Earlier today my mom got a call from a call from a company claiming to be from "Microsoft Technical Support" claiming that her computer has a virus and that it was sending information to their server, reporting the malicious activity. She told them that I was the computer expert in the family and that they should call back and speak with me. Well, even though I didn't think they would, they did indeed call back.
Upon answering, I explained that I was quite tech savvy -- a comp sci major who works with Microsoft products in school and well aware that Microsoft does NOT have a support center that randomly cold calls people regarding their products; and one who also has a paranoid firewall policy, of which I check the connection logs quite often for suspicious activity. But this was not enough to dissuade my would be hero from Microsoft Tech Support to stop right there and move on to another target. No, he continued on -- apparently confident in his abilities scam me, even though I explained to him that I have somewhat of an understanding of how malicious software, and Microsoft error reporting, works.
So I decided to play along for a bit, to see just how stupid he thought I was.
This "technician" proceeded to explain to me that he could prove that my system was infected and indeed sending information to his company's "global" server, even though my firewall logs do not show any activity to their IP. And after my first question -- "How exactly does Microsoft know about my errors when my home network is Linux based (I lied just to hear his response), and how did Microsoft get this phone number from the error report?" -- he proceeded to explain to me how the internet works; that, "every time you connect to the internet to go on Yahoo, Google, your browsing or email[...]," connects to their global server and reports malicious activities, and that activity, "is caused by viruses and malwares that causes these errors, and makes the system go really slowly and shut down, and that is why it is reporting to the server." Got it.
He proceeded to show me the proof of all of this, and especially show me that this was not a scam (because being an empirical person, he knew I needed proof that this was not a scam -- which, by the way, I had already told him I knew all about this type of scam).
And his proof?
He passed me to another person.
This new person claimed to be the floor supervisor, who came on the line to once again iterate that they are Microsoft's Technical Support company, and the error reports to the global server, and then (here it comes!) that they are not a scam... etc., etc., etc...
So I guessed that proved it.
Now on the proof on my system:
The "tech" had me go through a long and laborious process of getting to the event viewer, explaining to me where the "C", "T", "R", "L", key was...then helped me find the key next to that key with the "flag" on it (the windows key), and then the "R" key (really...he explained where "R" key was located).
Basically, they take you to the event viewer and claim that the errors and warnings shown are the information that is being sent to their server, and that this is the proof that the system has been compromised. I explained to him that most of the errors and warnings listed were from software that I had personally written, and even more from my hacks (forced exceptions, etc.), and asked what their system said about those messages. Of course he had no answer, but immediately wanted remote access to my system to "remove the viruses and malwares that are causing the errors..." -- GTFO!
At that point I explained that he was insulting my intelligence, and I offered to connect remotely, but only if I could connect directly to their server to see the logs for myself...and explained that I would require permission and the version number of IIS they were using since they were a Microsoft company -- to test for exploit vulnerabilities; and that I needed his permission to help fix their servers, and it would not be a scam...
And after a few moments of me laughing at him, he hung up.
I guess this is becoming more common, and many non-technical people are falling for this scam. I found a few vids of people who recorded their conversations with these scammers on Youtube, some were quite funny.
Has anyone else experienced these calls?