Credo Technology Group, LLC

PC cleanup scammer calls Microsoft Malware Protection Center expert. Hilarity ensues.

IT World – March 13, 2013

What’s a bad day for a scammer selling bogus Windows PC clean up services? How about accidentally dialing a guy who works in Microsoft’s Malware Protection Center!

Phone scams are a numbers game. You dial, most people hang up in your ear. Of those who actually answer, only a small fraction are gullible enough to fall for your scam.

What you really don’t want is to waste time on the line with somebody who’s actually an IRL (in real life) expert on the topic that’s the subject of your scam. Alas, that’s exactly the situation that “David” found himself in when he randomly dialed Joe Faulhaber, a technician in Microsoft Corp.’s Malware Protection Center (MMPC).

Faulhaber described the encounter in a blog post last week, “When fake malware phones,” that’s a good read if only to understand how scammers are playing on consumers’ lack of technical sophistication to fool them into buying useless or ineffective products and services.

In Faulhaber’s case, the story started with a call from a man who gave his name as “David” and who said he had a “report about my computer being infected with a virus at their website.”

Faulhaber, who had heard of this kind of PC cleanup scam decided to play along. He allowed “David” to walk him through the steps needed to detect viruses and “junk files slowing things down.” As in other scams of this sort, this included calling up the Windows event viewer (“eventvwr” from the RUN menu) and various log files and then getting all jumpy about what was there – an IE crash event, some errors the printer kicked off and lots of DCOM errors that “are in every event log I’ve ever seen.”

“David” asked Faulhaber if he knew what those error messages meant, to which the MMPC tech replied honestly: “Yes.” No matter. Faulhaber was then told to use the RUN dialog to perform a search that pulled up a list of setup and log files for his Windows system. When asked if he knew what they were, Faulhaber said “Yes. They’re setup files and logs for Windows,” but he was told that “No,” they mean his machine was infected by a virus and that the files and events he was viewing were “junk files caused by the malware.”

Sadly, at that point, Faulhaber tired of playing dumb and told “David” that he worked for Microsoft’s Malware Protection Center. No surprise, the scammer was undeterred and “gamely asked for my employee ID,” Faulhaber said. Nice – if I can’t scam you, at least let me steal your identity!!

Of course, these scams are no joke. In fact, if allowed to play out, the scammers behind such operations will typically ask their marks to download and install a program that gives the “technician” the ability to remotely connect to- and control the victim’s PC for the purpose of “cleaning” the virus (that is: deleting the harmless files they claim are malicious.) For the privilege of doing that, FTC announced a crackdown on such operations with six lawsuits filed in US District Court in New York in October of last year. The CommissionFTC Chairman Jon Leibowitz said that at least 2,400 people in the U.S. were fooled by such scams, and the real count is almost certainly higher. In announcing their cases, the FTC released a phone conversation between an FTC investigator posing as a victim that sounds an awful lot like the call that Faulhaber received. So much for the deterrent effect of Federal prosecutions!

The bare fact is that many of these scams operate from outside of the U.S.’s jurisdiction. And, because they play on users’ lack of security knowledge and training, the scams will always find a ready population of victims.

What’s to be done? Microsoft advises consumers to refrain from purchasing any software or services from someone who calls you claiming to be from Microsoft or another technology. Beyond that, consumers should never agree to give a stranger remote control of your computer, or provide credit card or financial information to a phone tech support operator who called you. Instead, take down their name and number and report it to the local authorities.