Just had some guy phone me claiming that my Windows PC had been sending out a higher than average amount of error reports. Apparently this guys company is contracted by Microsoft to phone customers and help them resolve these errors. He said that "two error reports are created, one on your computer and one that is sent to Microsoft that we get a copy of".

(Microsoft doesn't contract support to anyone, and the people they outsource to will always identify themselves as Microsoft instead of some other company. They also never call customers unless the customer takes steps to setup a call themselves)

So after explaining who he was I tried telling him right off the bat "Microsoft doesn't call customers about error reports, they don't send copies of error reports to any outsourced companies either". He just repeated himself and then said he could prove to me that I had a bunch of errors on my computer. He asked me to open Run by clicking on it from the Start menu...

(At this point I was debating on whether to go with "I don't have Run on my Start menu" to see if he would realize that I was on Windows Vista/7 or just go with it since I pin Run to my Start menu anyway. I decided to go with it)

So I get Run up and running and he asks me what I see in the box, I just tell him that its asking me to enter a command. So he tells me to "run event viewer by typing e-v-e-n-t-v-w-r", I follow along since I know that opening event viewer won't do shit for him. I open it up and he asks me to "Click on Windows Logs on the far left and then double-click on Application".

(This brings up a list of all Informational, Warning, and Error reports on your system. Fairly legit way to scam someone if they didn't know what it was)

Once there he asked me to click on "Level" to filter the results, this shows all the Error messages first, then the Warnings. I told him immediately that I recognized the source of every single Error, Warning, and Informational report listed here. In fact, I started confusing him here by saying "so there's nothing to worry about here, just some informational messages from my RAID cards monitoring software and some warnings from when I uninstall and reinstall my video card drivers". Once I said that he tried to explain to me that every one of these messages meant that a file on my computer was started to be corrupted, which I promptly told him was incorrect and then quoted the Event Viewer help article to reinforce my point.

So now realizing that his Event Viewer strategy wasn't going to work, he asked me to go back to run and type "prefetch malicious". He said that everything listed in this prefetch window was a malicious file on my computer, something that could damage my files and such.

(At this point I completely lost any kind of respect for the credibility of his strategy...)

Now I actually laughed out loud on the phone when he said that, first off I told him that you can run "prefetch anything-you-want-here" and it will always bring up the same results... Secondly I told him that the prefetch command has absolutely nothing to do with malicious files and such, in fact it's basically just showing you a list of prefetch files that Windows uses for booting and storing things in memory (I may have been wrong here, been a long time since I dealt with prefetch command).

From there I said that I'd like to be transferred to tier 2 tech support since he obviously didn't know what he was talking about. He then said "excellent sir, just go to this website and allow the support technician to remotely access your computer". So I booted up my testbed virtual machine and went to the website there, the remote tech logged in and is still doing things on it. So far he threw up an "always on top" window and is proceeding to try and find personal files on my virtual machine... My completely stock Windows installation virtual machine...

I'll let you guys know what he does when he can't find anything.

Nice work on that VM there. You should have turned on Camtasia though :P Also would be nice if you could log his IP.

He's still searching... Trying to search the network but he's failing since it's a VM and I didn't give it any network abilities. He's probably wondering how he's connected to the internet.

I should be able to grab his IP from my routers logs.

That was a good read. Haha.
But yea, def record it. Lol

If this is true, this is hilarious lol!

Okay so he finally logged out, the "always on top" window changed to a screen that basically said "Your computer is now safe to use".

Looking at the logs, he installed some software remotely, looks like some spyware/malware and another program that could possibly be a keylogger. Since I don't want to take any chances, I just deleted the VM completely. He never left any kind of message saying that he was finished except for the always on top window that I was able to click "close" on afterwards.

I do have his IP address from the VM connection logs, I called the Police because this is actually the 5th or 6th time they've called me and they're really targeting our area-code now. There has been a couple newscasts on TV about dumb people getting suckered in and they've told people to call the Police with any info they have. I gave them the IP, name of the guy, and the name of the company he identified himself as.

Finally your e-penis grew about an inch...now you have an inch in total :P

You're adorable freelancer. <3

I should of quickly put a My Little Pony theme on the VM.

Do you have caller ID? If you see that he's calling you again, answer the phone as whatever-city-you're-in police department and see what he does. Either that, or keep asking him to help you find the start menu as if you were running a Mac instead of a PC.

LMAO. I got a similar call two weeks ago. Since I didn't have a VM ready to go at the moment to do similar thing I just played along with him for a little while. He told me to go to some random website and scan it for viruses. Obvious motherfucker. I just said that it finished scanning my system and no viruses were returned. He was confused by this because bullshit scanners like that always bring up shit that isn't there as threats. Then I told him that I was a Mac user and he was further confused (probably knew enough to know that exe don't' run in OSX without crossover). Then I laughed and said: "go get a real job you dumbass." Hung Up. Didn't want to spend anymore time on the phone with him. He never called back.

What you should have done is placed gay gifs in the pictures folder and rename them as like "naked girlfriend" or some shit like that lol.

The best would be to hack back and take a screenshot of him remote accessing your computer and put that as a VM background :P

Good job Freelancer~ Next time have bonzai buddy and a few fake antivirus instaled so they can't even do anything <3


Whats the website? Might take a Win98 VM for a spin :tehlag:

Next time create a infected PDF and call it "creditcard". Don't install any PDF program so he is forced to send that file to himself :P

^^ Ahahaa.

www.logmein123.com

Totally legit eh?

www.logmein123.com (http://www.logmein123.com)

Totally legit eh?
Had these Indian fuckers try to pull this shit on me like 5 times since April :lol:

booo that's no fun nvm