Last Updated on June 7, 2014 by Dave Farquhar
So, “Peggy” from “Computer Maintenance Department” called me again last night. This time I decided to mess with him a bit more. This is the second time.
(No, “Peggy” wasn’t his real name, nor did he identify himself as “Peggy,” but that’s the name I’ll use, thanks to that old Discover commercial.)
“We have report your computer is running slow and giving lots of errors. Is that correct?” Peggy asked.
“Actually, no,” I said. “I am an IT professional, I can explain every error on my machine, and my computer is crazy fast. Do you have an SSD? I highly recommend them.”
“Well, sir, you may have clicked on an ad or had someone unqualified help you with your computer, and that is why it is running slow and you are getting errors.”
There was an insult buried in there–I’m the only one who works on my computer, and I am very well-qualified to work on it, but I ignored the (probably unintentional) insult and went after the ads.
“I block all ads, so there’s no way I could have clicked on an ad.” (I started to block ads after some ad networks started delivering malware and my antivirus software started sounding alarms. I have no problem with ads, except from a security standpoint.)
Peggy started to interrupt me, but I wouldn’t let him.
“Listen to me. I have a firewall. How are you seeing anything inside my computer, anyway?”
“I am telling you, you clicked on an ad, ” Peggy insisted. “That is how we are getting this report.”
“Interesting. How many computers do I have?”
“Have a good day, sir,” Peggy said, then hung up.
After Peggy rudely hung up on me–in Peggy’s defense, I was a little rude and condescending to him–I went and looked. I have two groups of errors on my main computer. One was related to the printer, which is no surprise, and the other is related to my video driver, which has been happening ever since I built the machine. The drivers for Nvidia integrated video aren’t the best, and never have been, but cause problems infrequently enough that I’m too cheap to go buy an AMD-based video card to put in the machine. Clicking on an ad won’t cause those. That driver has been kicking out errors since before this machine made its first connection to the Internet.
So, no unexplained errors. No surprise there–Peggy was speaking in generalities that a fairly large segment of the population will say is true, and it works often enough to keep his scam profitable.
His intent, based on my research, is to get me to visit some webpage that will install something to let him remote into my PC–after the phone call.
What I have half a mind to do is to prepare a PDF containing a screenshot of my event log, so the next time Peggy calls, I can play along, claim the program he wants me to install is being blocked, and ask him for his e-mail address so I can send him the log. Chances are he’s been told not to give out an e-mail address and not to open attachments from potential victims “customers,” but if not… Well, those of you who have been reading me long enough know that it’s not exactly difficult to plant a remote-control payload into a PDF. I won’t directly tell you how to do it, but here’s a book that will.
But is that ethical? I’m slightly conflicted. Is it legal? Probably not, since it involves malware. If I pop a shell on Peggy’s machine and just mess with him, but don’t actually steal or destroy anything, then what I did is less harmful than what Peggy intended to do to me, and according to the U.S. Army at least, that part is legal. But installing malware on his machine in order to mess with him would be illegal.
Am I going to do it? No. Do I recommend it? Definitely not.
But there’s definitely no harm in jumping on a Linux box, if you have one and have some time to spare, and play along, not managing to find the event log, not being able to run the program Peggy wants you to download, and then mentioning, “I’m running this thing called LINE-ECKS I got from my buddy Dave. Do you think that makes a difference?”
Or better yet, do it with an OpenBSD box.
I’m wasting my time messing talking to Peggy, but if Peggy is talking to me, then that’s one less unwitting victim he has time to talk to that day.
And it gives me something mildly entertaining to write about. So the next time “Name not found” pops up on my Caller ID, I’ll probably take the call.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.