“Windows Live Support” – Scam
May 21st, 2011 § 26 Comments
The other day I received a random call on my home line, when I answered I heard a guy within an Indian accent stating that he was from “Windows Live Support” and that “they had detected some ‘activity’ from my Windows computer”. He was able to address me by my full name, which was concerning at first. Almost immediately I was picking up on some cues that made me rather certain that this was a scam, but I thought I’d play along to see where this goes.
He asked if I was “authorized” to use this computer, which I found a bit of an odd question.. like they’d care if I was… Anyways he proceeded to ask be to start-up the computer and let him know once ready. During the boot up process I could clearly hear that we was in a very busy call centre, and I could hear many other Indian accent voices in the background going through the same process with other potential victims. Sounded like a large operation.
Once the computer was booted up I announced to him that I was ready to proceed.
Directs me to press Windows key + R to bring up the run box, then get Event Viewer open by issuing the “eventvwr” command. In Event viewer he directed me to the “Application” log and asked me to estimate how many red error entries I see… I response “about 50″, and he proceeds to say (in a very scripted fashion)… “Oh! my goodness! your machine is very badly infected and it’s going to break my Mother Operating System” LOL!… I continue to play along. Next up was the “System” log and he again asks that I estimate the quantity of red errors, this time I respond “about 30″, and in exactly the same scripted sentence he says “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”, by this stage I’m constantly going on mute to have a good laugh, then get my composure and return to the call. I acted like a real sap and agreed with him that my machine must be very badly infected. At each step I pretended to be a computer novice, saying things like “what is the Windows key??”
Next up, it’s back to the “Run” box and this time I need to type “prefetch”. Similar to previous, this time he wanted to know how many files are being displayed… I say “about 20″, then comes the scripted response again: “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”. This time he adds that I have “Spyware” on my machine, and asks me if I know what it is… I say “no”, then he proceeds to explain that “Spyware is like a Terrorist on your computer”. LOL!
After this he reads be a number: “80041820″ and tells me if I see this somewhere then it’s a bad thing..
Next stop, Right-click My Computer, then go Manage. Then he proceeded to direct me to an area in the ‘Manage’ box that I’ve never had the occasion to use: Index Service -> Query the Catalog. He has me search for “Software Security Services”, which by no surprise gives a result that the services does not exist and a magic error code comes up….. yes, “80041820″. He tells me to compare the error code to the code he gave previously, and I agreed with him that they are the same, then proceeds to summarize everything that has happened and to finally convince me that my machine is boned. So far this has taken a good 20 mins. 20mins spent on building my confidence, impressive.
Now, he directs be to go to the Run box and type in www.support.me – at this point I was not willing to play along further, who knows what’s going on at this site. So instead I decide to figure out what exact information to they have on me, I tell him that I not willing to proceed until he provide some key information about me. He proceeds to read out my full name, phone number (duh!) and physical address… not cool. I press him to provide an identity number for me. He just keeps dodging the question – good thing so I gather that was the extent of the information they had. At this point I tell the guy that I think this is a spam, which he denies with the lame response “How could we use the Windows name in our company name if we where not a Microsoft partner”. Funny. He realizes that he’s not getting very far with me, so hands me to his very well spoken supervisor “Chris”. Chris tries to reassure me that all is good and that I should proceed. I tell him I will not proceed, and he gets rather aggressive asking “Why would I not want to fix my infected computer??!!”. I ask where they are located, he responds: “London”, then if I asked him if he is aware of the DNC (Do Not Call) list law in UK?, he says “Yes”, I say put me on it, then hang up. Like a scam operation would actually adhere to that law, but anyway.
Armed with all this information, I started to do some Googling and found that many people have received such calls. The end game that is operation aims for is to persuade you to purchase some software to “clean up” your machine.
This operation seemed large and pretty well-organized, and it was amazed that they were willing to spend upward of 20 minutes with me on the phone just to build trust/confidence.
Check out this hilarious YouTube video, where I guy recorded some of this:
mmm think this script may be useful on next Sev 1 call… or justification for change!
What happens if I reject this?
Oh my god.. that will be very bad..
20 minutes to sell $40 worth of worthless software = $60 per hour. Not bad for a third world country.
hi darran,
WOW!!! same exact scenario but the difference is we’re in Singapore. A guy with Indian accent introduced himself as windows live staff from Australia. My wife got the call and luckily she was able to fend off the attacker.
To others out there, please be careful with such people!
adrian
Adrian -
I’m in Singapore too… so looks like we got the same call. If you’re on twitter please gimme your id, I’m @d_b and @Vignettr (my iOS app).
Cheers,
Darran
Just got the call here in Canada.
Yeah, played along for a while and when I told him he was full of shite and this was one of the worst cold call scams I have ever heard, he got all upset at me
Same here. Apaprently I have downloaded some infected files. She was very nonplussed when I said my computer was a Mac. She insisted I must have a Windows laptop and I said no and she finally gave up.
I recieved the same call, the only difference is I’m in Singapore tho. I recieved the call on 2nd of June. I played along for a while, in the end, I told him I only have a Mac. lol
just got the call, from SG too. the same guy with the Indian accent. lol.
It is obvious that it is a scam but I also played along for quite a well as I am really curious to how they get the information.
my guess is that the information is taken from the telephone book.
Hi Darran,
Sorry just saw you message today. hehehe dont have a twitter account, well they called again and keep on insisting to download some stuffs. just told them to stop calling me and I bang the phone on the table. hahaha hope they ears bleeded
Oh I don’t feel so alone now.
East indian accent name “Roger” telephone # 253 802 0308 I couldn’t possibly call him back coz he was on a satellite connection (alarm bells!!). Employee no. Z2-P71. I stupidly downloaded AMMY_ADMIN[1].EXE-025558B5.pf (stored in Prefetch file). Calling me out of VANCOUVER. (lots of east indian accents in the background). The only time he was not accommodating with careful spelling was when I asked for the company name I understood only certain parts BEC—-friend.com 24×37??? I may be completely off base because he said it so fast.
He kept telling me he was a Windows rep and my answer was that I was the Queen of England living in Buckingham Palace in Canada!
The second time he called me back I could not possibly repeat the diatribe other than he was lower than scum of the earth. I didn’t even realize how foul my mouth could be. Next time he calls I am screaming at the top of my lungs down the phone! wanted me to spend $154.00CDN on software! I really want to swear again so I’ll just add my comment!
My little brother was complaining about having viruses today, so I interrogated him. Turns out the Indians on the phone gave him a virus, (He believed that it was legit) but they weren’t able to get money out of him because he’s cheap. Haha. Tomorrow I have to go over and get rid of it *sigh*. However, this is in Connecticut, US! Kinda angers me.
Just received this phone call and i have reported them to the RCMP unbelievable!
Hi Darran,
Just had this team call me a few times, I lost it on the girl today saying please STOP calling, then spoke to the mgr, asking him to stop too, They insisted that I must fix it immediately as the “malicious” viruses were very dangerous. I have to hand it to you – you are sooo funny when you are talking to her (I was just bitchy – oops) next time, I might just play along too, and see if I can waste as much of their time as they have wasted of mine! I did enjoy your you tube clip though – thanks! LOL
Hi Darran,
I just got call from them. They changed thier name now: Windows Online Support. Also, they have their website; www.(their company name).com
Fortunately, I was using my company’s computer in which just reinstalled all programs and I knew there was no infection when they called me.
Indian accent guy, Mike, and his supervisor, Dave, tried to have me purchase their service. When I aske Dave to tell me their contact information to call them back later after I get the authrization from my boss. They hung up. Because of your website, I could knew they were truely scam. Thanks.
Wow. I just got this call. I kept dodging him and each time he called back it was from a diff location. First NJ, then CA, then the British Virgin Islands.
Unbelievable.
Oct . 30/11 and they still at it, here in canada anyway
Now they’re calling from a number with a 999 area code. I answered to see what they wanted-i’m bored. I went to their website and then asked how my computer was sending them messages. They hung up and ruined all of my fun.
This call came to me in Alberta. I stupidly allowed them to take remote access of my computer, but by the end of the call (26 min later) I realized this was a scam. Their website windows online support seemed so legit. It creeps me out that I allowed him to take over my computer. Can he done more than see what icons I have on my desktop?
Westmeath, Ireland
Hi, just read through all the earlier messages and I got caught out today as well although usually I don’t get taken in that easily – tended to believe them especially after one of them showed me the error messages. He had remote access of my laptop but after 25 mins, I reckoned it was a scam and hung up the phone and shut down the laptop. I’m just wondering – what do I need to do next, get someone to have a look at it. What kind of damage can they do?
I just received a call from the guy in US telling that my laptop has an error
and sending error msgs. i just read d msgs above n disconnected his phone.
The same happend to me today in the Netherlands. This was the second time they called.
First time I was able to find the number they where calling from, but this time they were calling from a hidden number.
It seems like they are evolving..who knows into what
Got the same call today, and played along until he wanted to let melog onto http://www.support.me. Then I asked him to provide with his “Microsoft ID number” and his “Authorization code” to alter my records. Strangely, my phone went silent after this . . .
I got a similar call some months ago & when he wanted me to give him access to my computer (hook them up online) I said, “Are you kidding me!!!?? Do you really think I’m going to let some perfect stranger have access to my computer???” And that was that! My husband’s job before he recently retired was in the computer dept of a huge company so he knows a lot about computers. When I showed him the screen that showed “problems” he said that Any computer would show some of them.
Today I received another such call, but he said he was from Windows. When I asked the name of his company her said Live Windows Help at 99 5th Avenue, Ontario, Ottawa – LOL – he put the province ahead of the city!
I wonder what they would do if they ‘hooked up’ with our computers. I suspect (the most innocent of disturbing possibilities) that they might install something that would cause some problems & then tell us to simply call them if we encountered any problems in the future!
I had the same type of call. Pretty scarey that unsuspecting people might buy in to this!
Just had a call from them, I’m in the UK. Thankfully I twigged something was up before it got too far.
Yeah this all sounds very familiar! I guess it’s the UK’s turn now. I was suspicious from the start but curious to see where it was going, after being passed to a senior manager and mocked for using free anti-virus software I quite gleefully told them there was no way I could afford £89 pounds for a licence that hadn’t actually ran out.