How the Microsoft/LogMeIn support scam works

By Brett Winterford on May 18, 2011 3:28 PM
Filed under Security

Page 1 of 2 | Single page

Comment: Don't fall for dodgy 'support' calls.

On Friday I experienced first-hand the methods by which scammers are attempting to dupe Australians into paying for software to remotely “fix” computers that just ain’t broke.

The call came through to my home office via VoIP, and while I was in no way fooled by the scam, I could well imagine the less computer literate making a horrible mistake – hence my duty to report the experience.

The caller claimed to be from the “computer maintenance department” of a company called “Online PC Manager” (the web site for which can be found here).

According to the caller, I was registered in “Windows Operating Services” (excuse me?) and was being called because of bad data “installed on all Windows computers”.

In a weird twist of logic he asked me if I had a computer, and whether it ran Windows. These people aren’t trained particularly well. But the script does get a little more clever once you buy (or pretend to buy) their story.

The offer of remote support starts with asking the victim to press the Windows button and ‘R’ – which brings up the ‘run’ dialogue.

The victim is then asked to type in ‘inf’, which takes you to a Windows Explorer window listing files used to install the Windows Operating System.

These, the scammer said, are the files slowing down my system, downloaded from “watching videos on the internet”.

He was offering to connect me to a “technician” to fix the problem before I stopped his sales pitch.

Other users have reported being asked to type “prefetch” into the run dialogue and being given a pin number to use in a LogMeIn session to give the ‘technician’ access to the computer.

I didn’t quite let him get that far, as I thought it best to come clean with him, tell him I knew what was going on, and see if I could induce him to tell me who he was working for - it sounded like a crowded call centre in the sub-continent to me. (And mate, if you happen to be reading this, my offer still stands!)

I have included some of the transcript from our conversation on the following page.

But more importantly, what you need to be telling your less tech-savvy friends and relatives is that companies like Microsoft and LogMeIn don’t randomly call home users offering remote support.

Unsolicited "support" calls are most likely a scam,aimed at convincing you to buy security software you don’t need, and maybe even stealing information from your PC.

iTnews journalist Liz Tay gave her mother some great advice on how to deal with these guys. String them along, and just when they think they have a sale, ask if the Windows button is supposed to look like an apple.

What are your tips for dealing with remote support scammers? Comment below.

How the Microsoft/LogMeIn support scam works

20 comments in this discussion

"I was amused as I am running Windows 7 with a non admin account so trying to get to Computer Manager or Event Viewer brings up the User Account control dialog which was not in their script and had ..."

By techo_bp

Tags

microsoft, support, scam, logmein, inf

Microsoft kicks off 'two year' XP countdown

IT price probe to 'name and shame' gougers

Chrome outpaces Internet Explorer

China blesses Google-Motorola marriage

Breaking Stories

Hackett steps down from Internode

ACCC approves Optus NBN deal

Australia shares $2bn Square Kilometre Array

RIM to cut 2000 jobs

NSW retains right to veto data centre co-tenants

Readers of this article also read...

Comments: 20

trekpenchant May 18, 2011 3:41 PM	Did they hang up on you? I got through to asking them what company they were from, then asked in my best official sounding voice for their name, and they hung up! Had I gone further, I would have like a return phone number (to pass on to scamwatch) and then to let them know I have all Macs at home!
trance1937 May 18, 2011 3:48 PM	"I could well imagine the less computer illiterate making a horrible mistake" Brett, you may want to read that again?? Those pesky typos. I have had at least ten of these calls, and after a similar tolerant listen, shut them down with a similar response. They keep calling back so their process and records are rubbish as well.
BrettWinterford May 18, 2011 3:54 PM	Holy cow trance that was a shocker. I would fire the sub but we're in Fairfax territory on that score. @trekpenchant - I left the end of our conversation off as that's where I revealed my hand to him, made him an offer to come clean. He has my details and I hope he's going to come back to me on it.
davmel May 18, 2011 4:12 PM	If the USA can find Osama, why can't they get a team of Navy seals to break into the office of these scammers and shoot them in the head??????
marcusg May 18, 2011 4:44 PM	@davmel It took 10 years to find Osama and at least 2 years to report this scam in ITNews. I don't like their chances...
Ace May 18, 2011 4:56 PM	I have had at least 2 phishing calls, but they have hung up pretty quickly once I ask a question.
BrettWinterford May 18, 2011 5:12 PM	@marcusg - to be fair, we reported the scam a long time ago, I only posted this because I took the call myself, felt like sharing it.
SHK May 18, 2011 10:58 PM	I got a similar call in early March; I played along and recorded details to report to SCAMwatch. Anyway, the first fellow asked me to open my "inf" folder the same way you described, and told me that the files I'm seeing are harmful infectious files. I used a worried voice, and upon thanking him profusely for his offer to help, he gladly answered my request for his name and company (www.youronlinepcdoctor.com.au, 03 90160638 -- his name was very western-sounding, whilst his voice had a strong Indian accent, so I doubt he gave me his real name). He then passed me onto his supervisor, who asked me to open my "prefetch" folder. She asked me how many files I see, and when I said "about 1000", she gave a few dramatic "Oh my God"s, followed by "They are all harmful and they're all infectious." I then suggested that I just delete them, to which she replied "It is not advisable to delete these files on your end." She then directed me to logmein123.com. I waited for my VM to boot while pretending that my PC had frozen (she helpfully pointed out that it MUST be because of my infection). When I was in, she instructed me to click on the login button. The system refused me entry, and she explained that my "software warranty has expired". And for a 1-time registration fee of $299, I get a lifetime warranty plus free assistance for all the other computers in my home. Apparently, it's a bargain because "software warranties cost around $400-$500 in the local market, excluding monthly fees." Apparently, they also "Work under the Australian federal laws, and won't collect personal information without consent." She gave me a 6-digit "warranty code" to enter into logmein123.com, at which point I said I wanted to reconsider as I'm a student on a budget. Annoyed, she said I should've told her earlier as they offer student rates, for 1-year warranties. I restated that I wanted to think about it some more, and she exploded: "This is not a sales thing that you need to think about!" (I didn't write down the rest, but it was a long, heavy warning about the risks of having my PC unprotected by a warranty)
rycrozier May 18, 2011 11:10 PM	Nice investigative work @SHK. Abuse seems to be a common thread in high-pressure sells.
marcusg May 18, 2011 11:46 PM	@BrettWinterford My apologies Brett. I've not taken a call from them but about 2 years ago my BIL did.
BrettWinterford May 19, 2011 12:09 AM	@SHK thanks for going one step further than I did!
SHK May 19, 2011 1:14 AM	I did some searching after my 1st post, and found out that many many others have done similar things (just Google "logmein123"and "scam") http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam even contains links to audio recordings! (some of the conversations are hilarious)
Full Screen May 19, 2011 8:45 AM	I was with a customer yesterday and we received a call from Microsoft Windows Services ( I think - his accent was so strong we had real difficulty). I played along and he directed us to Event Viewer - and he asked us if there were any warnings and errors. There were heaps of thes and he said this was really bad. We hungup because of his accent. My comment is that when they get their victims to go to Event Viewer and see the inevitiable errors and warnings - the victim often panics and pays up. I have had many calls from my panicked customers about these Event Viewer errors and ask me if they should pay up and if the errors are serious - unfortunately I don't know how to reply to this one. I guess some of the errors can be ignored but others are serious. And another unanswered question is if you do pay up - what do they do to clean up the event viewer ?
wooden May 19, 2011 9:51 AM	Hi Checked out the details of the website registration for http://www.onlinepcmanager.com/. Its registered to an address in India to one Rajiv Jalan.
sandmanracing May 19, 2011 9:51 AM	The abuse is correct, but I have managed to do one better. After the 3rd call (I lost count after 20 of them) I told the bloke to stop and listed out my qualifications. I was then told to "go forth and procreate with myself" on a number of different instances. It really amuses customers when this happens on speakerphone too - (Me) "Which computer? I can see at least 100 of them right now" (Call Center) "The one in front of you right now sir" (Me) "Mate, I'm in front of a loaded rack with 5 blade chassis' - which one?" (CC) "$%@%$!#..." @Fullscreen, many of those "errors" or "warnings" relate to services stopping and starting during the startup/shutdown phase of Windows and are not really issues at all. But for the end user they see all of these standard warning symbols (stop signs and exclamation marks) that worry people who don't understand the processes involved.
SHK May 19, 2011 10:48 PM	@Fullscreen, to add to what @sandmanracing said, most of the errors and warnings are part of the NORMAL operation of Windows; nothing is wrong -- there is nothing to clean up. If you pay up, you won't get anything useful back because they are scammers -- they'll take your money but won't help your computer. @wooden, good work. I wonder who has the authority to knock at their door to investigate...
nileshparmar May 20, 2011 12:30 PM	i also had same call twice ...i posted the whole details of scam on facebook to alert others and also sent emails to every one to not to fall for this scam, too bad no authority is trying to stop them, how ever current affair had eisode recently on this scam hope more and more non tech savy people learn about the scam.. my friedn also got this call and he hanged up saying i use Mac heheheh LOL
Mordd May 23, 2011 9:16 PM	Thanks for sharing everyone, i've gotten a good laugh out of reading the article and all the comments. Have to say the string them along and then ask if the windows button is meant to look like an apple is pretty priceless, I think I'd use that one myself if I got one of these calls. Also sandmanracing's story is quite amusing "Mate, I'm in front of a loaded rack with 5 blade chassis' - which one?" - LMAO very nicely played.
midspace May 24, 2011 10:50 AM	Strange how two of your wirters had similar articles in less than a week. http://www.itnews.com.au/News/257998,bogus-tech-support-may-have-merit.aspx
techo_bp May 26, 2011 3:42 PM	I was amused as I am running Windows 7 with a non admin account so trying to get to Computer Manager or Event Viewer brings up the User Account control dialog which was not in their script and had them really confused! LOL They also got angry when I said I did not want to click on the remote support link.