Paul Kilfoil's World of Travel, Technology & Sport



Posted on  by Paul Kilfoil.
Like this story...?

 
 
 

 

On Saturday morning 24 September 2011 I received a telephone call on my land line at home (which is also my office ; see my blog about working from home). It was a lady with a broad Indian accent, very obviously calling from a foreign location (there was a slight but definite delay characteristic of long distance or satellite calls). She told me a long story about how "the Windows users" had been reporting problems with their computers and because their records indicated that I was the registered owner of a copy of Microsoft Windows she was calling to find out whether I had similar complaints. I could not establish exactly who these "Windows users" were. It was clearly a scam of some kind, but what was scary was that she had all my details - name, address, home phone number, the lot. And I am indeed the owner of a legally licensed copy of Microsoft Windows. She insisted that she was calling from my home town, although I could hear that this was most definitely not a local call. When she quoted my phone number back to me she included the country code (27), which nobody would ever do for a local call.

I decided to play along for a while to see where this went. She told me to turn on my computer (it was already on), and via a series of childlike instructions instructed me to open the Windows Event Viewer. She then asked how many errors and warnings I could see in both the "Application" and "System" event logs. Now, as anybody who has ever had any dealings with the Windows event logs will know, there are always a few errors and quite a number of warnings in there, even on well-maintained systems ; my computer is a development machine and is no different. When I told her more or less how many errors and warnings I saw, she professed to be very alarmed, and told me not to touch anything because my computer was "infected" and "could shut down at any time". But not to worry - help was at hand, because she was going to connect me with a technical support person who would guide me through a procedure to fix my "infected" computer.

By this time it was getting laughable. I told her that I knew about the Windows events logs and that some of the errors in there were due to applications I had written and was testing. This did not throw her at all. She insisted that I must NOT under any circumstances click on anything or look into the errors, and simply repeated this mantra when I said that the errors in the event log were MEANT to be looked at!

She said that she would put me through to a technical support person who would guide me through some steps to "fix" my computer. Yeah, I thought, it would fix it all right. But first I had to go to a certain web site and log a support call. The URL she gave me was www.logmein123.com, and when I browsed to this site it redirected me to "https://secure.logmeinrescue.com", a simple screen requiring the entry of a six-digit code (see the screen-shot on the right). It was difficult to tell whether this was a scam site or not ; it was a proper URL (not simply an IP address) and it had a valid SSL digital certificate supplied by Thawte.

The woman told me to enter the six digit unique code I received when I purchased my copy of Windows. I nearly burst out laughing - there is certainly a unique code for each copy of Windows but it is way longer than six digits ; if Microsoft used a six digit code for Windows then they could only sell a million copies of the software before running out of numbers! I told her I could not remember my number, at which point she expressed further alarm and amazement but not to worry - she could give me a code to use but I mustn't tell anybody else what it is. After a brief pause she came back and said that I must type in "123455", a small variation on the old favourite "123456". I wonder why she didn't give me a more random-looking number? Surely anybody with half a brain would have become suspicious by now?

While she was talking (and she did a lot of talking) I quickly searched on the internet for the words "Logmein123" and "scam". No surprize - there was quite a long list of web pages where people had reported being phoned from a so-called technical support centre and told to visit the "Logmein123" site. I looked at a few of these pages and they all said it was a scam. There was even a page on the official Microsoft site saying it was a phone scam and nothing whatsoever to do with them. It appeared as if the goal was to get the user to configure their machine to allow external attackers to take it over and use it for their own purposes - steal bandwidth, look at saved data, harvest your email address book, the list is endless. It also sounded like the "Logmein123" web site was legitimate, and that the scammers were merely using it as a front to make their call appear more authentic.

By now I'd had enough. I interrupted the woman and told her that she was talking hogwash and that I knew it was a scam. But she was tenacious, I'll give her that - she persisted in trying to get me to enter "123455" on the "Logmein123" site and to hang on while she transferred me to a technician. I laughed at her and said that she'd wasted fifteen minutes of her time and racked up a big phone bill for nothing, because I had no intention of doing anything she told me. There was a brief silence then a stream of words in some foreign language (Hindi perhaps?) and she hung up.

This type of scam was a new experience for me. I've had people trying to get my credit card number or banking details and have won several thousands of millions of dollars from various lotteries and from people in Nigeria, Ghana and Sierra Leone, but never had anybody trying to take over my computer while talking to me on the phone! And how did they get my details, some of which I don't publish anywhere? Scary, but ultimately it was a rather amusing interlude in an otherwise uninteresting day.

[Update 1] I received another call like this on 16 January 2013, also an India-sounding woman telling me my "Windows computer was infected". I didn't have the patience for games this time and the caller hung up very quickly when she realized I wasn't about to co-operate.

[Update 2] Since I wrote this story I have received so many of these calls that I've lost count. Usually I just tell them to stop wasting my (and their) time and hang up. The sad part is that I know people who were taken in and parted with lots of money before realizing that it was a scam.


  © Paul Kilfoil, P O Box 1091, Sun Valley, 7985, South Africa