“I am calling you from Windows.”
So goes the opening line of the well-known phone scam, where a person calls purporting to be a help desk technician reaching out to resolve your computer problems. These Windows scammers feed off people’s concerns about data breaches and identity theft to trick them into installing malware onto their machines. The scam has been netting victims for years, despite the fact that none of what the callers say makes sense.
I recently received such a call and decided to play along, to see how the scam evolves and who the players might be. Over a period of three months, I received calls on average of four times a week, from various people, all intent on proving that my computer had been hacked and that they were calling to save the day. I had multiple opportunities to try a variety of conversational gambits and to ask questions of my own. Here is what I found out about the Windows scammer underworld via conversations with “Jake,” “Mary,” “Nancy,” “Greg,” “William,” and others.
The scam’s success hinges on being helpful
The callers are polite, and they sound very earnest, explaining in great detail how hackers can loot your bank accounts, steal your identity, and compromise passwords. They are intent on convincing you the threat is not only real but hackers are already in your system performing all manner of nefarious activities. Your computer has been slow, they say. Or they explain that they have detected suspicious activity emanating from your PC.
“Whenever there is any negative activity going on with your computer, right? We get notified from the license ID of your computer,” said “Nancy.”
The scammers don’t expect you to take it at their word; they are willing to show proof that your computer has been hacked. They instruct you to press the Windows key and R to bring up the Run box on your system, and to enter commands to open Windows Event Viewer. The caller notes how many errors are listed (most of which are harmless) and uses the list as proof the computer is compromised. “Jake” walked me through finding my unique computer ID using the command line.
“Rachel” sounded genuinely horrified when I told her how many errors were in Windows Event Viewer: “This is the worst I’ve ever seen!” I burst out laughing. Needless to say, she hung up immediately.
Once the victim has been convinced there is a problem, the hard part is done. Depending on the scam, the caller tries to talk you into installing remote software, such as TeamViewer or AMMYY, onto your computer, or they direct you to a website to download software that would supposedly fix the problems. The remote control software can be used by the attacker to steal data, download malware, and further compromise the system.
To avail myself of their help, I would have to hand over my credit card number and pay anywhere from $49 to $500. I never got past this step, though.
It doesn’t matter who the victim is
Scammers get phone numbers from myriad places: marketing lists sold between telemarketers, the phone book, personal records of criminal forums from data breaches. Some scammers used my married name, which isn’t listed anywhere. Because our phone is listed in my husband’s name, scammers working off public phone records probably switched to Mrs. when I answered the phone instead.
Most of the time, scammers don’t bother with names. They start off with a polite, “Good afternoon, ma’am.” I infuriated “Greg” by claiming he must be talking about someone else’s computer as it couldn’t be my computer that was infected. When “Greg” retorted that he knew everything about me and rattled off my name and the city I lived in, it made me think he was working off a list obtained from a data breach dump. That scared me a bit, knowing that these callers could possibly know where I lived, so I ended that call in a hurry.
It doesn’t matter in the end because the scammers will talk to anyone. My child answered the phone once, and instead of asking to speak with an adult in the house like any proper (and scrupulous) telemarketer would, the caller went through the explanation of how the computer was infected and needed to be dealt with immediately. My child, wanting to be helpful, scrambled to follow the instructions. Luckily, my child stopped to ask me which computer to turn on, at which point I took away the phone.
Considering kids don’t often have a credit card for the final payoff, it’s perplexing what scammers hope to gain by proceeding with calls involving minors. When asked, “Jake” huffed a bit, then ignored the question.
That was an eye-opening moment, and we immediately had a family meeting to explain these calls and emphasizing that no one should be calling and asking us to do anything on the computer. We had the same conversation with the grandparents.
On another call, I tried convincing “William” that I didn’t have a credit card, at which point he suggested I borrow a card from someone else. The implication was that if I really wanted to stop the hackers, borrowing a card wasn’t a big deal.
Next page: More lessons learned