Hang up if someone phones you from Windows

Thu, 23/05/2013 - 12:55 -- James Oakley

I just got a call. The caller display showed "international". The accent was foreign.

Operator: "Hello, this is N calling from the technical department of Windows Computer Systems. Could I speak to the main user please."

Me: "I'm sorry, there is no company called Windows Computer Systems."

Operator: {Silence}

Me: "It doesn't exist. Where did you say you were calling from?"

Operator: {Hangs up}

This is just a heads-up, because so many people I know have had similar calls, and thought they were plausible. It's worth exposing briefly for those who haven't met it.

Two elementary mistakes

Two alarm bells: First, there is no such company. I was correct to say that. Windows is, of course, an operating system made by the Microsoft Corporation. These particular scammers were not very bright - they should have said they were calling from Microsoft about my Windows system.

(Or are they brighter than it seems. Quite possibly, the people most likely to be taken in by their next move would recognise the Windows brand more than they would the Microsoft brand. So perhaps their opening gambit is the one that will best work with the kind of target they have in mind).

Second, they did not know my name. "The main user". Who? If they had my details on a database they would have known who I was and would have been able to verify that with other information that I asked them for. If I'd asked them to verify whether I use the 32 or 64 bit version of Windows, and which major version number I was on, they would have hung up just as fast.

Now, those two alarm bells were incidental. They could easily have called and claimed to be from Microsoft. They could also have got my name from an illegally sold-on telemarketing list. Had they not made those two schoolboy errors, that wouldn't mean they were genuine. But those mistakes are worth drawing attention to, because people must be smart about deciding whether to trust an incoming caller, and little clues like that are worth tuning into.

To give an example of a better call: I received a call from Vodafone to offer me an upgrade. That was an inbound call that I did not solicit, so I was suspicious. I asked them how I knew it was them, and they told me that they did not hide their Caller ID - I could verify the number they called from. A quick web search did confirm that, but I then told them that CLID is easily spoofed, so that doesn't prove anything. They then explained that they couldn't tell me anything else about my account because of data protection. So I gave them enough of my date of birth for them to know it was me. And in return they told me the exact model of my handset and the expiry date of my contract.

It's like a caller at the door. If in doubt, don't trust them. If in doubt, take their name, and then look up the company's actual phone number and you make the call.

What scam?

What would they have done next? Well, I had too much to do to test it. But almost certainly it would have gone like this:

Operator: "You have a dangerous flaw with your computer."

Me: "That sounds scary. What is it?"

Operator: "First, let's test if you have this problem.

{Walks me through a series of steps to test the computer}

Operator: "Yes, what you've just seen confirms that you have been infected by the bananaboat virus. Do you know how serious that is?"

Me: "Sorry, I haven't heard of it"

Operator: "It allows someone else to control your computer, and even to spend your money furnishing their lifestyle. Anyway, we called you because we suspected you had this and we'd like to help you clean your computer."

Me: "Thank you. What do I have to do".

Operator: "This is a paid service, costing £35.99. Could I take your card details first please."

The key is in those "tests" I would be asked to perform. They know what a perfectly healthy computer should do in a particular situation. They walk me through a scenario that they wager I won't understand. The computer responds exactly as it should, but I don't know this. So they can fool me into thinking that it actually indicates a problem.

The other key is in most people's IT insecurity. Most people are aware that their computers are slow at times, but don't know why or whether there's a fix. The confidence trickster who says that they've diagnosed it and can fix it - it's so appealing.

You can read what journalists have done to let these guys follow through much further: For example, this write-up.

The scary thing is that some other people found that the scammer were to ask the user to install software allowing them to control your computer remotely. They then used that to find financial information, so that they could attempt to set up wire transfers for much bigger sums.

Caveat user.

Comments

Tom Watts's picture
Submitted by Tom Watts on

I kept someone talking on a phone call very similar to this and ended up saying to them "This is a scam, isn't it...  I've googled the name of your company while I've been on the phone to you and there are people all over the internet saying you're a scam".  They didn't hang up but became very cross and defensive.  It was almost as if the person ringing from India genuinely believed they were doing something legitimate, as if perhaps they were working for someone else without realising what was really going on.

James Oakley's picture
Submitted by James Oakley on

Unbelievable - they just called me again. I explained that they had called me just the day before. The man I was talking to assured me that he hadn't. To be fair, his voice was deeper. So I told him that he personally hadn't called me, but someone from the same department of the same company had. At which he apologised and hung up.

That backs Tom's theory up. These guys do genuinely believe in what they are doing. They are just puppets, and somebody else has masterminded the scheme. The call operators probably signed up from some "work from home and make thousands every day" type advert. Sad, really.

Add new comment

Additional Terms