Tech support scams and the wisdom of Solomon

TelephonesSurprisingly enough, given the years I’ve put in documenting and offering advice on tech support scams, I don’t spend a lot of time talking to the scammers, even though I’ve had many of those calls over the years.

In fact, these days I generally say something rude and put the phone down. Not so long ago, I’d try to string them along for a while just to see what tricks they’d use to persuade me

  1. that they knew something about the PC I was using
  2. that I needed to pay them to help me with some mythical problem like a virus.

And, in fact, I have a long string of articles on ESET's blog site and elsewhere that are intended to recognize common ploys and explain how those tricks work.

Event viewer

What I don’t do is keep them on the line as long as possible in order to waste time they could be spending scamming someone more credulous.

However, I don’t advise you to try this at home unless you have a pretty good idea of what you’re doing: when experts like Virus Bulletin's Martijn Grooten allow a scammer access to their systems so as to observe exactly what he (the scammer) is doing, they do so on a virtual machine so that they can restore the system afterwards to reverse any damage (intentional or otherwise) inflicted on the ‘victim’ system.

Not that I disapprove of wasting a scammer’s time in the least: some of my articles have attracted copious comments from people who’ve set out to do just that, and they’ve given me hours of amusement.

One commenter said:

I asked him what my ip address was - for a guy that knew so much about my computer and all the people hacking it and using my internet he couldn't even come up with that one, his answer was "I cannot see your ip address because these hackers have stolen it." ☺

Alan SolomonIf the idea is to waste as much of a scammer’s time as possible, however, I suspect that the reigning world champion is Dr Alan Solomon.

That’s not a name you hear so much in the security industry nowadays, but back in the early 1990s when I first became heavily involved in anti-malware research, Dr Solomon’s Anti-Virus Toolkit was a major player in the anti-virus industry.

More recently, Dr Solomon's blog reveals that alongside geo-caching and repairing his electric bikes, he is having great fun winding up the phone scammers and nuisance callers who make life unpleasant for the rest of us.

Over the past month or two, he has posted several articles on his own blog recounting his adventures with support scammers, and I could almost feel sorry for the scammers, who clearly have no idea what or who they’re dealing with. Well, one of his victims did start to get the idea eventually:

"You're an expert, you're just pretending to be stupid. You're just wasting my time!!!"

So here are the current six episodes where Dr Solly messes with the heads of assorted grades of support scammer (I have a feeling there may be more to come):

Not, I’ll grant you, the most imaginative titles I’ve ever seen, but when it comes to confusing a support scammer with imaginary connection problems and imaginary reboots on imaginary Windows PCs, Alan Solomon is undoubtedly The Man.

If you’re slightly confused as to what’s going on in those articles, and want to know more about support scams and how they work (or are supposed to work) there’s a huge collection of links to further information on the AVIEN support scam page.

What I like about Alan Solomon's articles is that they demonstrate that while some of the gambits used to confuse and mislead the victim are quite clever, many of the call centre workers who deliver those gambits are not necessarily clever or technologically sophisticated.

In fact, I’ve lost count of the number of times I’ve confused a scammer simply by not letting them follow their script.

Perhaps our best hope is that sooner or later they’ll all get round to calling Alan, after which they’ll be so discouraged that they’ll quit and take an honest job.

(Visited 651 times, 1 visits today)

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

10 Responses

  1. andy

    June 19, 2014 at 1:29 pm #

    I spent about 30 minutes on the phone with one of these support guys. He told me he was with Microsoft and located in New York City. We went round and round for a bit until I let him know that I knew all about the scam. I asked if he was willing to answer some questions for me, and he said yes.

    First, I asked what borough of New York he was working in. He didn't know, he could only tell me it was NYC.

    Next I asked about the number of calls he makes and the success rate. I found out that his success rate was about 3%. Not bad when you consider that his daily haul could be $600 USD in a place where most people won't earn that in a year.

    He told me that he works in an office, still insisting that he's in NYC, with fewer than a dozen other callers. Collectively they make well over 1000 calls a day.

    I then wished him the best in his scamming and encouraged him to do some wikipedia research on NYC. He told me to have a nice day and the call was over.

  2. DIPTANGSHU MISHRA

    June 19, 2014 at 1:33 pm #

    Ha ha ha! Yeah waste their time.

  3. Stuart Dyckhoff

    June 19, 2014 at 2:21 pm #

    Ah yes – dear old Dr Solly. He and Steve Gibson are the characters we need more of in IT but unfortunately bean counters get in the way.

    Always disappointed but do understand the selling of his AV company to McAfee.

    • Graham Cluley in reply to Stuart Dyckhoff.

      June 19, 2014 at 2:29 pm #

      In fairness to Alan, he didn't sell up to McAfee. He sold the company to a management buy-out team who, a few years later, sold it to McAfee.

    • Coyote in reply to Stuart Dyckhoff.

      June 20, 2014 at 4:45 pm #

      Steve Gibson is a charlatan. There's ample evidence of that fact. Please, people, stop for a moment, look in to it and think. He isn't what he claims to be. Everyone is better off if they realise how bad he is. He is right up there with some other self-proclaimed experts. Even seclists has had some people erroneously think he was all he claims (but thankfully someone set the record straight.. and I assure you many others would have if they got to it first). So no, we do not need Steve Gibson. A charlatan is more or less a scammer (even worse I would argue: scammers simply cheat, charlatans assume the role of an experienced person, can be trusted and then abuses that trust for their own gains). Seeing as how this post is about scammers, I find that all the more important. Some examples from his own website: DNS cache poisoning is only a real threat since 2008. Really? No, long before that. I seem to remember specific examples of it by the w00tw00t team. Another one: his supposed perfect passwords. That he refers to SSL (with a LONG history of vulnerabilities) as being "snoop proof" (he remarks about this same thing elsewhere) says a lot. Yeah, sure, SSL is "snoop" proof. There's more than one exploit involving a MITM and that's not even the only flaw (wonder why anything < TLSv1.2 is considered insecure? even then there's bound to be additional problems that are not known). He even has health advice which is flat out dangerous. And his claim that raw sockets have no use outside of attacks is ridiculous (and very ignorant indeed… there are many reasons for them including lower level networking [go figure..] and new protocol implementations, not to mention positive security things). And his so-called improved syn cookies (which he claimed he hadn't heard of) explained here: http://www.theregister.co.uk/2002/02/25/steve_gibson_invents_broken_syncookies/

      No, make no mistake: he is a fraud and a dangerous one at that.

      • Coyote in reply to Coyote.

        June 20, 2014 at 4:59 pm #

        Here's another good example conversation with him that shows how little he knows. Example being that SSL Is somehow immune from MITM attacks (which is nonsense, always). Yet:

        https://www.google.com/search?hl=en&client=firefox-a&hs=f1x&rls=org.mozilla:en-US:official&q=ssl+mitm+attack&oq=&gws_rd=ssl&gbv=1&sei=zFikU_TyEI6AqgaT44KgDA

        Here is a conversation with him. I would elaborate but Attrition, like always, does a really good job. That link above is actually from them. I already knew the stuff he claimed was wrong (and know of the tool that is referred to do exactly what he claims is not possible… in fact it is in the Fedora Core repository and I have it installed on my computer, even):

        http://attrition.org/errata/charlatan/steve_gibson/gibson_on_wireless.html

  4. Nick Ioannou

    June 19, 2014 at 2:32 pm #

    The really nasty side to these scams is where they install fake antivirus with a Trojan as well take payment from the victim. As it is now easier to buy a virtual telephone land line in practically any country, this scam (I remember the XP one with the skull and crossbones exe icon) and it's variants are here to stay, unless the phone companies start taking steps.

  5. Vesselin Bontchev

    June 20, 2014 at 9:21 am #

    Alan is the best. :-)

    I am ashamed to admit it, but my aunt in California got caught by one of these scams. She didn't pay anything but did let the scammer on her computer and he installed various things that would make her browser go to porn sites. Even after I cleaned her computer and explained her everything about the scam, the scammer kept calling her for several days. Since she refused to talk to him any more, he eventually threatened her that he was going to plant a bomb in front of her house! She ended up calling the police and changing her phone number.

  6. James Howard

    July 18, 2014 at 8:09 am #

    This was happened to me last month, People have to be more carefull with tech support

Leave a Reply