Moments ago I received a call from India: "Hello Sir, with Microsoft support." I decided to play along. Luckily I had a working fresh installed virtual machine. It was quite interesting to see what these guys tried to do. Most of it was trying to convince me that my computer was at great risk. I must say that they did the social engineering part really well, complimenting me with the quality of my English (that isn't my native language), asking me how I am doing today repeating and summarizing what we talked about. On the other hand they were scaring me with creepy scenario's and convincing me that they would be able to help me.

I tried to make a screencapture video, but it failed (maybe next time). Here's what they told me to do and what they showed me (I talked to 4 different guys - from junior security engineers to management. Probably to build trust).

Dude 1 (first 10 minutes):

Could you press Windows-button - hold it - and press R. Now type "eventvwr". Go to the system log. Can you see any errors? Yes? Sir, Oh my God! Your computer is at serious risk. Let me put you through to the senior technical colleague.

(If you are wondering... seeing errors in the eventlog of Windows is really normal and most of the time no problem).

Dude 2 (next 15 minutes):

Sir, how are you today? Can you press Windows-button - hold it - and press R. Please type "www.ammyy.com". Yes, can you see the big green button? Yes, please click that and choose "run". Ok, sir, don't mind the warnings. Do you see the screen? Yes, can you read the ID to me?

(So, now they have control over my computer. They showed me the eventlog. They downloaded he Advanced System Care tool from Iobit and scanned the computer).

Ok, sir, do you see how many errors there are? Wow. I'm connecting you to the security manager. He will help you fix things.

Dude 3 (next 15 minutes):

Sir? Yes, well, you have a lot of errors. This computer is important to you? Ok. Hackers and virusses and malware can easily get on your computer and steal your passwords. Can I ask you how old your computer is? About five years? Ok. Microsoft only supports the security for a short time. Let me check.

He opens a console and types: tree <enter> color c <enter> Your firewall is not working!. This will display a lot of text, fast (since it show the complete filesystem structure). Then changes the color to red and shows the text he typed.

You see sir? The firewall is not working anymore. This is de most important defense of your computer. I think the support of Microsoft has expired, because the computer is this old.

He opens the certificates management and shows the standard Microsoft certificate which displays an error (by default, still not a problem).

You see the problem? I will connect you to my colleague. He will help you solve the problem.

Dude 4 (last 10 minutes):

Sir? (summarizes the problems for me). Do you own an Apple computer? No? Ok, maybe you know the Apple computer is more expensive than the Windows computer? that is because Apple offers lifetime security support. Yes, Microsoft does not. We can offer you the Microsoft premium package. Let me show you.

He opens up a browser window and goes to microsoft.com. He shows me some Micorosoft products like Security essentials (that are freely available!) and tells me that this will be included in the premium package.

So, sir, you can choose between 1 year (110 euros, support for one computer), 3 years (180 euros, support for two computers), 5 years (220 euros, support for 10 computers) and lifetime support (280 euros and support for unlimited computers). If you buy the 1 year subsciption and buy a new computer, the problems will be back! So what which package do you want?

I tell him the one year subscription. But I don't want to pay anything, he tells me I have to pay it now, asks for my creditcard number (he won't get that from me) and asks me what the name of my bank is. He sums up a few banks from my country. I tell him one (not my real bank) and he opens up the online banking site and asks me to log in.

At this time I decide to stop and tell him that I can't login at the moment. He tells me that they will offer me one day free support and I should leave my computer on for 15 minutes. After he hangs up, he cleans up the computer screen... runs some checks (I can see he installed some spyware) and opens a Notepad in which he tells me to reboot the computer.

Conclusion

These guys are quite clever. They have a clever way to build up trust and try to sell something that isn't real. Microsoft support their OS quite well. You don't need to buy premium packages or something like that. Never give away your creditcard number or log in to you online banking while someone is watching your computer.

These guys scare you. Show you fake data, use genuine tools to convince you, build up your trust that they are nice and will help you. And then say: now we only need your money.

Beware for callers you don't know and verify what they tell you!

Last week I came across this computer standing under/on a desk in the office. The sign is in Dutch and says: "Do not use. A query is running."

Wow... what a query that must be! :-)

Recently I had to create a script for removing Outlook attachments from emails after saving them locally. Of course VB script isn't the strongest part of my programming skills (and I tend to keep it that way). But in this case it was needed. After quite a lot of searching on the Internet I came to the conclusion that I would have write it on my own. There are a lot of example scripts out there, but none of them did exactly what I wanted. I used this script as a basis.

So here is the script I copied and pasted together for you. It does the following:

• Ask which Outlook folder you want to process recursively
• Ask which local folder you want to save the attachments in (it will create the Outlook folder structure within the chosen local folder)
• Recursively process the Outlook folders
• Save any attachments it finds and removes them from the Outlook mail (it uses the HTML body of the mail so no formatting is lost)
• Adds links to the local file in the original mail for easy opening

Download the script here.

The only way I can get my work calendar on my android phone is using Google Calendar. And publishing through office.com doesn't work anymore. For a while I used the service of iCal Exchange, but this isn't very stable. There aren't many alternatives out there to use, so I needed to come up with another solution to do this:

1. Publish calendar from Outlook 2010 to a Webdav server
2. Get the file in Google calendar. Google only allows public agenda's, so no password protection.

Well... As I said: there aren't many free WebDAV providers out there and I wasn't going to run my own WebDAV server. The only WebDAV provider, besides iCal Exchange, was Box.com. And publishing from Outlook to Box.com is quite easy. Just open the context menu on the calendar that you want to publish, select Share, and than Publish to WebDAV Server. Publish to Box.com using this address https://www.box.com/dav/path/to and provide your username and password to login.

Now, to publish the file in Google calendar. Since Box.com doesn't provide any way to share the file publically (without username and password), this is the hard part. After a while of searching I found the solution. I found a WebDAV client in C# that allowed me to login and download the file. So I used this to login and retrieve the calendar file. This url you can use in Google calendar. Download an example solution here.

I did some hacking in the WebDAV client code. It worked asynchrone and stored the remote file in a local file. I deleted a lot of code and made it synchone. It now gets the remote file into a buffer, so no local file is needed.