Nov 27 2011

Windows Protection from Djibouti

Category: Security,SoftwareTeknovis @ 8:40 am

I recently got multiple phone calls on my landline from a support agent working for a “Microsoft Support Company” in Djibouti. The exact phone number used each time was +253 820 308, and the support agent knew my family name (it is available in the telephone directory). The support agent told me that she could see from her system that my computer was infected, and she was going to help me! Great!

Of course this is a scam, and I have heard of it many times. Unfortunately, not everybody knows this, and I know somebody who was conned in this way.

I had never received such a call before, so the mischievous streak in me decided to play along with the support agent :) I must stress that I knew what I was doing, and in general I would not recommend this! I was also curious to know exactly how the scam worked.

I made myself look like the ideal target for the support agent, because I claimed not to know much about how computers work, and I was very eager to pay for the support agent to fix my problem. I was not doing anything that required too much concentration at the time, so I was willing to waste the support agent’s time. In the end our conversations spanned three phone calls, and lasted for about an hour and twenty minutes in total.

The way the scam works is that the support agent firstly tries to get the victim’s confidence. So I was told about the dangers of computer viruses, and how easy it is to become infected. I agreed with this, and we spent several minutes discussing this. I then confirmed that I had been feeling tired and run-down recently, so I suspected that I had indeed got a virus from my computer. This caused another lengthy explanation :D

Next the support agent gets the victim to download some software that allows the support agent to remotely control the victim’s computer. This took more than half an hour to achieve for a variety of reasons. I was given many instructions for trying to start my Internet browser (such as Ctrl + R, Start + All Programs), but none of them appeared to work. The support agent was becoming frustrated at this stage, so I innocently asked her when I should turn on my computer :D

Over the next half hour the support agent got me to download remote access software from the following web sites:

I do not know if these are legitimate sites or not. Regardless, in each I was asked to download an executable file, and then run it. Much to the support agent’s frustration, the files kept producing errors when I tried running them. I offered several times to pay her there and then by credit card (using a test number of course) for her to fix the problem, but she told me that I needed to run the software first. I helpfully suggested that it was probably due to the virus, but the support agent dismissed this idea :o In hindsight, it was probably because I was using Ubuntu :D

At this stage the customer support agent had to consult with a colleague (for the second time). By the time that she phoned me back I was bored of her, so I told her than I had bought a new computer since the last call. The dismay in voice was noticeable!

The moral of the story – if you get one of these calls you are probably best to tell the support agent that you do not have a computer!

Tags: ,