Microsoft scams just got .... creepier

carrcomp

carrcomp

Well-Known Member
Reaction score
178
Location
Barrie, ON
Well, as IT professionals we both love and hate the Microsoft scammers.

As a remote support company, we hate them even more, because they give remote support a bad name.

But this one was new ...

Customer called in from the bank. He was with his banker cancelling his account and opening a new one because he just provided all of his banking information to "Microsoft"

So, my reaction is to educate the customer to just hang up next time. Microsoft can't see anything on your computer etc etc.

Customer : "Well, how did they get on my computer then?"

Me : "Well, when they took you to their website to download their software ..."

Customer "We didn't go to a website ... the Teamviewer window just popped up and I couldn't move the mouse anymore."

Turns out, Teamviewer was downloaded and installed on his computer through a drive by infection. It then gave unattended access to "Microsoft" who used the features in Teamviewer to turn off the local input.

They aren't even calling people anymore, they just wait for a new system to show up in their list.
 
I had a client tell me the same and that the guy (from India) could see her through her web cam.
They were calling her 3-4 times daily, (her computer was off) so I told her to call her phone company and explain to them that she fell for this scam and to have all 3 numbers blocked.
She actually paid $ 148.00, and they would have to update every month so that the virus would not come back.
Poor elderly lady.
 
So your client doesn't remember where he got teamviewer from? It must be a licensed version or how would they know the randomly generated password the free one provides? Generally on a clean out we don't yank teamviewer but now might start checking them. Most infections we see are using logmein, we haven't come across "microsoft" using teamviewer yet.
 
Thanks for the info, yeah so they must be using a particular TV account to set these up to do unattended logins. That should be easy to spot.

We used to yank all login programs but we heard a little noise from customers that have accountants doing remote logins to keep their books up to date. :(
 
carrcomp said:
Well, as IT professionals we both love and hate the Microsoft scammers.

As a remote support company, we hate them even more, because they give remote support a bad name.

But this one was new ...

Customer called in from the bank. He was with his banker cancelling his account and opening a new one because he just provided all of his banking information to "Microsoft"

So, my reaction is to educate the customer to just hang up next time. Microsoft can't see anything on your computer etc etc.

Customer : "Well, how did they get on my computer then?"

Me : "Well, when they took you to their website to download their software ..."

Customer "We didn't go to a website ... the Teamviewer window just popped up and I couldn't move the mouse anymore."

Turns out, Teamviewer was downloaded and installed on his computer through a drive by infection. It then gave unattended access to "Microsoft" who used the features in Teamviewer to turn off the local input.

They aren't even calling people anymore, they just wait for a new system to show up in their list.
Click to expand...

I have one on the bench right now. The customer refused to pay so the "Tech" from India put a password on her PC and locked her out and told her it would be $399 to unlock it. I tried using NT Password Unlock but it does not see any administrator accounts. I am looking at having to reload from scratch.

She also assured me she did not click on or download anything the tech was already in her PC when he called. And also was watching them thru the webcam.

This is very scary!
 
I wonder how effective MBAM is at blocking these downloads, i.e., how aware are they of which sites are used in this scam? Anyone done any autopsies on infected systems to determine the browser history at the time TV got installed?
 
jamesp4330 said:
I have one on the bench right now. The customer refused to pay so the "Tech" from India put a password on her PC and locked her out and told her it would be $399 to unlock it. I tried using NT Password Unlock but it does not see any administrator accounts. I am looking at having to reload from scratch.

She also assured me she did not click on or download anything the tech was already in her PC when he called. And also was watching them thru the webcam.

This is very scary!
Click to expand...
Give a read

http://www.foolishtech.com/viewtopic.php?f=9&t=1758
 
jamesp4330 said:
I have one on the bench right now. The customer refused to pay so the "Tech" from India put a password on her PC and locked her out and told her it would be $399 to unlock it. I tried using NT Password Unlock but it does not see any administrator accounts. I am looking at having to reload from scratch.

She also assured me she did not click on or download anything the tech was already in her PC when he called. And also was watching them thru the webcam.

This is very scary!
Click to expand...


So is this the Syskey scam again? Try 123,1234, etc
If just can't login 'cos password changed \ set then just delete \ rename SAM from a PE or Linux boot. There may be more sensible ideas - but that's me;)
 
We've done a few autopsies recently for the logmein, haven't seen the TV version yet, and found most stumbled on rouge Chrome downloads or free game downloads and the file they downloaded was packed with the malware as well as the intended file. One such customer did the fake Chrome download two days in a row (facepalm) before we just jumped that hurdle for him and installed Chrome. I'd bet most of these infections were from packed downloads.
 
A message popped up on a laptop we are working from "Microsoft" instructing us to call Microsoft as we had a virus!!!!!!!!!! The number we were told to phone is 08006101013. So I did........... Long story - short.
"now Sir, just press the windows key and R. Type www dot support dot me and enter this code." I didn't of course but I kept the guy talking for half an hour until it was closing time and I had to go home. I even told him him he was a scammer but he kept to his script. I recorded it for my own amusement. :)
 
I just had two this week but not as sophisticated has the OP's.

One shithead, err spammer, fooled the client into going to a website and allowed him access. Thankfully she called me while he was working his magic and I had her disconnect the Ethernet cable. I just did my normal virus removal dance and all is well.

The other asshole, err spammer got in the PC the same way but set a password. My elderly client also called me crying hysterically. The fuckwad was asking her for a credit card and claimed that he would only bill her $2.00. My client asked if she should pay it! I kept telling her to hang up on him but she kept insisting that I talk to him. I finally convinced her to hangup or I would. She said the man was angry she wouldn't pay the ransom! Some set of balls.

While trying to remove the pw he set with NT offline the 15 year old, 42 pound desktop started to freeze during the BIOS. I told her it wasn't worth fixing. Lucky she had an old XP laptop that I transferred all her stuff to. Even her old graphically challenged Create-a-Card appl designed for Win 95! BTW, she had 12 GB of data/pics over the years just in that card program!

The second customer called the police. I was real glad they showed up and will follow up. Usually, non-violent white collar crimes go unpunished. Use a pen as a weapon and you're a businessman. Use a joint and you're the scourge of society so the man spares no expense and they send SWAT in at 4 AM for a personally unique style of a wake up call. Makes no sense but it is what it is.

Why do people keep falling for this nonsense? I got another call a few months back on my biz line from some buttmunch claiming to be from the IRS and that I owed them money.

I had this joker going round and round for 5 minutes before he cursed me out and hung up in utter frustration. I pretended to have a stutter. Hhhh how mmmm mmm mmuch dd ddd do III owe owe owe yyyy yyy you? My wife and Granddaughter were crying from laughing so hard.
 
Ha! We really need to program some cool traps for these clowns to fall into. I'd love to have them connect and then pwn the hell out of their machines.
 
Had a customer the other day at my other job call up saying that after she picked up her computer she still couldn't get online and she tried to call us and left a message as we were closed when she called, and then she got a call from someone calming to want to help her, she said it was an american lady so she thought it was us for sure and then she said the lady transfered her to an indian guy who ended up charging her a few hundred dollars on her credit card and a lil on her debit card and she did wise up and realize that it wasnt us and she called the banks and filed disputes to have those charges removed. She was so cunfused when she called up and told me what was happening to her and i said if it was us calling we would clearly state so and we never call customers saying theres something wrong with their computer, unless they have their computer dropped off with us and i'm calling to see what they want me to do with it.
 
You must log in or register to reply here.

Similar threads

Velvis
Cleaned up a scammed computer and a weird command prompt window showed up
2
Replies
26
Views
828
Markverhyden
Markverhyden
NETWizz
New Laptop Woes
Replies
13
Views
813
HCHTech
HCHTech
HCHTech
Outlook New rant
Replies
12
Views
580
dcomp12
D
D
How are you folks handling Scam Popups
Replies
10
Views
971
Markverhyden
Markverhyden
thecomputerguy
Punishing clients for their transgressions.
Replies
6
Views
386
sapphirescales
sapphirescales
Back
Top