I’m all torn up this morning. I’m torn up because Microsoft has sued a couple of tech support scam outfits for misrepresenting themselves and violating Microsoft trademarks.
I’m torn up because it’s taken this long. I’m also torn up because this may mean I’ll never get to see what kind of hilarity would ensue by telling a scammer with a fake western name that my name is “Suchita.” In the deepest voice I can muster, of course. Keep in mind that if I sing in falsetto, I’m a tenor. Also keep in mind that nobody wants to hear that.
But torn up as I am, I understand.
First, it’s always going to take some time to build a case. This is something Microsoft doesn’t want to lose, so they have to make sure they can’t lose on a technicality or an oversight.
Second, Microsoft has to find the scammers, and find a way to get them in front of a judge in a U.S. jurisdiction. That was almost certainly harder than it sounds. I’ve actually told most of the scammers who call me, toward the end of the call, that in calling me they’re violating Missouri and Federal laws, and that by misrepresenting themselves, they’re violating Microsoft’s trademarks. Every last one of them has simply laughed at me and said they don’t care about United States laws where they are in India.
That tells me the people actually making the phone calls are difficult to reach, if not impossible, and bring to justice in the United States. I don’t know how Microsoft’s lawyers are solving that problem, but that’s why they’re lawyers and I’m a security professional who tries to keep lawyers content.
The other important thing is that Microsoft has actually set up a web page where you can report tech support scams now. Actually getting enough information out of a phone call to be able to report them can be difficult–only one of the scammers who has ever contacted me gave me a URL and a phone number–but if you manage to get the caller to give you a web site or a phone number and a company name, you can report them to Microsoft at http://www.support.microsoft.com/reportascam.
You better believe I reported the outfit who called me back in May 2013.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.