“Windows Live Support” – Scam
May 21, 2011 § 126 Comments
The other day I received a random call on my home line, when I answered I heard a guy within an Indian accent stating that he was from “Windows Live Support” and that “they had detected some ‘activity’ from my Windows computer”. He was able to address me by my full name, which was concerning at first. Almost immediately I was picking up on some cues that made me rather certain that this was a scam, but I thought I’d play along to see where this goes.
He asked if I was “authorized” to use this computer, which I found a bit of an odd question.. like they’d care if I was… Anyways he proceeded to ask be to start-up the computer and let him know once ready. During the boot up process I could clearly hear that we was in a very busy call centre, and I could hear many other Indian accent voices in the background going through the same process with other potential victims. Sounded like a large operation.
Once the computer was booted up I announced to him that I was ready to proceed.
Directs me to press Windows key + R to bring up the run box, then get Event Viewer open by issuing the “eventvwr” command. In Event viewer he directed me to the “Application” log and asked me to estimate how many red error entries I see… I response “about 50”, and he proceeds to say (in a very scripted fashion)… “Oh! my goodness! your machine is very badly infected and it’s going to break my Mother Operating System” LOL!… I continue to play along. Next up was the “System” log and he again asks that I estimate the quantity of red errors, this time I respond “about 30”, and in exactly the same scripted sentence he says “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”, by this stage I’m constantly going on mute to have a good laugh, then get my composure and return to the call. I acted like a real sap and agreed with him that my machine must be very badly infected. At each step I pretended to be a computer novice, saying things like “what is the Windows key??”
Next up, it’s back to the “Run” box and this time I need to type “prefetch”. Similar to previous, this time he wanted to know how many files are being displayed… I say “about 20”, then comes the scripted response again: “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”. This time he adds that I have “Spyware” on my machine, and asks me if I know what it is… I say “no”, then he proceeds to explain that “Spyware is like a Terrorist on your computer”. LOL!
After this he reads be a number: “80041820” and tells me if I see this somewhere then it’s a bad thing..
Next stop, Right-click My Computer, then go Manage. Then he proceeded to direct me to an area in the ‘Manage’ box that I’ve never had the occasion to use: Index Service -> Query the Catalog. He has me search for “Software Security Services”, which by no surprise gives a result that the services does not exist and a magic error code comes up….. yes, “80041820”. He tells me to compare the error code to the code he gave previously, and I agreed with him that they are the same, then proceeds to summarize everything that has happened and to finally convince me that my machine is boned. So far this has taken a good 20 mins. 20mins spent on building my confidence, impressive.
Now, he directs be to go to the Run box and type in http://www.support.me – at this point I was not willing to play along further, who knows what’s going on at this site. So instead I decide to figure out what exact information to they have on me, I tell him that I not willing to proceed until he provide some key information about me. He proceeds to read out my full name, phone number (duh!) and physical address… not cool. I press him to provide an identity number for me. He just keeps dodging the question – good thing so I gather that was the extent of the information they had. At this point I tell the guy that I think this is a spam, which he denies with the lame response “How could we use the Windows name in our company name if we where not a Microsoft partner”. Funny. He realizes that he’s not getting very far with me, so hands me to his very well spoken supervisor “Chris”. Chris tries to reassure me that all is good and that I should proceed. I tell him I will not proceed, and he gets rather aggressive asking “Why would I not want to fix my infected computer??!!”. I ask where they are located, he responds: “London”, then if I asked him if he is aware of the DNC (Do Not Call) list law in UK?, he says “Yes”, I say put me on it, then hang up. Like a scam operation would actually adhere to that law, but anyway.
Armed with all this information, I started to do some Googling and found that many people have received such calls. The end game that is operation aims for is to persuade you to purchase some software to “clean up” your machine.
This operation seemed large and pretty well-organized, and it was amazed that they were willing to spend upward of 20 minutes with me on the phone just to build trust/confidence.
Check out this hilarious YouTube video, where I guy recorded some of this: