# Tip on how you can identify a "Microsoft scammer"



## ShelLuser (Jun 20, 2013)

Now, I realize all too well that this message may be completely out of place (then again; it's off topic for a reason) because I'm positive that there will be plenty of you out there who would welcome the chance to tell a so-called Microsoft representative something along the lines of: "_So my Windows has a nasty virus and you need access to clean it? Amazing! Especially considering that I'm using a (FreeBSD/Linux)-powered X.Org desktop. I know FreeBSD runs Linux binaries, but Windows too? Cool! Say, I can give you shell access to my jail though.._".

But what if you're also using Windows? Worse: what if you're dual booting and at this point are not fully sure if your FreeBSD environment really didn't do something "icky" with your Windows environment? Can you be sure that net/samba4 didn't do "something"? (yes you can be sure, if you had doubts then rest assured: they're misplaced).

Or what if you're in my place? Running a company from home which also happens to be a recognized Microsoft business Partner (registered with the Microsoft Partner network) and maintains a Microsoft TechNet subscription as well? It wouldn't be the first time where Microsoft uses call centres which don't really give you a professional impression.

In some cases you simply need to be sure that you're not dealing with an "el-cheapo" (pardon the expression) call centre which only calls you to put you through to someone "up the ladder" instead of one of the many organized scam centres.

Yes, you may have guessed: today I got a call from the US and it turned out to be a group of scammers. Quite the experience. And since this forum is the one I frequently visit I figured I'd dump this story here as well.

*What (not) to do?*
Rule 1: If you have doubts then put down the phone. You won't offend anyone and in this day and age it really is better to be safe than sorry. When in doubt hang up the phone. If the call was genuine and important then rest assured that you will be called again. But also realize that a company like Microsoft does not "just" call its customers.

But if you're in the mood, or really want to be sure, then this may help.

In most cases the scammers will present you a story that there is a problem with your Windows environment and that you risk major issues. I reckon they'll make stuff up as they go along and most likely will swap stories between your Internet provider disconnecting you, your e-mail getting blocked and what ever more.

The moment they start telling you that "your Windows is insecure" ask them for an IP address. They really don't like that one   If they don't understand what you mean or if they start telling you something along the lines of: "We don't know IP address" then you can safely conclude that these are scammers.

Rule 2: Never forget that their primary target are computer illiterates. Their personnel claims to know a lot, but in fact you will most likely know a lot more.

Ask why they didn't contact your provider; and insist that they give you an IP address if you need to be extra sure.

At this point it really should be perfectly obvious what is going on.

But if you're up to it then there's another point I'd like to point your attention to:

Optional rule 3: Collect as much information as you can and report the abuse to Microsoft.

I'm _very_ serious and realize this could most likely be a sensitive topic.

After all: Microsoft and listening to their customers? We all know better. And trust me: most of us really do (myself included). Take their recent XBox announcement and the way they quickly turned 180 degrees after all the negative comments. THEN they started listening, not when all the real fans sent them many of their suggestions. (For the record: I own a PS3 ).

And that's just one example; that stupidity (personal opinion) spreads wide and deep. 

I think we can all agree that Visual Studio, Microsoft's main development platform for all their environments (from Windows and ASP.NET right to their Windows Phone), is a huge asset for them. Yet they easily released a new version which quickly gave 13,000 developers a headache. What else would you expect if you throw away all the colours and theme options which your customers got familiar with? Worse: instead you only give them "light" or "dark"?

Yet Microsoft needed to see _thousands_ of developers cry out in plain disgust before they finally came up with a solution which eventually allowed us Visual Studio users to apply the same colour scheme to Visual Studio 2012 which most of us got used to while using the previous Visual Studio 2010 (for the record: I'm using a licensed ("Professional") version of Visual Studio 2012 and if it wasn't for their colour plugin I would have tried hard to get 2010 instead).

I know my optional rule 3 may sound stupid. But before you laugh and dismiss it please hear me out.

Microsoft is like ancient Rome. One end doesn't know or sometimes even understand what the other end is doing. And although I'll easily admit that I have some bias I think their abuse report system (and everything behind it) is pretty on the mark.

Like them or not: they are hell-bent on trying to put a stop to scammers and script kiddies. Maybe for the wrong motivations, perfectly possible, but in many cases they did get the job done.

Alas; it's not my intent to start a whole discussion (though I'd welcome one) but if you're in the mood and feel like doing "something" against the scammers and kiddies I really want you to consider collecting everything you can and send it straight to the Microsoft abuse report.

*You got scammed?*
I suspected foul play and the first thing I did was open OneNote and started typing away, starting with the phone number, even turned the whole conversation to speaker phone here and there.

For your fun & entertainment, I'll share "abuse-transcription.docx":


```
"Met Peter xxx" (xxx: censorship at work ;))
"Hello, we are Microsoft call centre calling, how are you today?"
"What is this about?"
"We are Microsoft call centre. You use Windows right?"
"So what is this about?"
"You have yellow mark on Windows. Indicating dangerous problem with Windows version."
"Could you give me an IP address so that I can verify your claim?"
"No need, we need you to start (horrible phonetic Dutch following:) remote hulp up ap stund?"
"Why? Considering that you can't even give me my IP address. Does my Internet provider know about this?".
"Yes, they gave us your contact information".
"So what's my name again?"
"You need to do this quickly before virus spreads and you lose all your data".
"Sounds like your calling from a call centre. I take it you warn many people?"
"Yes, Windows has many problems".
"So why don't you know my IP address? Could I talk to your division manager please?"
"No, you need to start program".
"What is your name again, I really need to know?"
"Why you need to know?"
"Because my company is a Microsoft reseller and we've been contacted by Microsoft about this. They request that we record as much information about any contact with Microsoft in order to help them with marketing purposes as well as against protecting from possible scammers" (total lie).
"<click>"
"Hello? still there?".
```
That was sort of fun 

Alas, true story. Hope some of you can find this useful.


----------



## jozze (Jun 21, 2013)

Nice expression ... "el-cheapo" :e.

I like how you structured your document, feels almost like reading something from the HOW-TO section :e.

I don't have these problems, but I do get emails from "the bank of Zimbabwe" claiming that I will get 1,000,000 â‚¬ if I give them personal data, because I am the "legitimate" heir of some guy who passed away. It would be nice to get such phony phone calls though, I could use a little entertainment.

As for the Visual Studio colors ... I think that Microsoft is really raping people with their own vision. If you install that thing, it's like they own your computer and not the other way around (NSA backdoors were discovered a few years ago, giving them power over your entire computer... that is supposed to be secure?). They are trying to enforce file standards, they are trying to enforce their new vision of GUI and they are trying to enforce colors it seems. With this clumsy policy they are making enemies from their costumers, instead of bringing them to the flock.

I gave up on Windows quite a while ago. But here's a true story about my recent experience with rigidness of MS Windows. My girlfriend installed Windows for her dad, and it didn't support the language (he doesn't speak English) because only Premium has international languages support (there are Home editions and so on with one fixed language but at the time the native language version was unavailable). I am used to having freedom to tweak things. I know Microsoft is taking that away, by limiting the user, but I thought, they wouldn't be such bastards to actually close language support, so I advised her getting it anyway. Needless to say, it was a bad decision. She got the Premium version, and managed to set up the language properly so in the end, everything was resolved as it should, but she did have to repeat the entire install process, and we know that time is money.

To return to MS Visual Studio, @ShelLuser I know you love vim, and don't you try to deny it! :e Why can't you use it on Windows as well? There you have all existing 256 colors at your disposal :e!


----------



## SirDice (Jun 21, 2013)

I keep dropping my phonenumber hoping some of these scammers might call me. Unfortunately they never do 

It would be so much fun to see how they'll cope with an RDP session to a FreeBSD desktop :q


----------



## drhowarddrfine (Jun 21, 2013)

> ...realize that a company like Microsoft does not "just" call its customers.


And that's all you need to know. 

I've not had such a call but, in the past, whenever I got such things, and telemarketers, I'd say, "Just a minute, I've got to get the front door", set the phone down and never pick it up. After 10 minutes or so, I'd check to see if they were still there. If so, I'd apologize and tell them I needed another minute, set the phone down and go about my business.

Eventually they give up but you'd be surprised how long some of them will stay there. Time is money and the longer they hold the fewer contacts they can scam. It's a total win!


----------



## fonz (Jun 21, 2013)

ShelLuser said:
			
		

> For your fun & entertainment, I'll share "abuse-transcription.docx":


I seem to remember there are a few of those on the web, maybe even on YouTube  Some of them are quite entertaining.


----------



## gkontos (Jun 21, 2013)

SirDice said:
			
		

> It would be so much fun to see how they'll cope with an RDP session to a FreeBSD desktop :q



Believe me it can get quite disturbing when they send you an email with a screenshot trying to RDP to a *nix box.


----------



## Crivens (Jun 21, 2013)

gkontos said:
			
		

> Believe me it can get quite disturbing when they send you an email with a screenshot trying to RDP to a *nix box.



So you have goatse as a background?

:e


----------



## ShelLuser (Jun 22, 2013)

jozze said:
			
		

> I like how you structured your document, feels almost like reading something from the HOW-TO section :e.


Oh darn, you're on to me 

I somewhat consider this to be a trial run. Currently working on my own contribution to the HOWTO section, but work tends to get in the way every now and then.



			
				jozze said:
			
		

> To return to MS Visual Studio, @ShelLuser I know you love vim, and don't you try to deny it! :e Why can't you use it on Windows as well? There you have all existing 256 colors at your disposal :e!


While that is completely true there's one small problem with this approach: I'd have to somehow script the compilation and deployment part of my ASP endeavours myself, and although that is perfectly doable; for example by scripting the use of csc.exe (many people don't realize that if you install .NET you actually install a full blown SDK), its still time I'd rather use to post some sillyness like this up here


----------



## ShelLuser (Jun 22, 2013)

SirDice said:
			
		

> I keep dropping my phonenumber hoping some of these scammers might call me. Unfortunately they never do


Yeah, that's basically what triggered my post up there. I read a lot about those scams in the (local) papers but didn't really expect it would happen to me. Right now I'm almost 3 years "associated" with Redmond and only now did they manage to somehow track me.

When looking back I should have asked them how they got my number, but alas; when looking back it's always easy to come up with stuff like that.



			
				SirDice said:
			
		

> It would be so much fun to see how they'll cope with an RDP session to a FreeBSD desktop :q


Oh, I'd pay to see something like that 

I can see it now: their malware is made to work thanks to Wine but doesn't manage to call back because you might have had some icky problem in your Jail which you were going to solve "tomorrow". NOW you might be able to use them as your personal helpdesk to get rid of that problem for you :e (I wouldn't count on it working though).


----------



## jozze (Jun 22, 2013)

@ShelLuser, the idea also crossed my mind to write a how-to, but my idea is, I think, pointless.

I was thinking about writing how to reinstate life to your computer that you just destroyed (software), without resorting to reinstall. So, something went horribly wrong (during a world upgrade let's say), you don't have backups, and you don't want to spend another two days tweaking the system to your liking. However, the more experienced users don't really need that (they probably already know how to handle such situations a simple usage of chroot and live media is enough), and if a problem occurs to newbies, they can always ask on this forum.

Maybe it would be useful to someone who crossed over from Linux though, since UFS works differently than ext? (question mark is a wildcard) filesystem, and in Linux I don't remember using fsck so often...


----------



## jozze (Jun 22, 2013)

Crivens said:
			
		

> So you have goatse as a background?
> 
> :e



Young and innocent as I am, I didn't know what goatse is, so I googled it ... I am shocked and speechless. I hope I'll regain my appetite around lunchtime.


----------



## sossego (Jun 23, 2013)

MS Scammer Extraordinaire said:
			
		

> May I have your credit card number and bank account information?





			
				MS Scammer's Wife Mademoiselle Extraordinaire to Monsieur Scammer  said:
			
		

> Be sure to send them a thank you note, honey.





			
				MS User said:
			
		

> Gee. That sounds legit to me.



And everyone was happy.
The end.


----------



## jozze (Jun 23, 2013)

Hahaha :e, nice one, @sossego!


----------



## Uniballer (Jun 23, 2013)

drhowarddrfine said:
			
		

> ...I'd say, "Just a minute, I've got to get the front door", set the phone down and never pick it up. ...
> Eventually they give up but you'd be surprised how long some of them will stay there.



For similar fun at work in the mid 90's, I remember transferring evening telemarketers to the paging system out on the manufacturing floor.  Everything would be quiet and then you'd hear a booming, "Hello? Hello? Is anybody there? *click*"


----------



## throAU (Jun 24, 2013)

Rule 1: If you've been called by "Microsoft" then it is a scam.

End of rules.


----------



## gkontos (Jun 24, 2013)

Getting a bit off-topic now but I wonder how many companies have trained their users for potential social engineering threats.


----------



## KARNVORbeefRAGE (Jul 31, 2013)

> maybe even on YouTube Some of them are quite entertaining.


Just for fun, I thought I would post two that I saw recently!
http://youtu.be/hSFRtPus3DQ
http://youtu.be/kAwZ21U_Mpk


----------



## jem (Aug 1, 2013)

I too got a call from one of these scammers last year, telling me my Windows machine was riddled with viruses.  Unfortunately I didn't have a Windows 7 sandbox VM prepared and ready to string them along through their entire process at the time, but I did pretend for as long as I could as they talked me through inspecting my Windows event log to see all the hundreds of "errors" caused by the virus (just standard Windows warnings really, that every machine has), then pretending to download their remote control tool.

It was only at the point they wanted me to run it that I told them I was an IT professional and I knew that they were scamming c**ts (pardon the bad language, but they deserved it) and I was just wasting their time for as long as I could.  Then I hung up.  I think it was a good half-hour wasted by them.


----------



## jh20001 (Aug 7, 2013)

My father called last week about someone calling him. He asked "Would Microsoft really call me to let me know my computer is affected by a recent exploit going around and they want to assist me in fixing it?". I explained to him MS doesn't care enough nor would anyone for that matter fund a department that actively tracks down bugs and notifies the owners. Now would they spy on you and be able to see what your system looks like remotely and tell if you are infected or not? Probably. I wouldn't doubt that Windows is riddled with remote backdoors for both themselves and for big brother. He said "I thought so, because I told him to **** off and hung up on him" hah.


----------



## kpedersen (Aug 7, 2013)

jem said:
			
		

> pretending to download their remote control tool..



Next time you should see if it works in emulators/wine. Relay any errors back to them and see if they can solve them (or get them to file a bug report with WineHQ )

I actually feel sorry for any spyware or virus that attempts to live within a wine prefix


----------

