Here's what happened when I got the Windows tech support scam phone call
Other folks have been pestered by Mr. Walker's staff, apparently (CallerCenter.com)
I love when scammers call or write to me. I wish they'd do it more often; it feels kind of like Christmas. I finally got the faux Windows support call just now. I got a *little* bit more detail from the unsuspecting scammer (and his manager) which I'll happily share. I tried to scare poor "Andy" as much as I could when I finally outed myself, though sadly, I don't think I scared him straight.
In case you're not familiar with this gag, it's old, but pretty effective.Cold caller says something like, "Isn't your Windows computer running frustratingly slow?" And since the odds of that are exactly the market share of Windows, it's a pretty good shot in the dark. After performing a few magic tricks like getting a unsuspecting user to pull up a yucky-looking log file, operators say they'll fix your PC for a small (really big) fee. Here's how it went with me. Before we start though, just a quick tip - learn what traceroute is (check out this guide: traceroute by ThousandEyes) and use it whenever you receive one these calls and any form of connection is established. You'll see why later.
Sign up for Bob Sullivan's free email newsletter.
After calling and missing me perhaps 50 times during the past few weeks, I finally picked up when 546-541-1231 rang me. Someone named Mario said he was from "Support Desk America" and that their servers had registered some errors coming from my computer. He said he was in Irvine, Calif., but the are code - 546 -- is odd. It's "unassigned." But there's sure a lot of complaints about calls coming from that area.
How did they have my number? Well, when I registered my computer, I gave them my number. And my computer is telling their servers about its errors, Mario said. Then he told me to run the "assoc" command from a command prompt, which simply lists files and program associations at a command prompt. Magic Trick No. 1. At the bottom of the list is a Class ID which looks something like this. "CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" Mario reads it off to me allegedly to prove that I am a genuine Windows license holder, but really just to establish credibility. Magic Trick No. 2. ("Wow! How did he know that unique code on my computer!?!?!?" Because it's not unique, that's how. )
Mario's next idea is to find the bugs and viruses on my PC; I keep asking him how he's going to do that, but he won't tell me, other than to repeat several times that I don't have to download anything. I ask more questions. He tells me he talks to 200-300 people every day. (That's A LOT. I hope most of them just hang up, but since this scam has lived on at least four years, I suspect it's very lucrative.)
Mario keeps trying to get me to enter more commands on my PC, and I keep asking questions that confuse Mario, and suddenly he says he's switching me to his supervisor, without my asking. I consider this a victory.
A man calling himself Andy Walker gets on the phone. He says he's a technician. He's working with a team of 25 people. He even muses about getting a promotion and being in charge of more people. I say it must be hard calling people all day.
"We have to do that because that's our job," he says.
He brags that one of his employees has a 90 percent success rate at fixing computers. Like Mario, he insists we can't go on without my submitting to their diagnostic procedures, which I know will consist of pulling up a log file or something similar.
"Our sever is only capable of having certain knowledges," he says.
I'm 25 minutes in at this point and have to write stories to make a living, so I cut to the chase.
"OK, I know you wouldn't do this unless you make money, so what are you going to ask me to pay you after all this?"
Andy demurs several times, but then finally says, "There will be a charge...Once we see the infection. A charge of like $100. There are several packages that are more, but the minimum is $100."
"You call people all day and charge them $100 for reading off a Class ID number?" I ask.
"I'm sorry?"
"Andy, I am a computer investigator. I've been taking notes during this call, and I will pass them along to people who will be very interested in what you are doing. I would strongly suggest you find some other work before they find you."
"Wait, sir. But there is nothing wrong with what we are doing. We disclose the charge," he protests. "We don't charge people anything until we find problems."
"Find something else to do."
"But sir..."
"Good luck to you." Click.
Yes, Mr. Walker, there is a long string of misleading things in this dialog that would seem to qualify as unfair and deceptive under state and federal law.
As for the more journalism-y stuff: There is a "Support Desk America" website. I have no idea if it is affiliated with Mario and Andy, though it says it offers similar services in the U.S., U.K., and Australia. There is bad spelling "Can I leave a voice massage...?" Emails sent to the contact address there are returned as undeliverable. A phone call to the U.S. 800 number lands in a mailbox that is full (I guess I can't leave a massage...). The registration information for the site is masked through DomainsByProxy; a traceroute seems to suggest the server is indeed in California, near Los Angeles.
While all this sounds farcical, please talk to your less-computer-savvy friends about this scam. It obviously works. There's enough magic tricks and truth in here to fool/scare/intimidate plenty of folks.