DO NOT CLICK the yellow triangles, they're MALICIOUS CODES
December 7, 2011 7:26 AM

How should I best amuse myself at the expense of fake tech support scammers?

They've been working my town for the last few months and they finally got around to calling my phone this evening. So I played dumb and let them walk me through finding warnings (onoz!) and errors (ZOMG!) in the Windows Event Viewer, then let them open a LogMeIn Rescue session to "fix" my "viruses" - all on a slow and unresponsive virtual Windows box with nowhere near enough RAM or CPU time allocated ("yeah, this computer's pretty slow, I've had it for about ten years"). After watching them fail to make any real progress for a highly entertaining hour or so I cut their session off, claiming I had to go to bed; they rang back, and I've promised not to use the computer until they call back on Saturday morning.

It was a lot of fun working the other side of the tech-support-vs-naive-user conversation, and it was even more fun watching them tangle with Internet Explorer 8's in-your-face first-run pop-ups and new tabs at grindingly low speed ("yeah, it's been really slow lately, specially since I let my nephew try to fix it") and now I'm looking for truly inspired ways to cause them pain and suffering when next they call.

Apart from reverting the VM state every time they get me to restart it, what should I do to them? Anybody know of a good source for particularly irritating adware I could preload? Anything that makes it take longer for them to get their fake AV product going would be great.
posted by flabdablet to Computers & Internet (39 answers total) 42 users marked this as a favorite
Hmmmm, I was thinking something like installing Ubuntu, then installing something like XPGnome to make it look like Windows on the surface. If they're clueless enough, once they start looking under the hood they'll get really confused. You could install WINE so that it will (sort of) run Windows executables, for extra confusion.

But maybe it's too late for that, since they've already been snooping.

Couldn't you install some software (Adaware or something) that detects their adware, which they will uninstall, then you reboot after the uninstall. But instead of rebooting, you just set the VM to the pre-unistalled state? That would get frustrating for them.

Or, maybe set the available RAM for the VM really low, and turn swapping off. That way, you get continual out of memory errors.
posted by Philosopher Dirtbike at 7:38 AM on December 7, 2011


It's not computer specific, but you can always waste their time with the telemarketer counter-script.
posted by EndsOfInvention at 7:41 AM on December 7, 2011


Install as many different free AV programs as you can find.
posted by EndsOfInvention at 7:42 AM on December 7, 2011


Just to be clear, I'm using a VirtualBox VM with Windows XP installed and 192MB RAM allocated, hosted on my elderly (2001) Dell laptop which runs Debian Wheezy. The dear old laptop only has 512MB total RAM and rocks a Pentium Mobile 1.6GHz, so it's a fairly unpleasant VM host.

And yes, I've been reverting to the most recent snapshot on every restart. Two rounds of that and they walked me through starting up in Safe Mode ("Look at your keyboard. Do you see a row of keys at the top, eff one, eff two, eff three... no, don't turn on the computer yet. Oh, you did turn it on? OK, turn it off again. (looooooong wait) Now this time start tapping F8 with one hand while you press the power button with the other hand...")

Install as many different free AV programs as you can find.

EndsOfInvention, that's a really good idea. Might need to move the VM to a more capable host to make it even vaguely feasible though :-)

"So did you use the machine at all since Wednesday night?"

"No, all I did was put some antivirus programs on there." Tee hee.
posted by flabdablet at 7:46 AM on December 7, 2011


What is it, exactly, that the scammers are trying to accomplish? What's their end goal? Are they just trying to install ad/malware? Or is there more to it than that?
posted by Juffo-Wup at 7:51 AM on December 7, 2011


You can generally get yourself infected with the good ones by visiting sites listed in malwaredomainlist. Win32/FakeSysdef is particularly annoying as it hides every single file on the local disk. To mimic the same effect as installing as many AV programs as you could find...you could also install trial versions of Norton or Mcafee security suites (or both)...those are performance annihilators!

Drop the ram down even moreso to make it rely heavily on virtual memory. Get as many toolbars as possible on your browser. Have it launch iTunes in startup. Ok disregard that last one, it was just pure evil.
posted by samsara at 7:51 AM on December 7, 2011


I had them calling me too a while back, and felt bad that I hadn't been able to waste any more of their time. It's just been so long since I've used Windows at all that I couldn't play along convincingly, so I ended up just lecturing them.

The guy at Hacked Gadgets just did a very lengthy piece on these guys. He kept them on the phone a long time, and did end up getting some additional information on what exactly they're up to:

Part One
Part Two
posted by ernielundquist at 7:56 AM on December 7, 2011


Nthing the toolbars! More toolbars! Tons of toolbars! Go toolbar crrrrraaazzzyyy!
posted by Falwless at 7:57 AM on December 7, 2011


Put Norton on it.
posted by Runes at 8:16 AM on December 7, 2011


If you have QoS on your router you could degrade the bandwidth to dial up speeds, 2400 baud or so should be about right.

Have a script looping in the background somewhere eating processor cycles.

Create and keep open a 100Mb word document :)

Make sure that your home page in IE is either a) full of flash/javascript/java apps b) shocking p*rn or c) a site describing the Microsoft Support Scam
posted by hardcode at 8:41 AM on December 7, 2011


Do you speak a foreign language? You could make him sit through an ongoing game of telephone as you translate everything going on in this support call into French / German / whatever - for your wife who is in the room with you. You need to do this because she is very frightened of getting a virus in her email. Her friend told her that the viruses come when you are doing these support calls, so she needs to monitor everything to be sure.

And just for your own satisfaction, you can actually just mouth off to him in that language when you are "translating".
posted by Meatbomb at 10:00 AM on December 7, 2011


Ooh, I want to add another porn idea! While he is doing the remote connection, make his window a little smaller so that you can open and watch some of your porn cache during the service... just explain that you don't mind if he works while you continue to browse porn simultaneously.
posted by Meatbomb at 10:11 AM on December 7, 2011


Could you run a noisy dishwasher or something in the background while you talk, making it hard for him to hear and you could ask them to repeat themselves a lot. Barking dogs or kids wanting to to talk to you are also good. If you can ask them to hang on while you have a long rambling conversation with a small child about something and have them keep interrupting you.

Sorry can't offer any technical ideas but I know when I am trying to explain anything to people I hate when they aren't listening or are distracted and ask questions I just answered.
posted by wwax at 10:23 AM on December 7, 2011


If it were me, I'd go in the "let's freak them out" direction. Leave a messaging client up, and send yourself messages from a laptop or another computer while they're remoted in to your box. Tell them on the phone that you need to use the bathroom for a few, but you'll be right back.

Sample Message:

Steve_O_1980: Hey....
Steve_O_1980: I said hey, bro...
Steve_O_1980: Damn dude, I really need to talk to you...
Steve_O_1980: Shit... you're not answering your phone....
Steve_O_1980: But you left your AIM up....
Steve_O_1980: I know you're on, dude... wtf?!?!
(wait a minute)
Steve_O_1980: Dude... Nick said she never made it home last night, man...
Steve_O_1980: I didn't tell him anything, though...
Steve_O_1980: OMG man... This is so so so fucked up...
Steve_O_1980: I'm fucking scared dude.
Steve_O_1980: GODDAMNIT ANSWEER ME!!!
(wait a minute)
Steve_O_1980: I don't know what we're gonna do man, I think she's really hurt... or....
Steve_O_1980: DAMN DUDE FUCKGIND ANSWER....
posted by Debaser626 at 10:32 AM on December 7, 2011


Setup an AutoHotkey script that closes all open windows every 5 minutes. When it happens, just say "Yeah it does that sometimes".
posted by burnmp3s at 10:53 AM on December 7, 2011


If you set HKEY_CURRENT_USER/Control Panel/Desktop/MenuShowDelay to 999
then every click on the start menu will take an extra 1 second to respond.
posted by Lanark at 11:45 AM on December 7, 2011


Sir, you are a warrior of the light.

My evil co-worker suggests reading up on Windows exploits and owning the bad guy right back. How much fun would it be to own a scammer's computer?

If you don't want to play the long game and just want to smash their shit: social engineer an email address or IM handle out of the scammer and send them a big fat helping of Windows Recovery or similar.
posted by Sauce Trough at 12:53 PM on December 7, 2011


If you set HKEY_CURRENT_USER/Control Panel/Desktop/MenuShowDelay to 999
then every click on the start menu will take an extra 1 second to respond.


....?

man why does this even exist

My coworkers are going to regret this thread's existence.
posted by Sauce Trough at 12:55 PM on December 7, 2011


Now this time start tapping F8 with one hand while you press the power button with the other hand...

Be sure to tap F8 too infrequently, or at the wrong time, etc. (F8 - F8 - F8 - F8 - power on) so it doesn't boot in Safe Mode the first four or five times they try to get you to do that.
posted by DevilsAdvocate at 1:18 PM on December 7, 2011


Set the color scheme so that everything is in shades of red or maybe a reverse video effect (delete all the other color schemes so theres only one) As soon as they connect, shout "HEY what the hell did you do to all the colors!" Insist they put the colors right before doing anything else.
posted by Lanark at 2:15 PM on December 7, 2011


hardcode: "Create and keep open a 100Mb word document :)"

And make sure Word's AutoSave interval is set really short. :-)

Will you take notes* on what happens when they call back, and share it with us later? I could use some happy reading about now...

*because screencapturing it all would be evil
posted by SuperSquirrel at 3:10 PM on December 7, 2011


DevilsAdvocate: "Now this time start tapping F8 with one hand while you press the power button with the other hand...

Be sure to tap F8 too infrequently, or at the wrong time, etc. (F8 - F8 - F8 - F8 - power on) so it doesn't boot in Safe Mode the first four or five times they try to get you to do that.
"

Brilliant! And make sure the first couple of times, you're actually pressing the "F" key, then the "8" key. When they correct you, tell them they really need to speak more clearly.
posted by SuperSquirrel at 3:12 PM on December 7, 2011


Can someone explain who these fake tech support scammers are, and how they work? I'm a little worried I (or my even more computer-illiterate mother!) will be targeted!
posted by UniversityNomad at 3:38 PM on December 7, 2011


Check ernielundquist's links.
posted by flabdablet at 4:18 PM on December 7, 2011


This only applies if they're going to try to get you to pay them.

Make a list of bogus credit card numbers that do not checksum, each different from the last by one or two digits. As each one is rejected, apologize -- "Oh, I must have misread that" -- and go on to the next one.
posted by Bruce H. at 6:10 PM on December 7, 2011


Sauce Trough writes "man why does this even exist"

It's a usability option; people with poor manual dexterity (eg parkinsons) can be sometimes be helped by increased menu delay.
posted by Mitheral at 6:30 PM on December 7, 2011


OK, so I've just watched the punchline end of the second Hacked Gadgets video, where "Jack Morris" does his very best to defend the scammers' business as a legitimate support operation, and I have to say he's good at the social engineering thing.

For a while there I was actually going off the idea of causing him (or whichever version of him rings me back on Saturday) more suffering, on the grounds that I could just picture a Filipino call centre sweatshop full of earnest young tech support trainees doing their best and sincere in the belief that they're offering genuine value, working with remote support connections generated by another sweatshop full of earnest young script monkeys completely bereft of technical Clue, while Evil Upper Management chuckles and cackles and gleefully rubs its hands behind the one way glass as its bank accounts build and build and build.

But then I remembered the part where "Sam" magically morphed into "Jack" without a break, and the woeful attempt at an Australian/New Zealand accent that seemed to be necessary there. So it's game on.

I think my nephew might have loaded my VM up with a 60 day trial of Norton, and Zone Alarm, and that Spybot S&D thing that blocks every second registry access, and maybe Lanark's menu delay hack, by the time they call back. And if that leaves it with enough performance left over to run MSN Messenger (which I kind of doubt it will) I'll go with Debaser626's delightfully noir little script as well (which I will hastily close when I "get back from the bathroom").

I'm not set up to do video screencap, and since the conversations I've had with these guys so far are very similar to those recorded by Hacked Gadgets I'm not sure there will be much point in taking notes. But I will certainly report back and let you all know how long I managed to keep the poor bastard tied up :-)
posted by flabdablet at 8:13 PM on December 7, 2011


when you have had enough and want to end the call - don't hang up - just say, "hey can you hang on for a few minutes?" and put the phone down. Check back in 20 minutes - if he hasn't hung up yet, say "sorry about that, I'll just be another minute" repeat.
posted by 5_13_23_42_69_666 at 8:33 PM on December 7, 2011


An autoit script that runs every 5 minutes that moves the mouse 50 pixels or so to the left.

Or a vbscript that sends some random keystrokes... set it as a scheduled task every 20 seconds or so.

Or... something that might scare them... a email window that pops up quickly that says something like "FBI Windows Scam Swat Team Progress - contact made with 'Sam' and 'Jack' - next session will trace their IP address to their home locations and Interpol will be notified." ... or some such NCIS type computer hacking script.
posted by Admira at 10:47 PM on December 7, 2011


OK, disposable Hotmail account set up for the purpose of disturbing this poor sap's sleep - if anybody wants to help make Casanova Pain <buttbustr@hotmail.co.uk> look as dubious and shady as possible, please do.
posted by flabdablet at 2:59 AM on December 8, 2011


I don't know how much control over virtual hardware you have with the VM, but if you can convince the Windows image that your "monitor" won't support anything larger than 640x480, you can set the resolution really low and then wreak all kinds of havoc by increasing the system font size until all the (unscrollable) Windows dialogs open up showing only 1/4 of the intended screen real estate. A hundred years ago, I actually had to try to fix an old Windows 98 machine where someone had done this, and it took HOURS... they'll end up trying to make changes to system settings by using the tab index (as in, hitting 'tab' a known number of times to move focus to the desired input field based on another machine they have running locally) and trusting that the right form elements have been selected offscreen before changing it with the arrow keys.

For extra points, you can have a script running that hits tab at random intervals, and the settings would of course revert every time you rebooted the image.
posted by Mayor West at 5:37 AM on December 8, 2011


If anybody wants (shared) VRDP access to this box, shoot me a memail :-)
posted by flabdablet at 5:57 AM on December 8, 2011


I've removed all the VirtualBox guest additions, so it's a little harder to spot as a VM and runs even slower.

The Norton Internet Security 2011 installer has been twirling its nasty yellow throbber for an hour now. I'll leave it go overnight and check it in the morning.
posted by flabdablet at 8:12 AM on December 8, 2011


Look I'm going to have to object out of moral obligation: we were all fine an dandy offering some great ideas to cause pain and suffering to another human being...but Norton Internet Security 2011 is just taking this too far!!
posted by samsara at 9:56 AM on December 8, 2011


Once it's ready try constantly running a disk intensive script on the underlying Linux host. Something along the lines of a "find / -type f" or even better constantly gzip and un-gzip a big hard to compress file, that'll eat IO and CPU :)
posted by hardcode at 10:52 AM on December 8, 2011


If I start depriving this poor old VM of more resources it's going to annoy me.

Norton is still installing. Less than a minute remaining, apparently.

(whoops, it's just gone to 2%)
posted by flabdablet at 4:05 PM on December 8, 2011


....and it's installed now, with the result that on Windows login the VM crashes spectacularly and takes my XFCE session down with it. Maybe we don't need to inflict Norton on this poor schlub.
posted by flabdablet at 5:40 PM on December 8, 2011


Sorry, I'd just gotten off the phone with a telemarketer and am willing to admit that the Norton suggestion was possibly a bit beyond the pale. Y'all are right, that's just beyond cruel. I hereby withdraw that suggestion.
posted by Runes at 7:40 PM on December 8, 2011


He didn't ring back :-(

So I guess I'll just have to be satisfied with keeping him away from Grandma's machine for the two hours he'd already spent messing with my VM. Which is some kind of win, at least.

Thanks, all.
posted by flabdablet at 6:31 PM on December 9, 2011


« Older upper body strength training stalled   |   What songs are about people losing lovers to Jesus... Newer »
This thread is closed to new comments.