This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/dakazze on 2024-11-14 20:09:17+00:00.
Since I am particularly careful about where I give out my phone number, I don’t receive any spam calls, even though I’ve had the same number for about 10 years now. So you can imagine my surprise when I received a call from Intel today!
The person on the phone had a thick indian accent even though he introduced himself as “generic english name” and told me that 4 international IP addresses are accessing my PC…
Since I had nothing important to do and I was curious I thought I’d play along and see where this takes me. So I excused myself because “I had to answer the door”. I quickly made a new snapshot of my tiny11 VM (debloated windows 11), reset firefox, deleted my network shares and disconnected my microsoft account.
Back on the phone I played along when I was told to enter “eventvwr” under win+R in minute detail: “You see the control key on the bottom left? What key is right next to it? Yes the windows key! Now press the windows key and R as in Richard at the same time”. The scammer made me navigate to the windows event log and asked me how many errors I see. “17500!!” I answered in shock at this huge number!
Now that I realized how serious the situation was I was ready to get forwarded to a support technician… (I am not quite sure if I was actually forwarded to another person or if the scammer just faked a different accent). This new support tech made me visit www.support.me and explained that the security warning that was displayed when visiting this website was caused by Firefox. I learned that Firefox is not updated as frequently as google chrome which is why these errors are common. After skipping the security warning I entered a pin to download some kind of remote desktop client via that site.
Then something weird happened. I was told to right click the desktop and navigate to display options (not sure, I am using german windows). There he told me to click a button to change the theme but he kept shaking the mouse so I wasnt able to click it. “Ahh, you see the problem?” he asked and somewhat confused I agreed… This was executed so poorly I honestly was at a loss!
The next step to solve my PCs issues was to install some kind of software but I am not entirely sure what it was. He transferred an installer file to my desktop that was called something along the lines of “Microsoft support tool”. Even though he had full remote access he made me do all the clicking “accept”, “ok”, “allow” maybe to hide the fact that he was able to control my mouse and keyboard all along. During the install process I had to set and confirm a password he told me. I am still annoyed with myself for not keeping a copy of that installer… During the whole process I had two “disconnects from the internet” to make some coffee since it was still pretty early for me…
After the software was installed he expected a new service to show up in my taskbar which obviously was not the case. Since I still dont know what that program was I honestly have no idea why it did not work but this obviously worked out in my favor. He instructed me to look for the program under the start menu and obviously he did not know what classic shell is, since he kept telling me that I am using Windows Vista, which might be the reason the support tool wasnt working… After we werent able to find the newly installed software he was clearly at a loss. I guess his script doesnt have instructions on what to do in that case because he had to call a colleague over to help him. This was when he started breaking character, talking to his colleague in indian. After trying to reinstall the software 3 times he asked me if I was using Virtual Box and since a whole hour had already passed I told him that I had fun and wished him a nice day.
I was very surprised when he acted very chill upon this revelation. He insisted that he knew all along that I messing with him and claimed that he is getting paid anyway. He wished me a nice day too and this concluded my first interaction with a tech support scammer.
In the end this was a convenient way for me to practice my spoken english since I hardly ever get a chance to talk in english. What I am wondering is why they are calling people in german speaking countries since most older people who are likely to fall for their scams dont speak english well enough to get through the whole script.
Does anyone know what the software was that he was trying to install? I sadly already restored the snapshot so I cant check.