Phone call scams are becoming an epidemic. The phone rings and, upon answering, the caller promptly identifies himself/herself and often claims to work with a prominent organization, such as Microsoft – all of which is bogus. However, some of the craftier callers claim to be from the nearest major computer retailer in your area. The one thing that they have in common is that they say they will help you solve issues they have identified on your computer.

This happened to me – here’s how I went about it…

I have personally received two such calls so far. The first caller asked me to download and run software. At that point I didn’t have a secure virtual environment where I could do that without problems, so I pretended to have an unstable Internet connection, refused to give the caller remote access through a demo remote session website provided by a major remote desktop vendor, and the story ended there.

I then set up a secure virtual environment and, sure enough, last week I received another call.

This time the caller knew more about social engineering. They claimed to be calling from the National Computer Centre and asked if my computer was switched on. I said no, as I needed time to boot my virtual machine. When I told him all was ready he asked me to load up an event viewer and report any warnings or errors that it reported (which is something that every computer shows).

When I duly reported my errors I was informed I was going to be transferred to a supervisor. A new speaker came on the line and went into great detail about the errors, advising that they are due to corrupted files.

The supervisor takes over

The “supervisor” then explained that these are different from viruses and that anti-virus solutions cannot do anything about them. He then asked if I had noticed my computer slowing down lately. Again, it’s something every computer user would answer “yes” to. At this point I asked if this service incurred a charge. I was told that if the issues were minor they’d be happy to fix it for free, and that there would only be a charge if I had major problems.

I was then asked to download a piece of software, which I did with no intention of running it, figuring it would make great analysis material later on. I lied and said that the download wasn’t working, so I was directed to a new website which also included a remote desktop client. Ironically, when establishing the connection a large warning cautions you not to follow any instructions given through unsolicited calls. I explained this to the supervisor who said, with complete confidence, “Ignore it as that message is not for you”.

Enter the technician…

I established the connection and was then informed I was being transferred to a technician. This made the whole thing sound more legitimate and that was indeed a good piece of theater. This whole process builds credibility with the unsuspecting victim.

The technician asked my name and telephone number in the chat window of the remote desktop. I gave him fake information even though they knew it all already. Then the “technician” launched Windows® Explorer, opened the Windows driver folder (containing the .INF files) and circled the number of files there. He repeated this with the temporary folder and the system folder. He then issued a report where the .INF files were reported as corrupted files, the temporary files were marked as infections, and the files in the system folder were marked as damaged. This gave the total number of issues reported to be over 10,000.

I was then told I was going to be transferred to a better line, but instead the caller hung up (no doubt to save on the phone bill). However, the technician then said we could continue talking through the chat box.

At this point over an hour and 15 minutes had lapsed and I knew they had not intended to take control of my computer but simply have me pay for repairs I didn’t need. So I told the person I was speaking to that I knew he was scamming and closed the session.

But it didn’t end there! Stay tuned for the rest of the experience in Part Two.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!