Adventures with Indian scammers on the phone and computer

Shoe BoxShoe Box Banned Posts: 118
We've all heard about these Indian scammers who claim to be from Microsoft and charge huge amounts of money to fix computers that don't have problems. I just encountered one and their victim.

Last week, I rebuilt a Dell desktop for someone. It needed a new hard drive, which it got, then I did a full fresh install of 7 HP 64 bit on it, and included AVG Free, Malwarebytes, and CCleaner. The owners were a couple in their 50s, and didn't know much about computers. I spent a good half hour at their house answering questions when I returned their computer last Thursday.

This morning, at 7:30 am, she calls me, all excited about a call she just had. Some Indian scammer had called, claiming to be from Microsoft, had her disable the AVG, and then he had her type in msconfig and was doing some things. When he got to the point of asking for $177.78 to "fix" the computer, which was already as fixed as it is possible to get, the computer owners shut off the computer and hung up.

They tried to call back 4 times before they quit trying.

But while he was in the computer, he put a login password on it. And now that we don't know the password, I have to rebuild it again. I will do a full reformat to erase anything they might have done.

I have to wonder how the Indian scammers got her information to call her in the first place. Maybe someone at Comcast is collecting customer data and selling it to them?

Comments

  • TongyTongy Member Posts: 234
    Not sure you do, I've removed accounts from PCs for people without having to rebuild the OS. Lots of free tools out there that can help, you just need to know where to look!
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    I'd full format it again, they cold call people or people call them from a number that pops up on the screen (such as a fake notice). Unless there is data they need, you could use the Hiren's boot cd to remove passwords, but seems to me there may be malware on that pc already.
    I am a Jack of all trades, Master of None
  • Shoe BoxShoe Box Banned Posts: 118
    The lady told me she had downloaded some sort of free games package on the computer, and after that, the fun began. I will just full format it, that way I know what is and isn't there. It's easier to do that than to try and save a couple hours and risk having problems pop up again.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Can I suggest that you ask your client to read this - Avoid Phone Scams | Cybercriminal Tech Support Scam | Security Threats

    And the FTC has been actively tracking this latest string of scams after the last shutdown - you may want you encourage your client to report it here - https://www.ftccomplaintassistant.gov
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,752 Mod
    Some people are such idiots. After all that work you have done on their computer, you should make them sign an agreement not to talk with anyone but you. (I am being sarcastic..but they give people in their 50s a bad rap...)
    Never let your fear decide your fate....
  • MTciscoguyMTciscoguy Member Posts: 552
    I am in my 50's and have learned over the years a few very choice words that I tell them on the phone when they call. Then I really start to have fun!

    icon_lol.gif
    Current Lab: 4 C2950 WS, 1 C2950G EI, 3 1841, 2 2503, Various Modules, Parts and Pieces. Dell Power Edge 1850, Dell Power Edge 1950.
  • Mike7Mike7 Member Posts: 1,074 ■■■■□□□□□□
    MTciscoguy wrote: »
    I am in my 50's and have learned over the years a few very choice words that I tell them on the phone when they call. Then I really start to have fun!
    You are a IT guy. Most people have no idea how IT works; they believe every word that the "expert" tells them.

    I always tell people to check the weather whenever they have computer problems. icon_rolleyes.gif
    See 51% Of People Think Stormy Weather Affects 'Cloud Computing' - Business Insider icon_lol.gif
  • srabieesrabiee Member Posts: 1,231 ■■■■■■■□□□
    Indian scammers are notorious for running SysKey.exe to lock users out of their own computers and hold the system for "ransom" until the user pays them money.

    https://en.wikipedia.org/wiki/Syskey
    WGU Progress: Master of Science - Information Technology Management (Start Date: February 1, 2015)
    Completed: LYT2, TFT2, JIT2, MCT2, LZT2, SJT2 (17 CU's)
    Required: FXT2, MAT2, MBT2, C391, C392 (13 CU's)

    Bachelor of Science - Information Technology Network Design & Management (WGU - Completed August 2014)
  • kohr-ahkohr-ah Member Posts: 1,277
    My coworker at my last company got these calls a lot.

    He always had a snapshot of a windows 7 vm. Would load the VM up and give them access and watch them go to down doing nothing to his system then politely inform them that they just took over a useless VM and just rollback the snapshot and wait for the next one.
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    I also have a vm waiting should they ever call me. I plan on recording the whole thing for a nice youtube video.
    I was seriously considering having files on the desktop which say accounts.doc and have it laden with malware, as well as logins.pdf file which would would have a payload with a netcat connection back to me of course.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Scammers are everywhere - it's not specific to India.

    @MrAgent - why wait for them to call you? Be proactive and strike first icon_smile.gif - if you google around - you should be able to find some of the sites that host the numbers of the call-centers.

    One of the more amusing recordings - https://www.youtube.com/watch?v=c4HKOWG2oEA
  • MTciscoguyMTciscoguy Member Posts: 552
    MrAgent wrote: »
    I also have a vm waiting should they ever call me. I plan on recording the whole thing for a nice youtube video.
    I was seriously considering having files on the desktop which say accounts.doc and have it laden with malware, as well as logins.pdf file which would would have a payload with a netcat connection back to me of course.

    As I said, then I really start having fun!

    icon_lol.gif
    Current Lab: 4 C2950 WS, 1 C2950G EI, 3 1841, 2 2503, Various Modules, Parts and Pieces. Dell Power Edge 1850, Dell Power Edge 1950.
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Download PC Log In Now and burn it to a disc. Take it over to their PC and boot to it. Follow the wizard and remove the Admin password and reboot the machine. Easy peasy!
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • v1ralv1ral Member Posts: 116 ■■□□□□□□□□
    kohr-ah wrote: »
    My coworker at my last company got these calls a lot.

    He always had a snapshot of a windows 7 vm. Would load the VM up and give them access and watch them go to down doing nothing to his system then politely inform them that they just took over a useless VM and just rollback the snapshot and wait for the next one.
    I should have done this but instead of Windows put a non-popular distro of Linux.
Sign In or Register to comment.