Frequent readers of this blog know that I have documented a couple of tech support scams in the past. For those who are not familiar with this scam, someone claiming to be from Microsoft or Apple, or perhaps an ISP claiming that your computer is broken in some way. They will then convince you to connect to them remotely so that they can control your computer and fix whatever problem they claim you have.While doing this, they will ask you for a credit card number at the very least, or at worst they will steal information off your computer so that they can commit some form of identity theft. And that doesn’t take into account the possibility that they will simply trash your computer in some way. Clearly these guys are scumbags and I truly feel that they are the lowest forms of life on Earth that need to be exterminated.
In any case, this past Monday I got an email from a 90 year old client of mine with cognitive issues who got one of these calls and completely got sucked into letting them connect to her computer and do their evil work. I dropped everything that I was doing and raced over there to see what damage was done after telling her to turn off the PC.
Upon arriving at her home, I interviewed her to find out what the sequence of events were. She apparently got a call from the scammers who were claiming to be from Microsoft and over the next half hour she fumbled her way to getting them connected to her computer. During that process the scammers got frustrated and abusive, which from my research isn’t a surprise as they want to get in, scam you and get out as quickly as possible. Then for the next hour they showed her all the “errors” that her computer. Then they made an appointment for the next day to fix all these “errors”. But due to her cognitive issues, she couldn’t give me many details. So I went about investigating her PC to see if I can figure out what they did.
I’m going to stop here for a moment and rant for a bit because scams like this makes me very, very angry. Because of her cognitive issues, she’s the perfect target for this sort of scam. I say that because according to her she has a “Microsoft” computer and from her perspective if someone from “Microsoft” calls her to help her, she should listen to them and do what they say. I’ll explain why that isn’t true in a bit. And because of her cognitive issues, I can’t get the usual amount of information for me to hunt down the scumbags behind this and expose them to the world. Which means that the people behind this one might have gotten away with this. The key word being might as I will do everything in my power to figure out who these scumbags are and expose them for what they are.
In any case, from what I can tell, they had the client download a piece of software called AnyDesk which is a commercially available piece of software that is typically used for remote access by IT help desks to help people in a company or for individuals to access a computer in their office from home. Using commercially available software is pretty typical behavior for these scammers as it adds some legitimacy to their scumbag activities and is not going to get flagged by antivirus software. I found a copy of AnyDesk in her download folder, and combined with some notes that she took and a Windows 7 (as she runs Windows 7) virtual machine, I was able to reverse engineer what they did to connect.
When you first run the application, you see this:
In the top left you will see a number which is 511 553 741. This is the code that the scammers use to connect to her computer from their copy of the software. I know this because on her notes, there was a set of numbers that I am guessing that she wrote down and then repeated to the scumbags.
The next box of interest is the “Set password unattended access…”. On her notes, I saw “can12345” which is not the most original password that I have seen. But this I assume that this is meant to set up her computer so that they can come into the computer, look around and steal stuff at will assuming the computer was on. I also noted that they had configured the program to take total control of the computer do anything they wanted.
The final box of interest is the “Install AnyDesk” box. I am going to guess that once the scammers connected, they pressed this button so that AnyDesk would be live and connected to the Internet without requiring a user to do anything. To make sure that they couldn’t do anything on that front, I uninstalled AnyDesk. I also examined the computer in a variety of ways and found no evidence that they did anything else. No backdoors, no viruses, nothing. Though I am going to be doing a second look at the computer today to make sure that there’s no other issues lurking to cause trouble. But based on my initial look at her computer I think that they might have done some sort of “dog and pony show” to make her think that there were major problem with her computer and to suck her into letting them do more.
One that that really got my interest is that they did not ask for her credit card details or her banking info. This is strange as when I typically come across these scams, the scammers try to get these details up front. I can only see three possibilities for this:
- They were going to get these details in their appointment that they scheduled for the next day. Which I told her to hang up on them when they called.
- They were looking for details for identity theft.
- Both of the above.
When I examine her computer again today, I will take a second look for evidence of any of this. I will post an update with what happens. But in the here and now, let me give you some advice in terms of avoiding being a victim of one of these scams. When I covered previous tech support scams that I investigated, I posted this advice which is still true today. But if you take away nothing else from this, remember that you will never, ever get a call from Apple, Google, or Microsoft to fix your computer. It will not happen. Thus if you get a call like this, hang up. That is guaranteed to make sure you are not a victim.
Expect a further update on this later today. As mentioned above, I am taking a second look to see if these scumbags did anything else, and I will be trying again to see if I can identify who they are so that I can name and shame them.
I Find Myself Involved In Dealing With Another Tech Support Scam
Posted in Commentary with tags Scam on February 17, 2021 by itnerdFrequent readers of this blog know that I have documented a couple of tech support scams in the past. For those who are not familiar with this scam, someone claiming to be from Microsoft or Apple, or perhaps an ISP claiming that your computer is broken in some way. They will then convince you to connect to them remotely so that they can control your computer and fix whatever problem they claim you have.While doing this, they will ask you for a credit card number at the very least, or at worst they will steal information off your computer so that they can commit some form of identity theft. And that doesn’t take into account the possibility that they will simply trash your computer in some way. Clearly these guys are scumbags and I truly feel that they are the lowest forms of life on Earth that need to be exterminated.
In any case, this past Monday I got an email from a 90 year old client of mine with cognitive issues who got one of these calls and completely got sucked into letting them connect to her computer and do their evil work. I dropped everything that I was doing and raced over there to see what damage was done after telling her to turn off the PC.
Upon arriving at her home, I interviewed her to find out what the sequence of events were. She apparently got a call from the scammers who were claiming to be from Microsoft and over the next half hour she fumbled her way to getting them connected to her computer. During that process the scammers got frustrated and abusive, which from my research isn’t a surprise as they want to get in, scam you and get out as quickly as possible. Then for the next hour they showed her all the “errors” that her computer. Then they made an appointment for the next day to fix all these “errors”. But due to her cognitive issues, she couldn’t give me many details. So I went about investigating her PC to see if I can figure out what they did.
I’m going to stop here for a moment and rant for a bit because scams like this makes me very, very angry. Because of her cognitive issues, she’s the perfect target for this sort of scam. I say that because according to her she has a “Microsoft” computer and from her perspective if someone from “Microsoft” calls her to help her, she should listen to them and do what they say. I’ll explain why that isn’t true in a bit. And because of her cognitive issues, I can’t get the usual amount of information for me to hunt down the scumbags behind this and expose them to the world. Which means that the people behind this one might have gotten away with this. The key word being might as I will do everything in my power to figure out who these scumbags are and expose them for what they are.
In any case, from what I can tell, they had the client download a piece of software called AnyDesk which is a commercially available piece of software that is typically used for remote access by IT help desks to help people in a company or for individuals to access a computer in their office from home. Using commercially available software is pretty typical behavior for these scammers as it adds some legitimacy to their scumbag activities and is not going to get flagged by antivirus software. I found a copy of AnyDesk in her download folder, and combined with some notes that she took and a Windows 7 (as she runs Windows 7) virtual machine, I was able to reverse engineer what they did to connect.
When you first run the application, you see this:
In the top left you will see a number which is 511 553 741. This is the code that the scammers use to connect to her computer from their copy of the software. I know this because on her notes, there was a set of numbers that I am guessing that she wrote down and then repeated to the scumbags.
The next box of interest is the “Set password unattended access…”. On her notes, I saw “can12345” which is not the most original password that I have seen. But this I assume that this is meant to set up her computer so that they can come into the computer, look around and steal stuff at will assuming the computer was on. I also noted that they had configured the program to take total control of the computer do anything they wanted.
The final box of interest is the “Install AnyDesk” box. I am going to guess that once the scammers connected, they pressed this button so that AnyDesk would be live and connected to the Internet without requiring a user to do anything. To make sure that they couldn’t do anything on that front, I uninstalled AnyDesk. I also examined the computer in a variety of ways and found no evidence that they did anything else. No backdoors, no viruses, nothing. Though I am going to be doing a second look at the computer today to make sure that there’s no other issues lurking to cause trouble. But based on my initial look at her computer I think that they might have done some sort of “dog and pony show” to make her think that there were major problem with her computer and to suck her into letting them do more.
One that that really got my interest is that they did not ask for her credit card details or her banking info. This is strange as when I typically come across these scams, the scammers try to get these details up front. I can only see three possibilities for this:
When I examine her computer again today, I will take a second look for evidence of any of this. I will post an update with what happens. But in the here and now, let me give you some advice in terms of avoiding being a victim of one of these scams. When I covered previous tech support scams that I investigated, I posted this advice which is still true today. But if you take away nothing else from this, remember that you will never, ever get a call from Apple, Google, or Microsoft to fix your computer. It will not happen. Thus if you get a call like this, hang up. That is guaranteed to make sure you are not a victim.
Expect a further update on this later today. As mentioned above, I am taking a second look to see if these scumbags did anything else, and I will be trying again to see if I can identify who they are so that I can name and shame them.
2 Comments »