The following is a writeup on someone’s conversation with a phone scam artist on how they operate. It’s fairly comprehensive and makes for an excellent behind-the-scenes look at the life of a scam artist.
This all started out when I received a random call from a Texas number on Memorial Day. Being that it was a holiday and close to the 9:00 PM cut off for telemarketers to call, I had a feeling what it was going to be. I have been called 8 times prior with the same type of scam so I was prepared.
SA= Scam Artist
SA: “Hello, my name is Kumar and I am calling from Microsoft Tech Support.” Oh great, I was right. Let’s have some fun.
Me: “Let me guess, my computer is sending you virus alerts and you need to remote in and ‘help’ me.”
SA: “No sir, it is sending us errors and yes I can help you clear this up if you let me remote into your computer” Being that I work in I.T. I know exactly how this is going to work and figured I would have some fun.
Me:”What is the MAC Address of the computer?”
SA: “The MAC Address? I do not have that sir.” Of course you do not.
Me:”Okay, I know what you are going to do so just cut the crap, I am not going to give you anything, so just let it go and stop calling me” SA: ” Sir, I am trying to help. Please let me help you”
Me: “I have all the help I need, so really this is not going to work. You are not from Microsoft, you are not going to help me. You are going to make my financial life a living hell by stealing my card and/or messing with my computer”
SA: Listen here you *insert multiple expletives* I live in Afghanistan and I am going to send people after you” Sure you are.
Me: What’s the closest city to you within 10km. No response? That’s what I thought, where in India are you?”
SA: *Insert multiple expletives*
After about 5 minutes of going back and forth I had had enough and figured I would try a different tactic because I have always been curious.
Me: “So does this ever work for you guys? I am sorry for the banter back and forth but I am actually curious.”
SA: “Yes it does. A lot.”
Me: “How does it work exactly?”
He then gave me more information than I ever thought he would.
There is usually 3-10 people working for the “company” and usually operate out of Mumbai, Delhi or Hyderabad. They [the scam group] rented a small office under a 3rd party. They use a fake name when signing the lease and have equipment that is provided by the 3rd party aka bankroll.
I asked why they use Microsoft as a company. Reason being is that Microsoft and Geek Squad is well known by Americans and people who are not technically inclined are more willing to believe that it is the company as opposed to using a company no one has ever heard of. They use the phrase “sending errors” or “sending virus reports” so they can strike some fear into the target.
I asked how he got my phone number. He told me that they will purchase call lists from companies that harvest the data from sites where people enter their phone numbers into forms. They are usually purchased for roughly $.02-.$.20 per number. After they have their list, they use an auto dialer that is populated with the numbers to make their calls. If someone hangs up or does not answer, it is recycled back into the system to be used again at a later time.
This was the most interesting part of the call. Take in mind that at this point we were chill with each other and that I was not going to do anything on my side. If someone wants them to help them, they will remote into the targets computer by using an RDP software such as LogMeInRescue or Windows RDP. At that time they will “run the software” that is set to automatically show a problem even if one is not present. They then tell the target that they can clear the virus/problem off the computer for $21 USD. When the target either enters their card number or gives it over the phone, that is when it is tracked into a database that includes the target’s name, card number, expiration date and CSV (3 digit number on the back of the card) They will either purchase items online or try to contact the bank that the card is off of and use phishing tactics in order to try to get the account number. It only works sometimes due to strict banking policies, but sometimes they get an employee who gives the information over the phone thinking it is the real person. The online purchases only work sometimes as well. My own card has had fraud on it previous out of Australia and was flagged by my bank as suspicious and my account was frozen. If neither way works, they will compile a list and sell the card numbers to someone who will try it all over again.
If someone raises suspicion after they are already RDPed, the virus scan program has already attempted to install a key logger. Key loggers work by running in the background outside of the normal processes in task manager. It works as a Malware on the computer and is detected with software such as Avast or Malwarebytes. Most free software does not running active scanning, so by the time it is detected, the scam artist has already been monitoring all the websites and keystrokes on the target’s computer.
Be careful out there.