Going Viral

So, over the past couple of years there's been a lot of people getting phone calls from somebody claiming to be a Microsoft engineer, and that they've detected a virus on their computer so they need to allow them to fix it. Clearly it is a scam, with the overall objective being to get money out of you somehow (usually either accessing your computer remotely whilst you provide card/banking details, or by encouraging you to purchase software from the caller). The rumour/urban-legend website Snopes.com has a write-up on this particular scam for anyone interested in reading more about it.

For quite a while I have only heard other people's stories about receiving these calls, but haven't received one myself. However, this week I got one of these calls whilst at work in the pet shop (hence why it is getting posted here). The caller had an Indian accent, and it sounded like he was phoning over the Internet because the line was particularly bad. Sadly, I did not have the organisational skills and planning to get ready for this phone call, therefore had no software running to record the call. There are plenty of videos on YouTube where people have recorded the call: sometimes just for the purposes of warning people about the scam, and sometimes because the receiver wants to mess around a little themselves :) Unfortunately, all I can offer is a from-memory transcript:

 "Hello. I am calling from Microsoft's computer maintenance department. We have detected possible viruses on your computer. We will put you through to a trained Microsoft engineer who can help you with this problem."
 - Okay
 "Do you have a computer with Microsoft Windows XP, Vista, or 7 installed?"
 - Yes, yes I do.
 "Are you in front of that computer right now?"
 - Yes, yes I am.
 "Okay. Do one thing for me. Close down any programmes you are running."

Those few words, 'Do one thing for me', became extremely annoying as the conversation continued. At one point I just wanted to shout, 'YOU SAID DO ONE THING! I'VE DONE LOADS OF THINGS!'

 - Okay
 "Have you done that?"
 - Yes.
 "Okay. Do one thing for me." (grrrr) "In the bottom left corner of the screen, can you see a button with the four-flag Windows logo and the word 'Start'?"
 - No
 "Please look in the bottom left corner of the screen."
 - Okay
 "Can you see the four-flag Windows logo?"
 - No
 "Please tell me where you are looking"
 - In the bottom left of the screen
 "Have you closed all programmes down?"
 - Yes
 "Tell me, what do you see on your screen?"
 - I see, C:\> and a blinking cursor.

I was tempted to suggest that I was using a Mac, but knew that the phone call would end very quickly so, yes, I instead said I was looking at a DOS screen.

There was a pause.

 "Tell me, are you using a Windows PC?"
 - Yes
 "Do one thing. Restart your computer and tell me when you see the desktop."

I made the caller wait for a while whilst I pretended to restart the computer.

 - Okay, it has loaded.
 "Do one thing for me. Can you see the four-flag Windows logo in the bottom left corner of the screen?"
 - Yes! Yes, I can.
 "Do one thing for me. Make one single left click on it. Tell me, what do you see?"
 - A menu!
 "Tell me, do you see the word 'Computer' or the words 'My Computer' on the menu?
 - Yes, I do.
 "Which? 'Computer' or 'My Computer'?"
 - My Computer
 "Okay, do one thing for me. Make one single right click on 'My Computer'."
 - Okay
 "Tell me. What do you see?"
 - A menu has popped up.
 "Okay. Do one thing for me. Make on single left click on 'Manage' on the menu."

He then guided me into Event Viewer and asked me to scroll all the way down through the logs looking for any red circles or yellow triangles. These are fairly normal on a Windows PC, and can refer to anything from missing drivers, old registry entries, programmes closing down unexpectedly, etc. Even a brand new PC is likely to have some and it isn't necessarily anything to worry about.

 "Do you see any red circles or yellow triangles?"

Clearly, I could (as would 99.9% of anybody else taking a look on their own computer), but I decided to lie.

 - No
 "Please scroll all the way down to the bottom, slowly. Tell me, do you see red circles or yellow triangles?"
 - No. All I see are white speech bubbles with a blue letter I in them.
 "Have you scrolled to the bottom slowly?"
 - Yes.

 I was then guided into another section of the event logs, and again asked to scroll through them all. I continued to say that I saw no error or warning symbols, but the caller was equally persistent.

 "Please scroll again to the bottom of the screen. Tell me, do you see any red circles of yellow triangles?"

I was then cut off. I thought that was the end of it.

Then he called back, asking the same question again. I decided to give in.

 - Yes! Yes I do!
 "Tell me, how many do you see roughly?"
 - Oh, maybe a dozen.
 "How many?"
 - A dozen.
 "How many?"
 - A dozen.
 "How many do you see?"
 - I see a dozen
 "How many red circles or triangles?"
 - ... I see twelve.
 "Oh, that is a lot. Do you have any idea what these might mean?"

I had a feeling I was about to be told.

 - I guess they are just some kind of error on my computer
 "These are all errors on your computer. Viruses, malware, and attacks when you are using the internet. Some will show files being stolen from your computer, or downloads that you don't know about."
 - I see.
 "Tell me. Do you notice your computer getting slower?"
 - Yes. I do. It is very slow.
 "That is because of these errors. Okay, I can fix this for you. I am a trained Microsoft knowledge engineer. This is perfectly normal and legal."

I raised a smile at this point. Thank goodness he said it was legal, I was worried for a moment.

 "Please close down all programmes."
 - Okay
 "Now, look on your keyboard. Do you see a button on the bottom left that says 'Ctrl'."
 - Yes
 "Next to that, is there a button with the four-flag Windows logo on it?"
 - Yes, yes there is.
 "Okay. Do one thing for me. With one hand, press the key with the four-flag Windows logo on it, and do not let go."
 - Okay
 "With your other hand, press the R key. That is R for Romeo. Have you done that?"
 - No. I can't.
 "Why not?"
 - I'll drop the phone if I use both hands.

 A pause...

 "Do one thing. With one finger, press and hold the four-flag Windows key. With another finger, press the R key."

 The Run box popped up, as expected. I was then instructed to type a web address into the run box and press 'Ok'. It took me to http://www.ammyy.com, a website for remote-access software. A relatively safe piece of software, as long as you are only letting trusted individuals access your computer for good reason (i.e. not a random telephone caller).

The caller asked me to download the free software, and let him know what I could see. The website clearly stated that administration rights were not required for installation.

 - It says I need administration rights for installation.
 "Pardon? Tell me, what do you see?"
 - It says I cannot install this software. I do not have administration rights.

A few seconds passed, then the conversation continued except with a new voice. I'm guessing I was passed over to somebody else.

 "What do you see?"
 - A box says I need administration rights to install this software.
 "Are you logged in as the administrator?"
 - I'm logged in as Christopher
 "Are you using an administrator account?"
 - I'm using my account. It said 'Christopher'. That's me. I clicked it.
 "Is this your computer?"
 - Yes. It's mine.
 "Is the account you are using, an administrator account."
 - It's my account.

This repetitive questioning went on for a bit until I was handed over to yet another person.

 "Tell me. What do you see?"

I gave in...

 - I see the Ammyy icon on my desktop. The software has installed.
 "Okay. Please double click the icon and tell me what you see."

I hadn't actually even downloaded the software, never mind installed it. I quickly went to the website and, fortunately, they had a page with programme screenshots.

 - It says Ammyy Admin. And has a lot of numbers.
 "Okay, do you see the words 'Your ID'?"
 - Yes
 "Please tell me the number beneath that."

The screenshots only show a sample ID number of '123'. Obviously this wasn't going to be a valid ID so I quickly made one up.

 - 4, 2, 5, 7, 6, 3
 "Is that 425763?"
 - Yes
 "The ID number should be a seven-digit number. You have given me a six-digit number."

Dammit!

 - Oh, sorry. There's a zero at the end. It's 4, 2, 5, 7, 6, 3, 0."
 "Okay, just one moment. I will pass your ID number to our Microsoft advisor."
 - Okay, I'll wait.
 "I'm sorry. That is not a valid ID number. Please tell me again what the number is."
 - 4, 2, 5, 7, 6, 3, 0
 "That is not valid. Is your number 4, 3, 5, 7, 6, 3, 0?"
 - Uh... yeah! It's a three, not a two, sorry.
 "Just one moment whilst I pass your ID number to our Microsoft advisor."

I waited a moment. Again, a new person came onto the phone.

"The ID number you gave us is false."
- Oh, well, I don't know. I'm just reading the one that...
"Are you joking with me?"
- Pardon?
"Are you making a joke with me?"

I pretended to be confused and hurt by this accusation.

- No! I'm just reading the number you've told me to read.
"You are making a joke! Why are you wasting my time?"

Oh, the irony.

- I'm not. I'm just doing what you've told me.
"If you don't want your computer fixed, I'll just hang up."
- No, please, I want it fixed.
"You are wasting our time. We are just trying to help you fix your Microsoft Windows PC."
- Yes. Please fix it for me.
"You are giving us pretend ID to joke with us."
- No. I am reading what it says. I don't understand. I just want you to help me. Please help me.
"I am hanging up now."
- Please don't.
"I shall now hang up."
- ...
"I am going now, goodbye. We tried to help you."
- Please help
"Goodbye"

At thus the call ended.

I guess I find it amusing that a person calling from a 'company' that is trying to scam people out of money, ends up accusing me of wasting their time.