What I learned playing prey to Windows scammers

Three months of phone calls prove Windows scammers are more skilled at social engineering than you think

What I learned playing prey to Windows scammers
Pexels (Creative Commons BY or BY-SA)

“I am calling you from Windows.”

So goes the opening line of the well-known phone scam, where a person calls purporting to be a help desk technician reaching out to resolve your computer problems. These Windows scammers feed off people’s concerns about data breaches and identity theft to trick them into installing malware onto their machines. The scam has been netting victims for years, despite the fact that none of what the callers say makes sense.

I recently received such a call and decided to play along, to see how the scam evolves and who the players might be. Over a period of three months, I received calls on average of four times a week, from various people, all intent on proving that my computer had been hacked and that they were calling to save the day. I had multiple opportunities to try a variety of conversational gambits and to ask questions of my own. Here is what I found out about the Windows scammer underworld via conversations with “Jake,” “Mary,” “Nancy,” “Greg,” “William,” and others.

The scam’s success hinges on being helpful

The callers are polite, and they sound very earnest, explaining in great detail how hackers can loot your bank accounts, steal your identity, and compromise passwords. They are intent on convincing you the threat is not only real but hackers are already in your system performing all manner of nefarious activities. Your computer has been slow, they say. Or they explain that they have detected suspicious activity emanating from your PC.

“Whenever there is any negative activity going on with your computer, right? We get notified from the license ID of your computer,” said “Nancy.”

The scammers don’t expect you to take it at their word; they are willing to show proof that your computer has been hacked. They instruct you to press the Windows key and R to bring up the Run box on your system, and to enter commands to open Windows Event Viewer. The caller notes how many errors are listed (most of which are harmless) and uses the list as proof the computer is compromised. "Jake" walked me through finding my unique computer ID using the command line.

“Rachel” sounded genuinely horrified when I told her how many errors were in Windows Event Viewer: “This is the worst I’ve ever seen!” I burst out laughing. Needless to say, she hung up immediately.

Once the victim has been convinced there is a problem, the hard part is done. Depending on the scam, the caller tries to talk you into installing remote software, such as TeamViewer or AMMYY, onto your computer, or they direct you to a website to download software that would supposedly fix the problems. The remote control software can be used by the attacker to steal data, download malware, and further compromise the system.

To avail myself of their help, I would have to hand over my credit card number and pay anywhere from $49 to $500. I never got past this step, though.

It doesn’t matter who the victim is

Scammers get phone numbers from myriad places: marketing lists sold between telemarketers, the phone book, personal records of criminal forums from data breaches. Some scammers used my married name, which isn’t listed anywhere. Because our phone is listed in my husband’s name, scammers working off public phone records probably switched to Mrs. when I answered the phone instead.

Most of the time, scammers don’t bother with names. They start off with a polite, “Good afternoon, ma’am.” I infuriated “Greg” by claiming he must be talking about someone else’s computer as it couldn’t be my computer that was infected. When “Greg” retorted that he knew everything about me and rattled off my name and the city I lived in, it made me think he was working off a list obtained from a data breach dump. That scared me a bit, knowing that these callers could possibly know where I lived, so I ended that call in a hurry.

It doesn’t matter in the end because the scammers will talk to anyone. My child answered the phone once, and instead of asking to speak with an adult in the house like any proper (and scrupulous) telemarketer would, the caller went through the explanation of how the computer was infected and needed to be dealt with immediately. My child, wanting to be helpful, scrambled to follow the instructions. Luckily, my child stopped to ask me which computer to turn on, at which point I took away the phone.

Considering kids don’t often have a credit card for the final payoff, it’s perplexing what scammers hope to gain by proceeding with calls involving minors. When asked, “Jake” huffed a bit, then ignored the question.

That was an eye-opening moment, and we immediately had a family meeting to explain these calls and emphasizing that no one should be calling and asking us to do anything on the computer. We had the same conversation with the grandparents.

On another call, I tried convincing “William” that I didn’t have a credit card, at which point he suggested I borrow a card from someone else. The implication was that if I really wanted to stop the hackers, borrowing a card wasn’t a big deal.

They will stick to the script, no matter what

Callers stick to a script, rarely veering off what they are supposed to say, even to the point of repeating the same keywords over and over. Take the exchange I had with “Nancy.”

“What I am trying to say is when you bought your computer, a technician installed the operating system, you know that? The Windows operating system,” said “Nancy.” I noted there was no such thing as the Windows company because it was an operating system. “That’s what I am saying. I am calling from the Windows Service Center. Windows is the operating system you are using, right? And this is a service center for Windows. There are 700 service centers for Windows, you know that?”

"Nancy" claimed later in the call that my Windows license would be canceled if I didn’t fix the issues on my computer. “You have been provided with the license for the operating system of your computer. Right? If we find that someone is misusing the computer for any reason or there is something going wrong, what we do first is that we cancel the license of the computer, which means that you won’t be able to use this computer, all right?”

I argued back, “Why not?”

“You are using the Windows operating system,” she repeated patiently. I hoped I was annoying her at this point. “If we cancel the license of the Windows operating system from our end, then your operating system gets locked.”

Way to spook victims with the idea of ransomware, “Nancy.”

“Being a Windows user, I believe you know that all Windows computers are connected to the same Windows Global Router in Virginia,” “Nancy” said.

Even conspiracy theorists can’t make up this stuff. All Windows users connecting to a massive network that monitors all their activity? The sad thing is I can see how people wouldn’t know how preposterous the idea sounds.

When “Rachel” told me she was calling because the technician had detected malicious activity from hackers on my computer at 5 a.m., I told her she was mistaken as my computer was always off at night. She ignored me and proceeded to the next part of her spiel where she asked me to open up Windows Event Viewer.

After a while, even the most curious recipient will give up asking questions, since the answers don’t make sense. I told “Nancy” so. “At this point you are saying a lot of things that make no sense, because they are not logical, but OK, go on.”

I was startled that she continued regardless. “If you do not remove the hacking file from this computer, then unfortunately, we will have to cancel the license of your computer so that there is no misuse of your personal information.”

“Nancy” really wanted that payout. Why not? I was making her work for it.

Each team operates differently

The Windows scam doesn’t appear to be the work of a single group. Toward the end of the observation period, callers were exclusively women, some with strong Eastern European accents and others with strong Indian accents. Earlier calls, in contrast, had been exclusively from males with Indian accents, except for “Steve,” who sounded American. Possibly Pennsylvania or Maryland. Not the Northeast, the South, or the Midwest. Definitely not Texas.

I am almost certain that I spoke with “Jake” at least seven times, but he was “Mike” and “William” at least once during those calls. It would have been smart for “Jake” and his team to take notes when victims didn’t pay, so they could spare themselves the effort of repeatedly calling to try to hook me. It’s pretty clear these folks aren’t using CRM software to track interactions with their “customers.” This wasn’t a highly professional criminal organization.

Despite these hints of amateurism, they were still getting the handful of victims necessary each day to make the operation worthwhile.

A few times throughout my experience with my various Windows scammers the thought crossed my mind that the callers themselves may be unwitting dupes for the actual criminals. Perhaps, like call center workers in the movie "Outsourced," these folks know nothing about the “company” they work for and are simply doing their jobs following the script. Perhaps they themselves are convinced they are actually being helpful.

I told “Frank” I had a really poor connection and I kept hanging up the phone. But he called back each time and remained very polite and eager to help. The dropped calls had to be tremendously annoying for him, but he never broke character. Maybe it wasn’t an act for him, and he genuinely believed in his purpose, unaware that the script was a scam. I finally disconnected the phone for the day to get him to go away.

When I asked “Jake” why he scammed people, he got angry and denied it, but “Mary” tried to convince me I was mistaken. She didn’t break character and assured me she’d helped many people in the time she’d been working there. She made me hesitate, and I am still not sure if she was simply skillful, or if she was the victim in this situation, manipulated by a criminal syndicate.

“Mary” was also the only one who remained polite when I accused her of taking part in the scam. All the others issued threats before hanging up, although “Nancy” did say, “Thank you,” before disconnecting.

Ask a lot of questions

The devil is in the details, and the more you ask questions instead of swallowing whatever the callers say, the more likely you will uncover inconsistencies or problems. The moment you suspect a scam, hang up.

Many of the callers don't take into consideration that you may have multiple computers. When I asked “Mike” which computer he wanted me to turn on, at first he didn’t understand what I was asking. “I am talking about your Windows computer,” he said.

I explained I didn’t know which of my seven computers had problems. I half-expected him to tell me any would do, but he went through the pretense of looking at his logs and telling me to turn on the one that had been on at noon the day before. I wonder if he would have tried again later with my other computers, but I didn't let him stick around long enough to find out.

My questions must have rattled “Nancy” from “Windows Technical Services,” a bit, since she switched the company name a few times during the course of the call. From “Windows Technical Services,” she switched to “Windows Security Services,” “the Windows Company,” and “Windows Service Center.”

Later on in that call, “Nancy” made another goof. “All I am trying to say, to do, is to explain that your computer is getting hacked by foreign IP addresses, from Texas and from California.”

Yes, Texas was once an independent republic, but come on, “Nancy.” You can do better.

Do not engage the scammer

Never, ever share any personal information. Don’t provide your name. Don’t talk about anything specific to you -- the caller wants to gain your trust and will engage in small talk while waiting for the computer to execute the commands you typed. Don’t go to any website the scammer tells you to visit, don’t accept emails, and most of all, don’t download any software during the call.

A recent variation of the scam depends on victims making the initial phone call. While browsing online, the victim comes across a browser pop-up stating the computer is infected and to call technical support at the listed number for instructions on how to fix it. The message is frequently served up via a malicious advertisement. Don’t call the number. Instead, close the browser and move on. It’s easier to never, ever engage the scammer.

If there really is a problem, you won’t find out over the phone. Microsoft doesn’t have the phone numbers of every user who owns a Windows computer, and the company definitely doesn’t call individuals if something goes wrong. If a problem exists -- say, the ISP thinks your computer is infected and spreading malware to other computers -- the notification will not come via a phone call. More important, there is no such thing as a Windows Global Router monitoring your computer activity.

1 2 Page 1
Page 1 of 2
Microsoft's very bad year for security: A timeline