO: Six Social Engineering tricks that can be avoided if you're careful
The call came from 949-000-7676.
The voice on the other end was digital, warning me that my computer was sending bad traffic to the Internet. In order to address this, I'd need to press one on the keypad and speak to a Microsoft support representative who could fix the problem.
The full recording of that call is below.
Please note: While the recording will be amusing to some, it's offered up here as a learning tool. Under no circumstances should you engage the scammers. Do not let them connect remotely, and do not input commands on your system as instructed. In fact, the moment you hear the automated voice warning you about problems, hang-up the phone.
Microsoft will never – ever – call you and offer a remote scan to fix something.
The scammers know that Microsoft is a household name and there is immediate trust associated with it. Remember, their primary victim is someone who knows the name Microsoft and nothing else. That lack of knowledge is central to the scam's overall success. By the time the call is connected in most cases, the game is over and the scammer has won.
When the call started, I pretended I couldn't hear the woman on the other line. In fact, I asked if she could call me back to help me address the problem, because the phone I was using was low on battery power. I gave her a throwaway Google Voice number to use, and when she called back I immediately started recording.
Honestly, I cannot believe she bought my flimsy excuse. Within seconds I had turned the tables and had her following instructions. Isn't the scam supposed to work the other way? But I digress, back to the story.
First, she wanted to prove there was a problem. To do so, she prompted me to open the System Configuration
application on Windows. It's hard to hear in the recording, but what she's telling me is that under the services tab – all of the applications reading "Stopped" are proof that there is a problem.
She uses a mix of technical terms and meaningless phrases, but that's because the script she's reading isn't geared towards a person who knows that wires have nothing to do with the fact that Bluetooth Support Service isn't running. It's written to coach a person who would believe what she says without question.
After I accepted her proof, she prompted me to download Team Viewer (a remote connection tool). It's interesting to note that she wanted me to download an outdated version of the software.
Again, please never let the call get to this stage .
Never download something just because someone on the phone told you to. I only did so because I wanted to have the entire scam recorded.
After I downloaded the outdated version of Team Viewer, she connected. It must have been frustrating for her. She couldn't gain control over the system due to the fact I disabled her inputs once she connected. (She could see my desktop, but couldn't access anything, as the keyboard and mouse were still under my control.)
On the screen, I posted a simple note as my desktop background in large font:
I am a security researcher, and you've been busted. But nice try. -)
I ended the call explaining that it was recorded for security purposes and that she was about to become headline news.
Seconds later she called me again. I recorded that too (see below), but all she wanted to do was tell me that she had my details and that I was going to be hacked.
Pity, I liked that virtual machine, now she's going to "hack" it.
If you're concerned, the CSLID is meaningless in this case, and cannot be used to hack the system she was able to see during the call.
So, to recap: Microsoft will never call you. Calls from anyone claiming to be PC Repair, Microsoft Support, PC support, or any other technical service that you did not authorize to call you beforehand are scams; pure and simple.
But if you've ever wondered what a Microsoft Support scam sounded like in its entirety, hopefully this post satisfied your curiosity. Feel free to spread this article around, the more people who can hear what this scam sounds like, the better.
Is it possible to determine if your Internet connection has been hijacked?