Another day and another phone call with the home PC if infected scam. It has been a while since I received one of these windows scam calls, I thought I was out of the woods but I guessed wrong. Unfortunately for my entertainment the call was not as detailed as my other ones (you can re-visit those here and here). Regardless I wasted about 10 minutes of their time which is the goal yet they disconnected the call before I could reach the punchline. This call started like the others with a guy sounding like he was in a large call center with a heavy Indian accent saying he was calling from the Windows Service Center. First, there is no such thing. Second, he said his name was Jimmy… listen to the call, he sounds like a Jimmy.
Unlike the others this one started off with having me open the Windows Event Viewer and they were attempting to get me to look at the Administrative Events log. Then they have me look for an Error or Warning message and when I find it they make the claim that this proves I am infected, my machine has been taken over and I need to pay hundreds to fix it. It’s the same Fear approach, make the user afraid and worried to buying their scam because they don’t know any better.
The truth is when you open your Event Viewer and look through the different types of logs and entries you will see Errors and Warnings all over the place. For a regular home user that’s perfectly normal to have those in there. It’s also important to know that if your machine is in fact infected by something you will NOT find out by looking in the Event logs. Viruses and malware are designed to be hard to detect, they aren’t going to record their activity in the primary OS logs for everyone to see.
I didn’t get very far with Jimmy and the Senior Supervisor he transferred me to. I was only able to play dumb with the keyboard and make them repeat the steps over a few times. My ISP had serious lag issues and with my phone through the same ISP the connection was terrible and they disconnected out of frustration or they caught on early.
The same rules apply and you need to spread this to the less-than-technical people you know:
- Microsoft, Windows, Apple, or any other company will NEVER call you to tell you your machine is infected.
- No company will ever ask you to login or they will shut off your account or computer. Let them, call the company directly and they will tell you it was a scam.
- Your machine cannot be disabled, deactivated, shut down by anyone unless you ‘pay’ to clean it. That’s a scam, don’t worry.
- If Western Union, Wal-Mart, FedEx or any other money transfer service is involved it’s a scam.
- If you are unsure, hang up and go ask someone that knows.
Every time I get one of these I have my trusted HD pocket recorder and a speaker phone to record them. The more you hear them and give them to people you need to hear them the less chance of these scam working. The sad part is that the calls are so common because of their success rates. People do pay these people, inadvertently install full remote control software and have their files leaked off, lose hundreds on non-existent software or worse. Spread the word. When you get calls like this waste their time.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.