Telemarketers Recorded Through Virtual Machine

It’s always great news when we hear that scammers have been stopped, so we cheered when we read articles today by the Globe and Mail, ZDNET, the Washington Post, and Bloomberg, among others, describing how “U.S. government regulators announced they won a court order to halt international telephone scams in which people posing as computer technicians called tens of thousands of consumers and duped them into buying unneeded anti- virus services.” (source: Bloomberg)

Coincidentally, one of the principals of our company was recently sitting at his computer when he was contacted by likely the same individuals. He had a virtual machine handy and so spent the next 30 minutes talking to the scammers and recording how they operated (instead of working, it seems).

It’s a bit dry at times, but enjoy the video – don’t miss the ending.


16 thoughts on “Telemarketers Recorded Through Virtual Machine

  1. Fatman

    I found the video interesting, to say the least.

    I wonder, as a Linux user, how those fools would have reacted if they tried to get me to run their Windows centric software natively on Linux?

    i bet you could tie them up for the better part of an hour, trying to confuse the hell out of them. BTW, the suggestion above to get out the whip – as the brits would say – “spot on”.

  2. david

    That’s very amusing to me. I am also Canadian, and did something very similar to what sounds like the exact same caller (the “technician”, not the initial caller) with a VM. When i first accepted the remote connection, i disabled some of the types of access that were pre-selected, but as soon as they could drive my machine, they initiated a second session, with unrestricted access. I was pretty worried they were doing some stuff in the background (copying actual malicions files to the drive) that I could not see, so i eventually also turned off the VM (and actually nuked the VM file so i never accidentally started it again). After shutting the VM down, i kept them on the phone for another 20 minutes, claiming the computer shut down and would not reboot, complaining that whatever they did had fried my computer, and that i would likely lose my job, as i installed something against my company’s policy (total lie, i was not using my work computer). When i say “crying”, I mean loudly sobbing. I actually freaked out my kids, until i could later explain to them i was talking to a friend and just pretending to be sad.

    This was actually the 3rd or 4th time they called me. Previously, like other commenters, i claimed that i was following the instructions when i was not even in front of my PC. On one of the calls (possibly the same one as the VM) i claimed i needed to get the computer from the car, and kept them on hold for 20+ minutes, while i watched TV, and cleaned the kitchen.

    I figure any time they were spending with me, they were not calling some grandma.

  3. Salafrance

    The unfortunate thing is that this approach could work on any number of people – a while back I was trying to help a friend (via phone) reconnect to her Tagged account, so I tried talking her through the password reset process. This failed, so I then sent a step-by-step pictorial guide for doing the same. After another long, mystifying and frustrating call, I discovered that she’d been clicking the ‘ui elements’ in the screenshots rather than in the browser itself.

    If I’d dressed up what I was telling her, I could have gotten away with almost anything.

  4. George

    I was at my dad’s house and they called. I strung them along for about 45 minutes, and I didn’t even turn a computer on. We had a great discussion around his (lack of) knowledge around IP address space.

  5. Anonymous

    I got called by these guys – I strung them along for around 20 minutes pretending to be too dumb to follow their instructions before I couldn’t stop from laughing. So then I explained that I was deliberately wasting time that they’d otherwise use scamming some old lady. Apparently I’m ‘a ……f*cking f*cking f*cking’.

  6. Anonymous

    I Wasted about 30 minutes of their time too. I didn’t have a VM handy but they spent more of the time instructing me before asking me to go to the site that let them remote control. When they gave me that URL I connected with my iPod Touch which confused them for a bit. Soon they gave up and went away. The next day they called again and wanted my credit card info for the services they had provided.

  7. Jordan

    What I don’t understand is why they took you to — at the end there? Seems like that site only sells website packages and not any sort of anti-virus type software. The only reason I could think of was that they were just going to copy & paste your contact information without having to expose any website of their own? Or maybe that site is just a fake too? Pretty weird anyway.

    1. Anonymous

      OP here – that’s a good question. I don’t think I realized until you said it that that could be a legit website. Given how many people have been called, I don’t understand why they seem so amateur. That’s a lot of manpower poured into these calls.

    1. Fatman

      Good question.

      At work place, we have some specially prepared (1) cat-5 patch cables that are used for “morale issues”(2). You may want to borrow one of them.

      (1) The outer jacket has been removed, and the pairs have been untwisted (i.e. ‘made into a whip’).
      (2) For use on incompetent managers.

  8. Pat Kusko

    I got hit by the same guy at the end… I recognize his voice, at one point I feigned network issues asked for his number, he echoed mine whihc I acknowledged it was mine… at which point he said OK OK and hung up 🙂

    1. Anonymous

      That’s hilarious that you recognized his voice. I’ve heard that a few times – I don’t understand though, how many people could he have called?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s