General discussion

Fake 'Microsoft' calls: You're Infected or being hacked!

Hello all,
I'm sure most of you are familiar with the fake 'we're calling you from Microsoft' only to be told your computer is infected and affecting the internet. Wow, what a statement. Or they say there is someone hacking your computer, blah blah blah.
The goal is for them to let you into your computer so that they can either infect your system and then charge you for 'cleaning' it up or to change the log in procedure and lock you out of your computer unless you pay (hostage).
My question: Is there a way to back track them? Maybe back hack them? Allow them into a 'safe environment' (maybe VM?) and do the work against them simultaneously?
Yeah, sure I understand the American Legal system but I still want to know.
The goal would be to help expose them more than just a incoming false phone call. Story is that these false people transfer the 'victim' thru several "tech's" before getting to the person who will actually hack the victim in doing so each person has a script that helps keep them 'legal'. Yeah right.
So let me know what you think, can they be traced, back hacked or identified?

Discussion is locked
Follow
Reply to: Fake 'Microsoft' calls: You're Infected or being hacked!
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Fake 'Microsoft' calls: You're Infected or being hacked!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Those fake MS calls are annonying

The question is getting back at them worth your time? Since this scam started, people have been messing with these scammers.

Here is person who goes through the whole process and get their IP address and Paypal accounts:
https://securelist.com/blog/incidents/33734/trying-to-unmask-the-fake-microsoft-support-scammers-17/

Here is person who uses a VM:
http://www.howtogeek.com/180514/the-%E2%80%9Ctech-support%E2%80%9D-scammers-called-htg-so-we-had-fun-with-them/

This is an interesting article:
http://www.makeuseof.com/tag/just-hang-shouldnt-taunt-fake-tech-support-scammers/

I'd personally just wouldn't bother, not worth my time and energy. I just do my best to spread to the word to friends and family who are likely to believe it.

Cheers,
-Lee

- Collapse -
Annoying fake MS calls

Hi Lee
Thanks for the info.
I agree, "is it worth my time?", needs to be asked. I would say that it isn't about productivity but about having some fun.
I do educate my 'people', friends and family about how to identify hacks and what their goal is to keep them safe. I am hoping to host a free Axiom (workshop) class to educate others about the different common computer scams.
P2
EyeCanFixThat

- Collapse -
Have fun!
- Collapse -
Fake Microsoft Calls

I tell them their number has been turned into the FBI and they have wire tapped your phone. It Stopped.

- Collapse -
Not worth making any great effort

Often they are overseas or on obfuscated links. NEVER give them any credentials to your computer though, even VMs.

No reason not to have a bit of fun, though. e.g.

"That sounds serious, can you put me through to your Linux/Mac"/zOS expert, to help resolve it please?

I.m actually working on a security contract for a government agency that I'm not permitted to name. All my calls, in and out, are tracked and recorded. Are you sure you wish to continue this conversation?

We also get these scams from "Telstra" (the primary communications company here in Australia). All fake, of course. The claim is usually that my computer is affecting others on the network and that they need remote access to it to fix it or they will "disconnect my internet". My favourite response is "That's very serious indeed but since other users are affected, the problem obviously lies in your server, since I can't see beyond that. Fortunately, I have 50 years experience in the IT industry (true!), so if you'd like to give me the remote logon credentials to your server, I can log on to it and fix it for you."

All these responses result in a hanu-up click!

- Collapse -
I like to play with them and take up their time.

I am a retired network engineer and security specialist, and I love to toy with these guys and consume as much of their time as I can get them to give me, both to delay their next attempt to infect somebody else's machine and just for my own amusement.

I first express surprise and alarm, and ask them which of my computers is infected. They usually reply something like "Your Windows PC," but I inform them that I have several and need more information. I then ask them for the IP address of the infected machine.

Sometimes they hang up at this point, but sometimes they reveal a rudimentary knowledge of home networks and give me a response of "192.168.0.(X)" which is the default network used by most home routers (I do not use the defaults, but no matter).

Then I again express horror and tell them that it is an older machine that takes some time to boot up. They wait and wait (while I'm sitting in front of my TV) and I give them periodic progress reports to keep them hooked.

Then I ask them what they want me to do. Again I behave like a befuddled home BDU, and go through several machinations unsuccesssfully "striving" to follow their instructions. Sometimes they just give up, and sometimes they get quite violently profane, but other times they show extraordinary patience and I even locked one of them up for two hours one lengthy afternoon before I gave him an earful that included several uses of the phrase, "Death to hackers!" and a considerable amount of more colorful language.

(By the way, in case you are not an old timer from the era in which the acronym was current among computer support staff personnel, "BDU" means "Brain Dead User.")

CNET Forums