[Tfug] A Strange Phone Call

John Gruenenfelder jetpackjohn at gmail.com
Tue Jul 3 18:29:10 MST 2012


Hello again,

I'd like to share a very strange computer scam phone call I just
received today...

At about 4 PM I received a call on the house's land line and the
caller ID said unknown caller and the number was all zeros.  The
caller had a very heavy Indian accent and I could tell that it was a
scam in under 30 seconds.  I have never received such a phone call nor
have I ever heard of computer maintenance/security "companies" doing
cold call scams before so I though I would play along to see what they
would do and what they would ask for.

The caller, as best I could make out, was calling because my Windows
computer had sent them information indicating that there were errors
and/or malicious programs running.  He wanted to walk through some
steps with me to verify the problem.

I was on the phone for just under an hour in all, primarily because
this first person was excruciatingly slow and didn't understand
English very well.  He insisted on spelling everything out and would
ask each question multiple times.  Now, at no time was I actually in
front of a computer.  Rather, I was sitting on the couch watching
Jeopardy, but I'm not new to this so I figured I could just wing it.
Also, it became apparent rather quickly that if I mumbled my answers
then this person would try to explain what I was "seeing" and ask me
to verify.  Because of this, I could usually just wait until he
prompted me somehow and then I would just confirm his suspicions or
make up numbers.

He asked me to open Windows run prompt and to start the event viewer.
We then looked at several log files (or, rather, pretended to) and he
would ask how many warnings and errors I was seeing.  With more
prompting, he would ask if it was more than ten.  Each time we looked
at a log and I confirmed that there were many errors, he would say in
a concerned voice "Oh my god..." and tell me how bad this was and how
it was evidence of existing corruption (the errors) and potential
corruption (the warnings) of my files and documents.

Finally, after doing a very thorough job of convincing me of the
impending doom, he transferred me to his manager.  This person also
had a heavy Indian accent, but he both spoke and understood English
better.  I really don't know where they were calling from, but the
quality of the connection was quite poor and I could often here my own
delayed and distorted echo after speaking.

The manager's job, it seems, was to finish landing the pre-screened
marks.  He had me use the run dialog to start Internet Explorer at a
web site called www dot support dot me (I don't want the spam filter
hitting this, or somebody clicking on it).  For those of you keeping
score, the .me country code is for Montenegro.  Again, I wasn't at a
computer so I just had to guess as to what I was seeing, but they
didn't seem to mind.  After the phone call I did go to the website and
it is extremely plain.  All you see is a very small box in the upper
left hand corner with the title "Support Connection" and it asks you
to enter your six digit ID and then press a button "Connect to
Technician".

This person explained that the copy of Windows I received with my PC
(which obviously never happened because I build my own PCs) included a
confidential security code for this included maintenance and that it
had likely expired when my warranty did.  I shouldn't worry, though,
because they can get a new code from the "Windows Department" and I
can use that on my computer, but I must be careful to not share it
with anybody else because it is linked to my license and sharing it
would be like software piracy.

He then asked for my name, which today was Samuel Clemens, my email
address, and confirmed my phone number.  Then he asked what type of
credit card I would be using and which bank it was from, so I made
this up, too.  After this he gave me my six digit ID to use on the log
in page.  After using this, I would apparently me prompted with a
registration form where I could enter in the rest of my information.
Surprisingly, he was was careful to explain that neither he nor any of
the technicians would ask for my credit card number.  Instead, I would
enter that into the form on the website.

He explained that to get this new code from the Windows Department,
which would entitle me to a year of remote support, I would need to
pay an activation fee since I had allowed me previous code to lapse.
He explained twice that I was *not* purchasing software, but rather
support from the company.  For one year, the price was $160 and there
were also options for two or three years which cost more.

Now he wanted to walk me through these last steps.  After entering the
ID number, I was "prompted" to download some sort of program which he
then wanted me to run.  I suspect this would have been very bad and is
also likely where I would enter my real credit card information.  At
this point, though, it had been nearly an hour and I figured that I
would have a much harder time faking using a program I've never seen,
so I calmly told him that I was just wasting his time and that I
wasn't even at a computer.

His response was, again, rather unusual.  He tried very hard to
convince me that this company (which I never actually got the name of)
was legitimate and told me at first that he didn't believe that I
wasn't at a computer.  We debated/argued for a few minutes while I
tried to explain that I really was just making it all up.  I tried
some logic on him, such as explaining that if his information really
did come from Microsoft then he should know, at the very least, me
name and which version of Windows I had purchased.  He said he did
have my name and only asked for it earlier to confirm.  He didn't seem
to understand, though, when I told him that the name I gave was of a
famous dead author and why hadn't it matched what he had on file.  And
so on...

Since I was done, I really just wanted him to remove the phone number
he had and never call again.  All he wanted to do was try to convince
me that it was legitimate, though, and I finally gave up and hung up
on him.


After speaking with these people, I did, as I mentioned above, visit
the website in question.  The ID code he gave me was 618915, but when
I tried to use it the web page said it had expired.  I tried several
other similar numbers, but none worked and I never got to download an
actual copy of this malware.  The only identifying information on the
web site are links to the "LogMeIn Rescue" homepage which may to be a
legitimate company that makes web site login/access software that
these guys were using.

Has anybody else ever received such a phone call out of the blue?
This wasn't even my phone number that is attached to a number of
things online, but rather my parents' home phone.  The amount of time
they were willing to spend to convince me that my Windows computer was
broken was quite long.  For the manager's part, he went to lengths to
explain that I was not buying software but rather service from them.

I suppose they just didn't want to lose money after this much effort,
hence all the efforts to convince me that it was real, though it could
also be that they were concerned that I might have been able to get
too much information from them after an hour.  Unfortunately, though,
the ID number is now invalid and anybody else who visits the site will
get nothing and it is hard to investigate nothing.

I did check the WHOIS database for support.me and it is registered to
Gabor Tokaji from Woburn, MA.  Perhaps not surprisingly, his email
address is at the logmein.com domain and the DNS info for support.me
shows it to just redirect to a logmein subdomain.

Just though I'd share.  Despite the address in Massachusetts, these
people are almost certainly outside the country and thus cannot easily
be stopped.  I'm mostly curious if this has happened to anybody else
or if this is more common than I thought.  Scam email and web sites,
sure, but phone calls?


--John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for Palm OS  --  http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
        --Sam of Sam & Max



More information about the tfug mailing list