A French security blogger named Ivan Kwiatkowski was incensed when scammers tried to scam his parents, by pretending to be Microsoft, helping them sort out virus problems.
A few days ago, I received a panicked call from my parents who had somehow managed to land on a web page claiming they had been infected by a virus called Zeus and needed to call a support line for help.
Ivan decided he would give them a call. A lady named Patricia answered. Ivan told her that he was a businessman and that time was of the essence. Patricia guided Ivan through the steps needed to download remote-assistance software and take control of the PC.
She then blatantly typed in information and tried to make it look as if the computer was displaying the message. It said "1452 virus found”.
After a lot of messing about, she reached the conclusion that the computer had been infected and needed to be cleaned up. She encourages Ivan to buy package software - either ANTI SPY or ANTI TROJAN, for $189.90.
"Look! In the terminal! 1452 viruses found!
Ivan agrees to buy the software and says he’ll buy it in Paris. End of conversation.
Ivan assumed that Patricia must have been a trainee scammer. He waited half an hour or so and called again. This time Dileep answered and went through the whole procedure again.
Dileep seemed much more familiar with his script, and he added some nice details such as showing Ivan that the machine has a lot of stopped services which is "totally not normal". [Oh yes it is!]
Dileep then tells Ivan he has cleaned out the viruses without charge but he recommends that Ivan purchase a Tech Protection subscription (safety from viruses) for €299.99.
Ivan agreed to purchase this package and found a test credit card number.
For obvious reasons, the payment was rejected and Ivan and Dileep tried again four or five times. In the end, Ivan suggested using a second credit card and give him another random yet valid number. Dileep makes Ivan repeat both payment details at least ten times and Ivan play dumb. Dileep calls his superior in the hopes of figuring out why the payment isn't going through.
Now as part of his job, Ivan was working on j.locky ransomware and had a copy on another PC. J.Locky is a nasty pieces of software - once it infects a machine, it encrypts all of the data then demands a payment to provide the encryption unlock key.
The remote-assistance client Ivan had installed at the request of the scammers has a feature allowing him to send files to the operator. He uploaded photos of the credit card complete with J.Locky infection and tells Dileep what he’s done so that Dileep can enter the numbers himself.
Dileep said nothing for a short while, and then admits nothing seems to be happening.
Ivan struggled not to burst out laughing as he knew that the J. Locky infection would be busy encrypting the scammers data files and would then demand a ransom to release them. Couldn’t happen to a more deserving guy.
Eventually, Dileep gives up, suggesting that Ivan contacts his bank
We don’t all have the technical expertise that Ivan has, but you can still keep the scammers occupied and the more of their time you waste – the fewer people they can scam.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.