We’re with Windows, and we’re here to help: The anatomy of a scam

On its face, it was totally unbelievable. After all, when was the last time you recall any tech support pro-actively contacting you to solve a problem?

Advanced Windows "support" technology.

Advanced Windows “support” technology.

“Hello, sir. I am calling from Windows support.”

So began the call at 3:36pm PDT on June 12. It was as if an automated phone tree at a software company had decided to atone for its sins and reach out. And I do mean automated. The patter, though delivered by apparently real humans with apparently authentic Indian accents, was remarkably rote.

“I’m calling on behalf of Microsoft’s Certified Technician Team,” said 8:53am July 3. So did 11:46am the same day. But 8:58pm May 15 called from “the technical services department of Windows.” And the first one, six weeks earlier at 6:02pm May 14, declared, “I am with the Windows Service Center, and I am calling about your computer.”

And boy, were they calling from exotic locations: “V5152358030054,” “6752 6752” and just simply “6752,” or so blurted my confused Caller ID screen. I thought I knew all the new area codes.

Ask me anything.

Ask me anything.

Then began the support. “You are getting errors on your computer and I’m calling to help.” What errors?, I’d often ask. “I won’t know until you go to our website and download our diagnostic tool.” Download. Unknown. Software. Sure.

While the patter would vary from male to female to male caller, the pitch never did. You’re reading from a script, I’d challenge. “No sir, I am not reading from a script,” 3:36pm June 12 protested. And then went right back to the script. But, like testing the limits of Siri (or, more appropriately here, Furby), it became mildly interesting to see what kind of answers I could elicit:

  • How did you know I was getting errors? “We have a database of phone numbers of people who purchase computers.” (Those used to be called “phone books.”)
  • How do you know I’m not using a Mac or an Atari 1040ST? “We can check. Please click on your Start button.”
  • I can’t have a virus; I use the free and excellent Microsoft Security Essentials. “Well sir, that is better than using nothing.”

Expecting answers that were better than nothing, I turned to the real Microsoft.

“In 2010, Microsoft began receiving reports of scammers making phone calls or sending emails to people,” replied a spokesperson for Microsoft’s Digital Crimes Unit. The goal was often to trick people into buying support services, downloading fake security software or allowing remote access to their PC for likely un-nice purposes. Microsoft has referred the cases to the Federal Trade Commission, which had its own investigation underway and presumably still does.

The real Microsoft.

The real Microsoft.

And yes, it’s no coincidence I’m getting a lot of these calls. A lot of people are. Almost paradoxically, the spokesperson noted, as more consumers learn from Microsoft and other tech firms that they should make their computers more secure, “we have seen an increase in cybercrimes that use deception and social engineering to exploit people.”

That doesn’t stop some would-be victims from attempting to reverse-engineer the favor. Eric Dawes, a former broadcasting colleague in the Seattle area wrote on Facebook he’s been getting similar calls. He decided to play along, clicking as directed until he informed the scripted caller that he only had a choice of running “Control Panel” or “PHK-U.EXE.”

Others have been less kind, and a few have tripped into their own trap – such as the anti-malware security researcher who, in trying to documents the details, had his computer’s files deleted by a vengeful scammer.

The sobering part is enough people must be scammed successfully, otherwise the trickle of calls wouldn’t have increased to a seeming flood over the past several years. This includes, recently, calls to the Puget Sound area (unless the scriptoids have only now realized Microsoft is actually based nearby). Average loss? A Microsoft study pegged it at $875, and that was two years ago.

The next time the phone rings, I’ll recall the advice from my father who, in a moment of cynicism about business, observed that, “When someone approaches you, remember they always want something.” And in this case, I don’t think it’s my faux virus. Unless it’s infected my wallet.

Frank Catalano (@FrankCatalano) is a strategist, author and veteran analyst of digital education and consumer technologies whose GeekWire columns take a practical nerd’s approach to tech. See the archive of his regular GeekWire columns. He’s writing his own script, not for Hollywood, but in advance of the next inevitable call.

  • deadrose

    I’ve gotten several calls from them, I simply tell them I’ll check with my husband who works at Microsoft first.

    Granted, he hasn’t worked there for a couple of years, but it confuses them long enough for me to hang up.

    • http://www.intrinsicstrategy.com/ FrankCatalano

      I like that. I shared with the last few callers that I was taking details notes for a column I was writing, thinking that would end the call. I asked if they understood (long pause), “Yes, sir.” And then back to the script.

    • Hope

      My second call within a month from Windows Support Center! The first
      time they called I told them to get a real job and quit doing what they
      were doing! The second time I asked for their phone number in case my
      neighbors needed help, because I didn’t have a computer, they said they
      are in New York and gave me this number: 206-424-8916! Tired of those
      calls!

      • http://www.intrinsicstrategy.com/ FrankCatalano

        A Seattle number for a New York location? Perhaps they’re just there as Seahawks fans to prepare to help all the virus-laden Broncos laptops at the Super Bowl.

  • Ken McElrath

    Glad to see you’re writing again.

    • http://www.intrinsicstrategy.com/ FrankCatalano

      Thanks Ken. John and Todd have been kind enough to give me an outlet for my tech commentary and analysis as a GeekWire columnist.

  • Security Guy

    Frank, the following statement is a bit misleading “such as the anti-malware security researcher who, in trying to documents the details, had his computer’s files deleted by a vengeful scammer.”, if you read the entire article the security researcher was just using VM, so no useful files were deleted (just a VM got trashed).

    • http://www.intrinsicstrategy.com/ FrankCatalano

      As the security researcher himself wrote, “they crossed that line when they deleted documents on my computer and sabotaged the Internet connection. This is destruction of private property plain and simple.” The VM just kept the results from being catastrophic.

  • DCDan

    I was getting those calls a year or so ago, when I finally decided one day when I had some mindless multitasking time on my hands to play along (and play dumb) so I could see what they were after. I kept them talking for about an hour and a half, asked alot of questions every step of the way, at some point got transferred to a “manager” who continued to press that I d/l something, but still couldn’t explain anything in any technical detail. Then I stopped getting calls… until last week :( Didn’t know they were still running this scam.

  • Larry Martin

    Having retired from IT a couple of years ago, I’ve long since been waiting to see this kind of scam. From experience, I know how gullible we humans can be. So, last week when I received this call, I was not totally surprised; rather just amazed that it’s taken so long. Wanted to have fun with the caller but didn’t know if he was calling from an ‘off shore’ reverse charge phone scam, so I spent only a few moments on the phone line then hung up.

    Am looking forward to receiving the call again. Am thinking of setting up a ‘honey pot’ PC and have them log onto it intentionally and damage what they will. That way I might be able to trap things like Mac address and routing information. After all, what else can I do to keep retirement interesting? It would be nice to reverse infect the perp but that just isn’t a proactive solution, is it?

  • MG

    I received the same call a while back when I was in the Puget Sound area. The person “calling from Windows Support” insisted that he is seeing errors from my windows machine. I asked him to confirm twice that this is windows system that he is seeing the errors from. I then told him (misleadingly) that I only use Ubuntu at home. He was confused enough to blurt out – “Sir, maybe we made a mistake. Do you have any other friends who use windows that might need help cleaning the errors?”

    Cleaning the bank account more like it.

  • arrow2010

    Winblowz itself is a scam upon the world’s computer users.

    • http://www.intrinsicstrategy.com/ FrankCatalano

      Actually, had at least one of the callers started with, “I’m with Winblowz customer support,” at least I would have had a good laugh.

  • Another_Lurker

    I believe the FTC cracked down on some these scammers. I would love to get one these on the line just to mess with them and to see how long I can string them out.

    • http://www.intrinsicstrategy.com/ FrankCatalano

      You’re right. Last October, the FTC filed suit against six firms allegedly perpetrating the scam. But I think the headline, in light of recent activity, was a tad optimistic: “FTC Halts Massive Tech Support Scams.” http://ftc.gov/opa/2012/10/pecon.shtm

      • Another_Lurker

        They probably waited for the story to slip off the radar to start backup. From what was posted on You-Tube these scams were being done in other countries so it would be easy to lie low in the US for awhile.

        These operations remind of the penny-stock boiler rooms.

  • denise

    I got one of these calls. The really weird thing was that my caller went off script. After I told him I didn’t have a computer and hung up, he called me back. Over and over and over. When I finally answered the phone and told him he had the wrong number, he actually yelled at me: “I don’t have the wrong number, I am calling Michelle, and you are Michelle” (I am female, but Michelle is not my name.) It is the first time I can ever recall an “auto-caller” really losing it.

  • Stephen Burnside

    Here’s an idea. Get rid of the landline. Who really needs the thing these days anyway? On the cell phone, we all have caller ID and I screen every call. If I don’t know it, I let it go to VM. If it’s THAT important, they can leave a message.

  • http://www.apperian.com Cimarron Buser

    It’s still happening … I just got the same call. Rather than string them along, I asked what the company was – he said “Windows Services”. I asked if they cleaned windows, since the windows in my house needed cleaning. He made a disgusted noise and hung up. Caller ID was no help – it was junk…

    I wish there was a way to put these folks out of business…

    • http://www.intrinsicstrategy.com/ FrankCatalano

      As do many. But I suspect this is a game of scammer Whac-A-Mole. As soon as one is shut down, another one pops up.

  • Hannah Reimann

    Thanks for your article, Frank – a facebook friend private messaged it to me after I posted the following about 11 days ago:

    “I was
    awakened at 7 AM by a frantic “emergency call” from the “Microsoft
    Anti-hacking Department” who announced my address and telephone number
    to me and proceeded to tell me that they got a red alert that my
    computer had been hacked, told me to write down an endless ID number,
    etc. and so forth. They truly tried to scare the —- out of me. By
    the time I got to my senses and got rid of the call
    it was 7.28. Memories of the phoney lottery-win criminals who attacked
    Dad came to mind. Has anyone had this unfortunate experience and does
    anyone know where I could report these horrible people since I have
    their phoney customer service number (leading me yet another suspicious
    sounding character)? ”

    They called me, again at 7.45 AM EST this morning. The phoney Customer Service number of the “Microsoft Anti-Hacking Department” is 855-677-5556

    Do you have any new information as to how to catch these thieves or who to report them to? Another friend told me to call the FCC so I’ll do that, as well, but I wondered if you have any solutions or suggestions other than what you wrote to others in the past.

    • http://www.intrinsicstrategy.com/ FrankCatalano

      No, I’m afraid the same suggestions apply. Also, if the call was made to a number which is on the Federal Do Not Call registry, I’d report it as a violation as it is an unsolicited sales call, no matter what the scammers might claim (assuming others, like your friend, were able to get a valid callback number to the scammer which can be entered). The form is here https://complaints.donotcall.gov/complaint/complaintcheck.aspx?panel=2

      • Hannah Reimann

        Thank you, I’ll try that…and do let me know if you learn more about the process of getting rid of these awful illegal businesses. Happy holidays

  • Nya

    I got a call from them, and of course it was right in the middle of an exam, but I had time, so I played along with them. They asked me to Right click on Computer and open up manage, and them double click on Applications. They asked me if I saw any error messages, and I didn’t. Then they asked me to click on ‘Dell’, and then they asked me if I saw any error messages then. I didn’t:) I told them it all said ‘information’, and a date next to it. He hung up after that:) I guess my computer wasn’t worth cleaning or whatever. I told my Dad afterwards, and he said it
    was nearly impossible for them to know that a computer is infecting a central whatchamacallit system.

  • disqus_Al9SmHRQ4i

    I just tell them I don’t have a computer.

  • Bec Courtney

    Hi Frank (or anyone),
    I got a call 2 days ago & was suspicious enough to end the phone call but only after they had gained access to my computer to show me supposed errors.

    Is there any way they can regain access to anything on my laptop? I dont keep passwords or anything on my computer, but Im worried they can still do something.
    Thank you,
    Bec

    • http://www.intrinsicstrategy.com/ FrankCatalano

      Bec, based on similar incidents, depends on how you did it. If all you did was follow their verbal instructions to discover Windows own log of “errors” (which are not), you probably are fine. But if you got to the step of downloading software they directed you to and installing it, I would see if you can uninstall it and also run a malware scan (using whatever anti-virus tool you have), just in case.

      • Mark

        The FTC obviously isn’t enough – and our so-called elected “representatives” aren’t doing anything for us to beef up the penalties to provide some adequate justice. And for the ones outside the US, maybe they should be sending the Jason Bournes after them. Bet that would slow ‘em down….

  • Harold

    I am getting many calls a day from “Windows Tech Support”. A few time I talked to them to find out what they wanted. Did not comply, did not even turn on my computer. As I have called ID on my TV & phone I can tell who is calling and am not even answering. They are still calling, 8 times yesterday. Will they eventually stop? Hoping so.

  • sidharthyovel

    cannot open you tube in windows help me