1

Well this is less of a question and more of a dialog I had between a telephone support person and myself tonight. Warning this is a long posts. This is kind of how the dialog went:

@Mods not sure which group this belongs in. Please move it if its in the wrong group

Hello this is [some Indian name he said so fast that I didn’t quite catch it] from Microsoft. Your computer has been reporting to us that it has errors and is infected. [He had a heavy Indian accent and from the background noise was in a call center somewhere. This raised my suspicion right away. For the rest of this I’ll just use the initials MS since he “said” he was from Microsoft. I am not implying that he was, just repeating what he said]

me: Really?

MS: I am here to help you clear these errors and help you remove the infected files because you own a valid license of Microsoft Windows. Do you have your computer near you?

me: No I just got home from work.

MS: Can you turn it on so we can fix the problems?

Me: [Begrudgingly I went and found one of my test computers.] I have it turned on now and I am logged in

MS: OK, now I can help you remove these bad programs.

me: That is good to hear. How did my computer get infected? I have an antivirus program on it.

MS: I not sure Sir, but I will help you fix the problems. Before I transfer you to a certified Microsoft support engineer, I need to check a few things. Look along the bottom edge of your keyboard near the left hand side for a key with a flag on it. Do you see it Sir?

me: Yes I do.

MS: OK, I need you to press that key with a flag on it and the R key at the same time. Please tell me what happens.

me: A screen just showed up with the word Run at the top

MS: Now I want you to type in the following letters. E - V - E - N - T - V - W - R and press the OK button. Now tell me what you see.

me: I see a new screen with the words Event Viewer at the top.

MS: OK Sir, along the left hand side you see words like Application, Security, and System

me: Yes I do.

MS: I want you to double click “click click” on the word Application. Now look down the list and see if you see any errors. These errors will have a red picture next to them. Look down the list; you may have to go all the way to the bottom. Do you see any red error messages?

me: Yes I do [he never asked what were they, but I was testing an application and I had a .Net error I caused while doing something yesterday]

MS: OK Sir now double click “click click” on the word System. Look down that list, you may have to go all the way to the bottom. Do you see any red errors?

me: [I scrolled down the list] Hey wait I see one with a yellow picture.

MS: OK, I’ll write that down keep looking Sir.

me: Yes I see some red messages there are a bunch maybe 8 or 10 of them.

MS: Sir that is the errors from people trying to install unwanted programs on your computer. Do you have an antivirus installed?

me: [my spidey sense is now going off] Yes I do.

MS: Do you have a free or trial installed or is it licensed?

me: I’m using AVG on my computer. [no reference given to free or paid]

MS: AVG is not a real good antivirus program. The error messages you see on your computer and the error reports we have tell us your computer is infected and should not be used until we repair it.

me: Really??? How do I fix this?

MS: I’ll transfer you to a certified Microsoft support engineer, but first I need to check one more thing. I need to verify your Genuine Microsoft License with the one I have on file. I need you to do the following. Press that key with the flag on it and the R key at the same time. What do you see?

me: I see a Window with the word Run at the top.

MS: Does it still show EVENTVWR ?

me: Yes.

MS: OK delete that and type in C - M - D and press OK what do you see?

me: I see a back screeen with some words on it and a flashing minus sign

MS: How old is this computer Sir?

me: I think we got it in 2007

MS: Good, I want you to type in the following A - S - S - O - C and press the enter key. What do you see now?

me: I don’t know a bunch of words just flashed on the screen. It moved too fast for me to see.

MS: No problem Sir I want you to look at the 3rd from last line tell me what it says.

me: (period) Zebra

MS: OK, Sir tell me what the last line is

me: (period) Zaptel

MS: Please look for a line ZFSendToTarget. Do you see that?

me: No [then repeated the search last line, second to last, third and so on. I didn’t at the time know what ZFSendToTarget was used for so I played a little senile]

MS: Look at the last line on the screen, does it say C:\Users and your name?

me: Yes [ok that was a lie I’m using XP on this computer, but this told me he had no clue what I was using and his instructions so far were very generic]

Ms: OK, lets do something else…

me: I responded this is getting to hard to do. I’m not sure what you are looking for! Maybe I need to just take it to a local repair shop to get them to fix it. [Understand I was on the phone for about 10 minutes now, I’m having a hard time bluffing without laughing and my daughter who was listening to the whole conversation was cracking up in the back ground.]

MS: He responded with: Sir we can take care of the problems right now, there is no need for you to spend a lot of time and money. I can help you with a simple fix.

me: I replied thank you very much but this is still way to much for me to understand, I’ll just take it to the Geek Squad and have them fix it. Thank you very much for your time [click].

I went through this exercise to try to see exactly what they were phishing for. I know Microsoft doesn’t make cold calls at home. I have NEVER associated a windows computer with my home address or given my home number to anyone other than Dell and HP on past purchases… hey wait…

I do have to admit he was very polite and pleasant. But, he didn’t have a clue which computer or OS I was using, he never asked or did I offer anything concrete. What if I would have grabbed my Ubuntu laptop? That would have been an interesting conversation. But the point was to see where this call would take me. I never divulged anything that would have been traceable to me or my computer. I was curious about what this critical “ZFSendToTarget” setting was. I turned on my trusty Google Fu for the answer. The very first item returned from my query was: “ PC Support Security Scams – ZFSENDTOTARGET CLSID Trick ”. Out of 12,000 results this was the very first item. Interesting!! That still didn’t answer why ZFSendToTarget was all that important. This link answered my query . ZFSendToTarget basically points to the CLID of the program used to read and write zip files. Not really related to my Genuine Windows License or really anything interesting. In hindsight I should have googled this ZFSendToTarget and continued with the ruse to actually see the end game .

Looking back on this his script was good, it was very generic and was designed to make me think something was really wrong with my computer. I really wonder how many people actually fall for this? The success rate must be fairly high since someone (somewhere) was paying this person a salary and paying for the 10 minute phone call.

This was the best part of the call: After I hung up the phone my daughter looked at me and said “He didn’t even follow the first rule in executing a SCAM. He didn’t know his target!”. After being shocked she actually said this, I thought about it… They did pick possibly the worst person to cold call and attempt to pull a computer scam on. What he didn’t know was I’m a sarcastic / techno geek / wise guy / who has been in IT probably longer than he’s been alive.

16 Spice ups
2

lol you should have put him on hold,

rang back the # he called you from,

joined teleconference calls together,

and repeated as necessary.

works great for telemarketers/bill collectors. I usually get about 8 of their agents screaming at each other…

4 Spice ups
3

that was a funny read… and educational too…

4

This is a fairly well know scan. Search Youtube for some videos people have made playing with these guys. I got a very similar call myself but I must admit I don’t have the same patience you do, I ended it by saying “Nice Try” and then hung up.

5

Interesting, I just received another call from what it sounds like as the same group/call center.

Hello I am “”, I am here for your Microsoft Windows checkup call.

me: I’m sorry I didn’t catch that. Would you repeat it? [he had heavy Indian accent, many times stronger than the first caller]

I am here to help fix the errors on your Microsoft Windows computer.

me: I’m sorry we only have Apple computers here

OK thank you [click]

I’m in no mood to mess with this today. I hope I didn’t start something I wish I hadn’t…

6

I had the same problem at our offices. Luckly the employee the sammer called refused to provide any information and escalated the call to me. The scammer didn’t get anything, but the number that showed up on our PBXs caller ID was a disconnected number which is a violation of federal law, so I filed a complaint with the attorney generals office (they have a pretty form to make it easy to file).

7

they now know your numbers live and you engage with them 4 times a day for next month :slight_smile:

2 Spice ups
8

This is too funny… my mom just told me a similar story on Christmas Eve. She was across the street at my 89-year-old grandmother’s house one night this past week. The phone rang & my mom was close to it so she answered it.

Mom: “Hello?”

Caller: “Good evening ma’am. I am [insert name here] calling from Microsoft. I am calling tonight because we have received notification that you have viruses on your computer & we would like to assist you in removing them.”

Mom: (knowing this is BS) “Oh my god… really?”

Caller: “Yes ma’am. I know it’s alarming, but we will help you get this taken care of quickly.”

Mom: “It is very alarming… especially since we don’t have a computer here!”

Caller: silence for a few seconds click

The best part is that my grandparents moved into that house before my mom’s freshman year of high school & there has NEVER been a computer there!!

6 Spice ups
9

They know where my numbers live? It’s AMAZING the things they can do with technology these days!

10

Yeah, this has come up a few times (they tried to get me too). Here are some links from other spiceworks users on this:

http://community.spiceworks.com/topic/280509-this-is-a-great-story-scam-the-scammers

http://community.spiceworks.com/topic/236344-support-scam-calls-finally-i-got-a-live-one

2 Spice ups
11

I wish I would have seen this link before I talked with them.

It would have been fun to string them along for a while longer. But it is shameful that these scammers are out there trolling for unsuspecting people. He did sound so convincing that I really did have a problem with my machine, remember he did show me the evidence that it was infected.

12

I have one I posted here awhile back as well… it was interesting! Good Job!

13

The parents had this one happen recently. No offence to my old man, but he’s NOT good with computers - all the same, he didn’t fall for it. Quite impressed and relieved, as I don’t have the OS disk for his laptop and I’m not arguing with a reinstall of an… “acquired” version of Vista! Especially not over the Christmas period…

Quite funny actually, the bloke on the phone pointed my dad to the event viewer, showed him all of the typical Windows “Everything is absolutely fine” errors and said it was in bad shape. My dad then proceeded to say “thanks for showing me that, my son is an IT engineer, I’ll get him to sort this, in case he wants it setting up in a certain way” then hung up. Wasted near 20 minutes of that guy’s time! Then wasted half an hour of mine trying to explain to him that there aren’t any problems whatsoever!

14

I got one of these calls long time ago and knew right off it was a scam because being an IT geek you have a 6th sence about these things lol

Anyway i went with it (not really following his instructions) but i made sure he could hear typing on my end of the phone…

After 5mins told him that he hasn’t done his home work on who he is scamming so i told him i was head of IT security at MI5 in London (lie) and that 2 agents are now tracking his location, i ended the conversation with “We will see you soon”

he obviously hung up lol

2 Spice ups
15

Are they still trying to pull that scam? Sheesh.

1 Spice up
16

Pisses me off that such a large scale scamming operation is possible.

17

using one of the biggest company’s names in the world…

18

I think we should have the local FBI office and teleconference them in.

or make a complaint here

19

I get around these calls by not picking up any phone call from the front desk…ever. Unless I KNOW someone is calling or the extension is listed, they can leave a voicemail…

I am closest to front desk girl, she hates me.

20

Not an IT Scam…but a phone scam just the same. Had someone call me and tell me I won a free cruise!!! YEA ME!!! Bad news…all I had to do was pay the $99 tax first. So I started with the "hmmm…this sounds fun…will there be the big buffets I always hear about on cruises.??? I then said…ok…so for 99 bucks I get a free cruise…thats when I got more bad news…it was a 2 person minimum…this is starting to suck Im thinking. So I say ok…if I pay you 198 dollars…I get two free cruise tickets and he responded yes. So then I start up with…will my cabin have a window? And luckily enough…it was going to have a window…I was so happy. When I asked about Captain Stubbing…the guy said “sir, your enthusiasm is sounding a bit sarcastic”. Thats when I hit him with…“Will Gopher be on board??”…click…hello?? hello?? D@mn I was looking forward to my cruise too!

Fun times!

1 Spice up