Social engineering from India

Moments ago I received a call from India: "Hello Sir, with Microsoft support." I decided to play along. Luckily I had a working fresh installed virtual machine. It was quite interesting to see what these guys tried to do. Most of it was trying to convince me that my computer was at great risk. I must say that they did the social engineering part really well, complimenting me with the quality of my English (that isn't my native language), asking me how I am doing today repeating and summarizing what we talked about. On the other hand they were scaring me with creepy scenario's and convincing me that they would be able to help me.

 

I tried to make a screencapture video, but it failed (maybe next time). Here's what they told me to do and what they showed me (I talked to 4 different guys - from junior security engineers to management. Probably to build trust).

Dude 1 (first 10 minutes):

Could you press Windows-button - hold it - and press R. Now type "eventvwr". Go to the system log. Can you see any errors? Yes? Sir, Oh my God! Your computer is at serious risk. Let me put you through to the senior technical colleague.

(If you are wondering... seeing errors in the eventlog of Windows is really normal and most of the time no problem).

Dude 2 (next 15 minutes):

Sir, how are you today? Can you press Windows-button - hold it - and press R. Please type "www.ammyy.com". Yes, can you see the big green button? Yes, please click that and choose "run". Ok, sir, don't mind the warnings. Do you see the screen? Yes, can you read the ID to me?

(So, now they have control over my computer. They showed me the eventlog. They downloaded he Advanced System Care tool from Iobit and scanned the computer).

Ok, sir, do you see how many errors there are? Wow. I'm connecting you to the security manager. He will help you fix things.

Dude 3 (next 15 minutes):

Sir? Yes, well, you have a lot of errors. This computer is important to you? Ok. Hackers and virusses and malware can easily get on your computer and steal your passwords. Can I ask you how old your computer is? About five years? Ok. Microsoft only supports the security for a short time. Let me check.

He opens a console and types: tree <enter> color c <enter> Your firewall is not working!. This will display a lot of text, fast (since it show the complete filesystem structure). Then changes the color to red and shows the text he typed.

You see sir? The firewall is not working anymore. This is de most important defense of your computer. I think the support of Microsoft has expired, because the computer is this old.

He opens the certificates management and shows the standard Microsoft certificate which displays an error (by default, still not a problem).

You see the problem? I will connect you to my colleague. He will help you solve the problem.

Dude 4 (last 10 minutes):

Sir? (summarizes the problems for me). Do you own an Apple computer? No? Ok, maybe you know the Apple computer is more expensive than the Windows computer? that is because Apple offers lifetime security support. Yes, Microsoft does not. We can offer you the Microsoft premium package. Let me show you.

He opens up a browser window and goes to microsoft.com. He shows me some Micorosoft products like Security essentials (that are freely available!) and tells me that this will be included in the premium package.

So, sir, you can choose between 1 year (110 euros, support for one computer), 3 years (180 euros, support for two computers), 5 years (220 euros, support for 10 computers) and lifetime support (280 euros and support for unlimited computers). If you buy the 1 year subsciption and buy a new computer, the problems will be back! So what which package do you want?

I tell him the one year subscription. But I don't want to pay anything, he tells me I have to pay it now, asks for my creditcard number (he won't get that from me) and asks me what the name of my bank is. He sums up a few banks from my country. I tell him one (not my real bank) and he opens up the online banking site and asks me to log in.

At this time I decide to stop and tell him that I can't login at the moment. He tells me that they will offer me one day free support and I should leave my computer on for 15 minutes. After he hangs up, he cleans up the computer screen... runs some checks (I can see he installed some spyware) and opens a Notepad in which he tells me to reboot the computer.

Conclusion

These guys are quite clever. They have a clever way to build up trust and try to sell something that isn't real. Microsoft support their OS quite well. You don't need to buy premium packages or something like that. Never give away your creditcard number or log in to you online banking while someone is watching your computer.

These guys scare you. Show you fake data, use genuine tools to convince you, build up your trust that they are nice and will help you. And then say: now we only need your money.

Beware for callers you don't know and verify what they tell you!

Add comment


Security code
Refresh

Share this post
FaceBook  Twitter  

Archives

Latest comments