I've been called by some "Windows support" three times during last month. The first time I didn't have the time to talk to them but the second time I took the time to do so.
Somehow, even though I don't have a windows computer, I was able to fake it for about 10 minutes that I am following his instructions and doing what he tells me. First I had to press Win+r, which I didn't really know what it did, but I suspected it opened the CMD, so I told him that a new window opened, a black one. Then he spelled to me what I should write (I don't remember what, I didn't have anything to write with me).
Then he asked me if I had Chrome installed, I said yes and he spelled a website url to me. I told him that it loaded and there was a "Download" button and asked if I should click it. He said yes. Then he talked me through how to install it, from his description I got that it was TeamViewer.
He told me to start it, bare in mind that this was painfully slow for both of us because I had to come up with plausible mistake to make and had to think of some plausible but generic answers on the way because he always asked me what I'm seeing on the streen now. After I "started" it I had to tell him that in fact I didn't have a computer in front of me, but I only was playing along with his script.
He stopped for a couple of seconds and then he asked me:
"How is this possible ...? Why are you waisting my time??"
> "How is this possible ...? Why are you waisting my time??"
That's actually not so bad. I got a different, more hilarious response when a scammer realized I was stringing him along. Which I recorded.
I received a call just last Thursday from a professionally recorded American sounding female voice saying it was my credit card company. "Nothing was wrong with my account" but there was an opportunity to reduce my interest rate on EITHER my "MasterCard" OR "Visa." I knew this was going to be fun so I played along, pressed 1, and got connected to a guy from India. He began by asking for my credit card number to verify my account.
I started recording half way through, hoping to keep him on longer but failed. Here's the short clip from when he realized I was giving him random credit card numbers (NSFW language):
Super annoying, I've been getting many of the Marriott calls from a local number (408) lately. Not sure what I can do besides not pick up unknown local calls.
> I received a call just last Thursday from a professionally recorded American sounding female voice saying it was my credit card company. "Nothing was wrong with my account" but there was an opportunity to reduce my interest rate on EITHER my "MasterCard" OR "Visa."
I've gotten phone calls where the recording introduced itself with "Hi, this is the credit card holder rewards center for Visa Mastercard."
Can they be any more obvious they're a scam?
And then there's the generic "Hello, this is Rachel from Cardmember Services". Or "Cardholder Services" or whatever name they're using at the moment (it keeps changing names as the feds keep going after them).
Sometimes you think it's stupidity, but sometimes from their side the clever scammers use it as a filter.
You obviously know it doesn't make sense, so you hang up and don't waste their time. But xyz down the road doesn't, which means they are both not as informed and far more likely to fall for the scam.
I've had them curse and scream at me for wasting their time.
One time after a few minutes on a call he asked me what I saw on the screen and I just said "My wallpaper, with the word Ubuntu across the back" and he started shouting "fucking kill yourself" and hung up!
I've only answered the phone once with these scammers. I told them I was using a Mac and after confirming three times that it was a Mac, he said "you're a liar!" and hung up.
They have little incentive to bother you once it's clear you aren't falling for it. The more of their time you waste, the more likely you'll get to some permanent blacklist which is good.
You would think so, and that was what I was trying to do, to get on some black list, but less then a week later they called me again, this time a woman called, but I didn't have the time to redo the whole thing again.
The company's not going to bother me, but it just takes one stalkery-minded person to start a personal vendetta. As someone with a unique name and a variety of Googlable data, I try to be fairly careful about who I piss off.
Let him have his vendetta. What is someone in India who is so poor he needs to work on the phones for one of these scammers going to do?
It would take quite a while to save up for a plane ticket, and they would be risking their job if they abused their access to the phone system. If they somehow do own that scam business, then anything they do risks their profit margin.
Really not hard to imagine how someone half the world away could make life miserable for someone - SWATting, bomb threats to kids' schools, harassing phone calls. All already happen regularly.
I suppose you are right in some extreme sense and technical sense. I would be opening myself up to those repurcussions, but we are all open to them all the time and I would like to think the FBI or whatever SWAT team would send an officer over for a chat after getting an anonymous call from India, instead of just busting a door down.
The foolishness of such moves is why they are newsworthy and many things must fail to make then happen. Perhaps this is why the wikipedia list[1] of them numbers 15 and many several federal charges against the person. These are all crimes that open up that business to risk and legal repercussion. The last thing a scam business wants is an international incident drawing attention to them. I almost welcome if it means the long term shutdown of those parasites.
You can use last number barring to block their calls. My best attempt at wasting their time was 28 minutes - normally would not bother but I was ill and needed something to distract me.
Android nowadays marks calls as "suspected spam", worked great. In general, if it's important enough, the caller leaves a message. Otherwise, it's not important and I don't care about it.
It has zero effectiveness if someone decides to send a hundred thousand spoofed VoIP calls at you because you lost them their spammer/malware job by stringing them along.
The easiest way to waste these guys time is to just tell them "OK, just hang on one second, be right with you", then put the phone down and leave them there waiting.
I did this recently, while leaving the phone next to speakers playing an annoying, high pitched sound I found on YouTube - surprisingly he stayed on for just over 10 minutes!
That's awesome. It does make me wonder though, do the people working in the call centers realize that they're scamming people or do they think it's a legitimate business?
I would guess (and I'm trying not to make any value judgement on this) that they view it as a job, and the sales commissions help pay for their lives and their family, and they don't think about it much more deeply than that.
I recently read some comments from a Timeshare salesman in the US, whose attitude was similar. Asked "don't you feel bad that your job is basically to operate a large-scale real estate scam", he replied, (I paraphrase) "hey, at the end of the presentation, you have the contract right there in front of you, and if you choose to sign it, it's on you. My job is just to convince you to sign, and if I do, I get a good commission."
The more I deal with sales&marketing people the more I think there are two different mindsets people have. One says that if you do the "convincing" part by saying anything but honest truth, you're scamming people. The other seems not to attach any moral significance to the situation.
There is no way in hell they cannot know what they are doing. They know they're not from Microsoft. And given this scam has been in the news for a while now, they don't get to plead ignorance.
I agree that they know its a scam, I disagree that they know who their employer is.
I have seen interviews with some of the rank and file scammers. Apparently, they do it because the pay is good for someone with their skillset and ability to put ethics aside.
The people who are on the phone don't know the details of the corporate structure. The boss could easily lie and claim to be a Microsoft contractor and it might be hard for someone on the phones to verify and asking to many questions might get them fired. This might make it easier for some to set aside those ethics, they know they are not on the level, but can feel slightly better because they think their behavior is authorized by a large company that already services these customers.
Dell support has a similar issue. Relatives of mine have been contacted by people claiming to be from Dell support soon after the person actually opened a case with support (so someone has ongoing access to the Dell database). The scammer had the tag of the computer, which I confirmed was correct.
They basically said to check the error log of Windows with instructions. There are always some benign errors, which they'll tell you are proof there's something wrong, and then try to get you to download software to fix it.
The only bit of fake delivery tracking scam I've received was suspiciously right after I ordered a Dell XPS back in 2013. It had some details close enough that I had to message dell to confirm a tracking number and they hadn't shipped it yet.
Key point - because they outsourced a call center to India, the customer data of TalkTalk was stolen along with their customer care scripts. This was then used to setup a fraudulent call center in India that has been scamming their customers - brutal:
> In 2011, TalkTalk outsourced some of its call-centre work to the Kolkata (Calcutta) office of Wipro, one of India's largest IT service companies.
> Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data.
> A source in Kolkata, who did not want to be named, alleges the same data was obtained by a criminal gang, with USB sticks full of data trading hands at parties.
If they had been TalkTalk employees, in India, it could still have happened.
If they had been TalkTalk employees, in the UK or any other country, it could still have happened.
It doesn't seem that its because they outsourced a call centre to India, or even because they outsourced a call centre, but rather because three call centre employees were corrupt.
Anyone following the UK news knows there are plenty of insider-jobs happening on-shore too.
It is much harder to try and prosecute this across international lines, especially in India where corruption is much more rampant (India has a much higher corruption index than Western nations like US, Canada, UK, France and Germany.)
Your argument that it could happen is basically saying that in India the chance of this happening is > 0% and in the UK the chance is > 0%, but that doesn't mean that the chance of it happening in India is the same as it happening in the UK.
My home get calls from Duct Cleaners and Windows Support and it is always from India and Pakistan and its gone on for years. There is clearly less than effective means of controlling these types of scams.
> (India has a much higher corruption index than Western nations like US, Canada, UK, France and Germany.)
Your argument that it could happen is basically saying that in India the chance of this happening is > 0% and in the UK the chance is > 0%, but that doesn't mean that the chance of it happening in India is the same as it happening in the UK.
What you are talking about is corruption "perception" index with "perception" being the key word. Just because India has a higher "perceived" corruption index does not make it actually more corrupt that the Western countries. This "perception" arises from economic disparity/divide rather than any quantitative analysis of actual prevalent corruption.
Here is an interesting food for thought: All corrupt politicians, businessmen etc who, when caught by the investigative agencies in India, flee the country. You know their favorite destination? The United Kingdom. Surely if the UK had a much lower corruption index, it wouldn't tolerate and harbor corrupt officials and businessmen fleeing India right? If you don't believe me, here are few examples:
How about Switzerland? It possibly ranks the lowest in corruption index. Yet, you find that all black money hoarders stash their ill-gotten wealth in Banks in Switzerland. No tax, highest secrecy and excellent protection of wealth is nothing but legalized corruption in my opinion.
Go ahead and start one of these businesses in the US and UK and see how long you last. There are several reasons why this happens mostly in India, but the main one is that there's a jurisdiction barrier that benefits criminals. We know the voip resellers know who these customers are, and law enforcement finds out through these providers, but now what? You can't just call the Indian embassy and demand the arrest of hundreds of people. There's a lot of diplomatic finesse that needs to happen and by the time it does, assuming its even possible, these groups have moved on to different locations, different providers, different staff, etc after cashing out.
Worse, India is notoriously corrupt, much like Russia, another hotbed of cybercrime, so sharing your cybercrime spoils with the local government goes a long to to prosecution immunity.
I understand HN has a lot of prideful India and Russian nationals, but ultimately one shouldn't go against the facts. Pretending these countries aren't safe havens for cybercrime is just asinine.
The most important reason this seems to happen only in India is that the victims are not in India. So they have to go through their local government and multiple slow processes for the case to be resolved.
The unfortunate fact is the prevailing exchange rate difference makes even relatively ordinary western citizens' assets, worth stealing for criminals based here. Also I imagine, such people when defrauded are not in a position to force their authorities to go after criminals not in the same jurisdiction.
Or maybe you are suggesting that people from UK are so inherently good that they don't cheat each other at all.
And there I was thinking it was because english-speaking staff are cheap?
These days most IT jobs are being outsourced from India to e.g. Vietnam, with project management and customer interaction still being done by proxy in English by Indians.
I think there is a higher chance of data theft because it is outsourced to a different country and to a different company.
There is less risk and/or maybe more mental space to rationalize the theft of data. Maybe their company treats them poorly, maybe they believe they can't get caught as easily. If they were in-house in the same company, there is more risk/punishment, right?
True but only up to a point do this to say BT and you will have the Feared Investigations Branch" / Security Directorate down on you like a ton of bricks.
BTW SD is like the auditors in the laundry files but not as nice.
Also perception is key here if you get a reputation for scammers if unfourtunelty it has nagtive impact on the whole country
Certainly you agree that its easier to get something like this done in India though? Roughly half of the population[0] there has paid a bribe at some point in time.
Certainly that's not a good sign, but I don't find that statistic nearly as interesting as the (apparently unmentioned) proportion of the population who has accepted a bribe. If paying a bribe is only the way to get things done, then doing so is just trying to move through the system. In a corrupt system, accepting a bribe is the sign that an individual is themselves corrupt.
Besides the fact that in India corruption and scam is a common and widespread problem, accepting a bribe is certainly worse than giving one. Sometimes you just don't have any other option than giving a bribe, while the one accepting the bribe most often has.
Only half? Any South American over 18 has probably paid a bribe at some point (mostly traffic tickets or such here in Uruguay, and most elsewhere in Latin America).
If you travel for any length of time in Latin America, chances are the police will attempt to extract a bribe.
Way to go cherry picking - "paid bribe or influence peddling" even if we take reliability of such a data at its face value. Did you read your own source?
But who am I kidding right. Certainly US & UK is bastion of corruption free conduct by public officials/politicians. A majority of our public leaders gets enough money from companies that - climate change has been debunked as a problem.
Corruption in a developed world and developing country is very different. In India - a street cop makes $200-$300/month, his corruption involves taking 20 Rupees($0.3) from an Autorickshaw that should have been carrying 3 passengers and carries 5. You don't see this kind of corruption in US for obvious reasons. This is the kind of corruption most Indians deal with in daily life - yeah it is not great but this is something country has to live with until country figures out a way to deal with it.
What worries me more is - corruption in upper echelons of power. People who can do real damage. Someone paid someone to plant a hoax about WMDs in Iraq and a country is on brink of destruction. Enough politicians are on NRA payroll that - guns will be sold to anyone.
But I digress - I don't see how corruption of public officials in India led to this scam call center. It sounds like - bunch of people got greedy and decided to make some quick money. It can happen anywhere - look at Wall Street, Uber, Well Fargo..
Am I to understand that your argument is while India has a culture of corruption on the lower levels at the highest levels of government and business they do not?
When those sounding like brown people do it, for some 'reason' the news bubbles up as "Indian" .....
Sadly, such racist simplification only lets the offending company (TalkTalk in this case) off the hook, and diverts attention towards hating Indians.
Only way to fix this is make such breaches so expensive to companies that they'd think twice before outsourcing either within the country or to a company in an another country (which will lead to stronger procedures at outsourced location).
It's quite a clever and elaborate social engineering scam, especially using the stolen data to use as a tool to get the mark to believe the call is genuine.
My friend worked in Kolkata center of TalkTalk. He was asked once by another common friend of ours to leak customer data to him. And get about 1 Lakh in payment. He quickly refused and never talked to him again.
My wife used to be a Talk Talk customer in the days of dial ins. Anyway 5 or so years back they suddenly started billing her credit card again monthly for the service she had cancelled years before. We couldn't stop this online as their system claimed no knowledge of her so I had to call the support numbers listed on the Talk Talk website. These went through to the usual Indian call centre but what went on there was very unusual. The first operator wanted my wife to post him her VISA statements to his home address (as they would get lost in the post if we sent them to Talk Talk). Another call brought an operator who said he could only trace what had happened if my wife gave him her VISA number and CVV over the phone !! I tried to call their Fraud Prevention office but got another Indian who wanted a VISA number before we could proceed.
After multiple calls one day a call was answered by an Irish voice who was very apologetic and arranged a refund which arrived a few days later. Attempts to tell Talk Talks UK office about this went no where as all calls seemed to go to the same Indian call centre.
Since I have read that Talk Talk had closed their Irish call centre for reasons of cost and now all support is from their Indian call centres. Avoid this company at all costs.
> Transfer, conference, or forward your telemarketing calls to 1-347-514-7296 or sip:13475147296@in.callcentric.com. If you conference Lenny in, be sure to mute your phone. The rules: Lenny is for incoming, telemarketing calls only - not for annoying people, even if they deserve it.
>Testing/experimental calls are fine, as long as they don't bother anyone.
I've been repeatedly called with 'Support Scam' where they trick you into installing sw that lets them monitor and control your computer. I don't remember this being as prevalent as before. Clearly it is profitable and they are finding enough targets to warrant operations.
My father fell for this scam. As you get older, you lose patience with computers, so he developed a tendency to click on anything to get browser popups to just go away. One of them was a "Your computer is infected and we have the cure" scam. His info was passed to their "customer care desk" which took him for $300 to supposedly clean his PC. They would regularly call back for subscription renewals (more $$$).
I didn't find out until it had been going on for a few years, because dad didn't want to bother me with his computer problems. Make sure you inform your parents about this - they're easy marks for these assholes.
I think if someone were to come up and knock on their front door, most older people wouldn't hesitate to send them away (exceptions for Girl Scout cookies, of course). But when a fraudster arrives via computer screen, they don't recognize the same threat. They believe what they see on a computer screen because well, it's a computer and everyone knows they don't make mistakes.
It's a lot easier to pull this off when you have customer records to do it with. That raises the chances that you can convince them you are legitimate.
It could go even further then that. If the TalkTalk data included normal company data you would have the names of previous support members, and from there social media accounts and so forth.
I'm a TalkTalk customer, and was on the receiving end of this scam last year. I'm savvy enough to know that all the machines on our network were unlikely to be suffering from the problems they tried to describe (only one Windows laptop, and that was dual boot with Linux and carefully used).
The most annoying thing (for us) was that they repeatedly called the home number at random intervals through the day until we actually picked up, and then you'd get complete silence most of the time. When they finally managed to get someone on the phone on their end it was easy enough to tell them they were scammers and get rid of them, but I can see how those who are less confident around technology could easily be taken in by them.
This is caller software. They figured it was too wasteful to have operators waiting for the phone for you to answer, so a machine dials you and when you answer its supposed to patch you into an operator. Obviously if they're are more calls then operators, you wait, or just hang up....
My (least) favorite variant of this is the telemarketers who wait for you to say "hello", then, after they quickly conference in the actual operator, they say, "Oh! Sorry, I was having a problem with my headset. Anyway, I'd like to ask you about..."
So yeah, I knew someone who worked at a place like this in their previous job. For him, it was just a job that paid really well. He frequently made more than Rs. 1 lakh per month, which is kind of a big deal in India when you're just a year or so out of an average, run of the mill college.
Generally, these 'call centres' train employees to think that Americans are really stupid people who can be scared & fooled easily. Given the commissions he made, they were damn good at it, specially with the older people who would pay fairly large amounts every month or so to keep their computers virus free.
He never thought he was in some scammy company though. For him, the callers were 'virus' hit users who were calling to get their computers repaired, and these guys just had to make quick, easy, FUD driven upsells.
Oh, and these guys are unhappiest when they are made the manager, who get a very small commission from their team's upsells. I guess this meant that no one was looking for 'career growth'.
I wonder is not it bank's responsibility to refund the money that were stolen from customer's account? And don't they use SMS messages to confirm outgoing payments?
But this case shows also that Internet banking UI are too complicated for some people and they don't realise what they are doing when following scammers' instructions.
I got called by these guys last month. It was immediately obvious something was amiss as the line quality was absolutely dreadful, like virtually inaudible.
The lady on the other end said i had been identified as someone from TalkTalk who would be having problems with my internet speed and they could help.
She then asked me what OS i run, when i said OS X she hung up.
TalkTalk need to do more to fix this issue as they were responsible for not keeping customer information secure. Admittedly they did give out free stuff last year as a sort of compensation. However if this annoyance is not resolved soon TalkTalk's reputation will slide further.
I can't believe how these companies do not get busted ever ? Englang is really unfair country for small business owners. More bigger corporation, less they pay tax, less they care of customers, less they protect your data...
We need to find this place, and issue drone strikes as soon as possible. If that is the only thing that Trump does with the rest of his presidency, he will go down as a better president than Obama.
Somehow, even though I don't have a windows computer, I was able to fake it for about 10 minutes that I am following his instructions and doing what he tells me. First I had to press Win+r, which I didn't really know what it did, but I suspected it opened the CMD, so I told him that a new window opened, a black one. Then he spelled to me what I should write (I don't remember what, I didn't have anything to write with me).
Then he asked me if I had Chrome installed, I said yes and he spelled a website url to me. I told him that it loaded and there was a "Download" button and asked if I should click it. He said yes. Then he talked me through how to install it, from his description I got that it was TeamViewer.
He told me to start it, bare in mind that this was painfully slow for both of us because I had to come up with plausible mistake to make and had to think of some plausible but generic answers on the way because he always asked me what I'm seeing on the streen now. After I "started" it I had to tell him that in fact I didn't have a computer in front of me, but I only was playing along with his script.
He stopped for a couple of seconds and then he asked me:
"How is this possible ...? Why are you waisting my time??"