“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.
But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.
When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.”
Roy asked me to hold down the power button and walked me through booting the computer in safe mode by pounding on F8 repeatedly while hitting the power button again. That’s a crude and risky practice, but usually works. While we were waiting for the computer to boot up, he explained to me that safe mode disables all viruses. That’s not true, and it contradicted some of what he said later, but I played along. He directed me to Teamviewer again, and I played along. It failed, of course. He then asked me to go to Google. I did. He then asked me to enter “Amy” into Google and tell him what comes up. I plugged the network cable back in and did as he asked.
Several things appeared in the search results. Amy’s Kitchen. Amy’s Ice Cream. Amy Winehouse. A couple of Wikipedia pages. I dutifully read off the list. None were what he was looking for. Finally he spelled “AMMYY.” Oh. That “Amy.” AMMYY is another remote access tool. Here’s what AMMYY has to say about this particular scam. (Teamviewer has made no such statement–yet–which must be why AMMYY is the backup plan.)
So I ran AMMYY, then unplugged the network cable. Unplugging the network cable served several purposes: It let me observe what Roy was going to do, and it slowed him down, so I could pay attention to what he was saying and write it down. It also let me maintain some degree of control. Since I would only let him have the system for a minute or two at a time, he couldn’t very well do much on his own. When he would want to do something, I would plug the network cable in, then unplug it as soon as it looked like he was going to do something else.
And, of course, this machine contained no critical data, so if there was anything going on behind the scenes, I didn’t care much.
Roy simply attributed this up-and-down-again behavior to this mysterious virus he was claiming I had, without performing any investigation. I just played along like I was taking his word for it, writing down everything he said on another computer. At one point I even said, “I’d better be writing this stuff down.” That gave me cover, along with good notes I could use to write what you’re reading right now.
Roy looked at my antivirus software. He said Avast and all other free antivirus solutions are very ineffective, and that you have to pay $80 or $90 per year to get effective antivirus software. That’s part of the sales pitch. He said he would install Microsoft Security Essentials, which he said is much better, and that it would protect the PC forever. He neglected to mention that Microsoft Security Essentials is also free. Is it better? It depends. But I just played dumb.
He then called up Event Viewer. He cursed, then said, “Look at all those events. You definitely have a virus. More than two errors is bad, very bad. And look at all those warnings.”
Most of those events and warnings were related to me enabling the onboard network card the night before. Several of the warnings or events were years apart. The date stamp on them was clearly visible. This particular system really did have some problems–I wanted to test these guys–but Roy didn’t look where he needed to look to find them. I just played along. He asked what I did with the computer. I said I played games like Solitaire, Backgammon and Pinball.
Roy then pulled up techsupportangel.com, told me that was the company he was from, and highlighted their number, 888-666-2209. He said my computer was in very bad shape, likely to crash at any time, and that a technician would normally charge $240 to fix it. For $175, they would give me lifetime antivirus protection and fix the problems and give me a 1-year service agreement, so I could call them any time, 24/7, for a year regarding any problems I might have.
Here’s the math he was wanting me to do in my head: $90 for antivirus protection, plus $240 in repair costs, for $330 total. That makes $175 sound like a better deal.
At this point, he asked me to enter payment information. I pulled the network plug again, and told him I didn’t have a credit card. He asked me to go to Wal-Mart and get a prepaid Visa or Mastercard with $175 on it, and asked how long it would take. I said 45 minutes.
Almost to the minute, my phone rang 45 minutes later. I outed myself. I told him everything I would tell a recruiter offering me a security job about my credentials and experience. I informed him that his advice regarding antivirus software was questionable at best, and that his phone call was illegal in the state of Missouri because we had no prior business relationship, and that his $175 fee is extortion and I would be reporting him to both the Missouri attorney general’s office and to the FTC or FBI. I advised him not to call again.
About an hour later, he did call again, wanting my name. “My name is Dave,” I said. “You’re those techsupportangel.com people. We have no prior business relationship, so this phone call is illegal.”
“I am aware of that, sir,” he said. “That’s why I am calling you to put on our list.”
“It’s punishable by a large fine in Missouri,” I said. “If you call me again, you will hear from the state attorney general. I strongly advise you to stop calling me.”
He laughed, thanked me and hung up. That’s a serious threat, by the way–Missouri has an aggressive attorney general, and the Do Not Call list is a source of revenue for a state that really can use the money. He can laugh, but in Missouri, it’s much more popular to sue companies like techsupportangel.com for violating the do-not-call law than raise taxes.
So, let me reiterate.
This is a scam. Nothing these people are doing is worth $175. These are people who can’t diagnose very basic computer network issues that take a professional seconds or minutes to diagnose and correct. I know this because I am a professional.
My name is David Farquhar. I paid my way through college by doing basic desktop support in the mid 1990s. I have been administering Windows-based networks professionally since 1997. The largest of these networks had 300 servers at six locations across the globe, supporting 20,000 users 24/7. We achieved better than five-nines uptime. In addition to that, I published a book on Windows system performance before I turned 25. It was a real, live book, published by O’Reilly and Associates, that you could buy at large bookstores like Barnes & Noble. I know my way around a Windows system. I am also both CISSP and Security+ certified, which means my professional opinion about a security matter carries some weight with governments and large corporations. CISSP is a much harder certification to get than Security+, but it’s more obvious what Security+ means.
I’m the type of guy whose job it is to look at two proposals from competing (and competent) security vendors, make a decision about which of the two is better, and be able to back up that opinion with a convincing argument.
Techsupportangel.com is not a competent vendor. Toward the end of that first phone call, I was making no effort whatsoever to disguise that I was unplugging my Ethernet cable from the computer. I was plugging and unplugging the cable with a very audible click, and then the network connection would either drop or come back, and their “senior technician” didn’t ask any questions. Nor did he do any troubleshooting beyond asking me if I had a network icon in my system tray.
For $175, these people will clear your event log, uninstall whatever antivirus program you are using, install the free Microsoft Security Essentials, and perhaps run Windows Update and scan your system with Microsoft Security Essentials. This is all work you can do yourself. If you’re legitimately having computer issues, it’s not likely to be enough to fix it, and it’s certainly not worth $175. I don’t generally do this type of work anymore, but for $175, I’ve always done more than install a free antivirus program and scan the system with it.
I also need to point out that once you let a stranger remotely access your computer, there’s very little you can do to prevent them from stealing your data. I don’t know if techsupportangel.com will do that. I’m willing to give them the benefit of the doubt that they’re content getting $175 to install and run a piece of software that’s supposed to be free. I will say that if someone cold-called me and offered to “fix” my computer remotely at no cost, I would suspect some ulterior motive involving my data.
I also do not recommend engaging them, as I did. If your state has a do-not-call list and you’re on it, say whatever your state’s laws require you to say, then visit your state’s do-not-call web site and turn them in. The FBI and FTC are only interested if you suffer a loss–which you can report at www.ic3.gov–but if these guys convince you to part with money, report it to them as well. By all means, do not let a cold caller remotely access any computer that contains any personal information. The last thing I want is for you to have a loss to report.
It would also seem that you can reduce these calls by blocking the phone number 1-645-781-2458. But not all of their calls come from this number, and it’s really only a matter of time before they start spoofing a different number on caller ID, so that’s not a complete fix.
If you really are having computer issues, contact a legitimate computer professional. If you want to be really safe, ask the technician or the shop if he or she is CompTIA A+ certified. That’s the proper certification for fixing this type of issue. I know plenty of talented technicians who don’t have that credential, but asking for that credential is one way to weed out the scammers. A+ covers enough ground to remove the virus and perform whatever other basic repairs your computer or operating system needs to work properly.
The other thing I want you to know is that no legitimate company will call you and offer technical support. You call them.
I hope I just saved you $175.