The Tampa Post’s technology Q&A columnist received a letter this weekend (toward the bottom of the link) about Windows tech support scammers. From the article:

The people performing the hoax sound remarkably professional and officious.

Depending on what you say to them, results vary a lot. When they call me, they’re anything but professional. Especially lately. They seem to be OK when they don’t think they’re talking to a computer professional. Mention that you do this for a living, that you have an advanced certification, or that you wrote a book, and they turn vicious fast.I agree that if the idea of talking at length with criminals makes you uncomfortable, the best thing to do is hang up on them or tell them the only computer you own is a Macintosh or a Chromebook or a Commodore VIC-20 and let them hang up. Or better yet, block scam calls entirely.

Then again, if you’re moderately technical–and I’m pretty sure I lost almost all of my less-than-moderately-technical readership many years ago–you may very well be doing a service to society by messing with these guys. You can easily waste 15 minutes of their time by playing dumb and fumbling around trying to pull up Event Viewer. Then, once they manage to talk you through pulling up Event Viewer, you can turn the tables on them by discussing the difference between an event and an incident.

They would have you believe every event in your logs is an incident–some malicious person actively doing something to your computer that they ought not be doing. That’s not the case at all. Everything in Event Viewer is an event–the computer’s reaction to its environment. It’s data, pure and simple.

Determining whether those events mean there’s an incident going on is an entire field unto itself, and someone reading from a script for $6 an hour can’t do that kind of analysis. I worked in that field for about nine months before moving into threat and vulnerability management. I could be a competent incident responder but I find threat and vulnerability management work a lot more interesting. My brethren in incident response make a lot more than $6 an hour.

Whatever you do, don’t let these people scare you. I had one tell me he’d cancel my Windows license if I didn’t pay him $500. I didn’t pay him, and he didn’t cancel my Windows license–becuase (drum roll) he can’t do that.