Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Fake 'Microsoft' calls: You're Infected or being hacked!

Jul 14, 2016 10:13AM PDT

Hello all,
I'm sure most of you are familiar with the fake 'we're calling you from Microsoft' only to be told your computer is infected and affecting the internet. Wow, what a statement. Or they say there is someone hacking your computer, blah blah blah.
The goal is for them to let you into your computer so that they can either infect your system and then charge you for 'cleaning' it up or to change the log in procedure and lock you out of your computer unless you pay (hostage).
My question: Is there a way to back track them? Maybe back hack them? Allow them into a 'safe environment' (maybe VM?) and do the work against them simultaneously?
Yeah, sure I understand the American Legal system but I still want to know.
The goal would be to help expose them more than just a incoming false phone call. Story is that these false people transfer the 'victim' thru several "tech's" before getting to the person who will actually hack the victim in doing so each person has a script that helps keep them 'legal'. Yeah right.
So let me know what you think, can they be traced, back hacked or identified?

Discussion is locked

- Collapse -
Those fake MS calls are annonying
Jul 14, 2016 10:46AM PDT

The question is getting back at them worth your time? Since this scam started, people have been messing with these scammers.

Here is person who goes through the whole process and get their IP address and Paypal accounts:
https://securelist.com/blog/incidents/33734/trying-to-unmask-the-fake-microsoft-support-scammers-17/

Here is person who uses a VM:
http://www.howtogeek.com/180514/the-%E2%80%9Ctech-support%E2%80%9D-scammers-called-htg-so-we-had-fun-with-them/

This is an interesting article:
http://www.makeuseof.com/tag/just-hang-shouldnt-taunt-fake-tech-support-scammers/

I'd personally just wouldn't bother, not worth my time and energy. I just do my best to spread to the word to friends and family who are likely to believe it.

Cheers,
-Lee

- Collapse -
Annoying fake MS calls
Jul 14, 2016 10:55AM PDT

Hi Lee
Thanks for the info.
I agree, "is it worth my time?", needs to be asked. I would say that it isn't about productivity but about having some fun.
I do educate my 'people', friends and family about how to identify hacks and what their goal is to keep them safe. I am hoping to host a free Axiom (workshop) class to educate others about the different common computer scams.
P2
EyeCanFixThat

- Collapse -
Have fun!
Jul 14, 2016 11:46AM PDT
- Collapse -
Fake Microsoft Calls
Jul 15, 2016 5:46PM PDT

I tell them their number has been turned into the FBI and they have wire tapped your phone. It Stopped.

- Collapse -
Not worth making any great effort
Jul 15, 2016 9:56PM PDT

Often they are overseas or on obfuscated links. NEVER give them any credentials to your computer though, even VMs.

No reason not to have a bit of fun, though. e.g.

"That sounds serious, can you put me through to your Linux/Mac"/zOS expert, to help resolve it please?

I.m actually working on a security contract for a government agency that I'm not permitted to name. All my calls, in and out, are tracked and recorded. Are you sure you wish to continue this conversation?

We also get these scams from "Telstra" (the primary communications company here in Australia). All fake, of course. The claim is usually that my computer is affecting others on the network and that they need remote access to it to fix it or they will "disconnect my internet". My favourite response is "That's very serious indeed but since other users are affected, the problem obviously lies in your server, since I can't see beyond that. Fortunately, I have 50 years experience in the IT industry (true!), so if you'd like to give me the remote logon credentials to your server, I can log on to it and fix it for you."

All these responses result in a hanu-up click!

- Collapse -
I like to play with them and take up their time.
Jul 16, 2016 9:27AM PDT

I am a retired network engineer and security specialist, and I love to toy with these guys and consume as much of their time as I can get them to give me, both to delay their next attempt to infect somebody else's machine and just for my own amusement.

I first express surprise and alarm, and ask them which of my computers is infected. They usually reply something like "Your Windows PC," but I inform them that I have several and need more information. I then ask them for the IP address of the infected machine.

Sometimes they hang up at this point, but sometimes they reveal a rudimentary knowledge of home networks and give me a response of "192.168.0.(X)" which is the default network used by most home routers (I do not use the defaults, but no matter).

Then I again express horror and tell them that it is an older machine that takes some time to boot up. They wait and wait (while I'm sitting in front of my TV) and I give them periodic progress reports to keep them hooked.

Then I ask them what they want me to do. Again I behave like a befuddled home BDU, and go through several machinations unsuccesssfully "striving" to follow their instructions. Sometimes they just give up, and sometimes they get quite violently profane, but other times they show extraordinary patience and I even locked one of them up for two hours one lengthy afternoon before I gave him an earful that included several uses of the phrase, "Death to hackers!" and a considerable amount of more colorful language.

(By the way, in case you are not an old timer from the era in which the acronym was current among computer support staff personnel, "BDU" means "Brain Dead User.")