Your scam is bad, and you should feel bad

“You don’t have any kind of regret that you’re preying on people who don’t have computer knowledge, that you’re picking on elderly people, that you’re trying to scam people?”

Each tech support scam call has some bit of weirdness. The technicians insist they're not from Microsoft, they're actually from "Windows technical support" or something similar. They sometimes tell victims that their computers are not infected with viruses but with "online infections," which are "much more powerful than local viruses" and can crash a computer at any time.

When they're called out as scammers—or when their victims say they have Macs instead of Windows PCs—the scammers sometimes take to insulting the people they were trying to extort. At other times, they keep going through the script as if they're still talking to a complete idiot. Eventually, they all hang up.

When it comes to calling out scammers for blatant lies and shaming them for criminal actions, no one did it better than BBC reporter Kate Russell. A year ago, Russell was told by her step-mother about a call from a "nice gentleman from an Indian call center" claiming that her computer was infected with a virus. Russell took the next call herself and posted the audio for all to hear.

Russell asks the scammer to explain how he can know each time a computer is infected:

Scammer: In our London office we have got a server and, in that server we keep track of all the IP addresses, and if those IP addresses, if any of the IP addresses blinks in red that gives us an indication that there might be online malware infections that are in the system. Russell: Let me get this straight. You've got servers in your head office which are connected to every computer in the country, and any time somebody has a piece of malware, you get a little flashing light.

The scammer goes on to say there is a "master computer" used by the US Army and UK authorities, and that his firm can access its information through its server.

Russell: Your supercomputer that's got a flashing light for everybody in the country connected to the Internet, it must be really huge. It must be amazing, I'd love to see it, because I really like shiny sparkly things with lots of flashing lights. Do you think I could come and see that computer? Scammer: Absolutely. Russell: When could I come do that? Scammer: We are open from 9am to 6pm, Monday through Friday. Russell: And where are you based? Scammer: It's 123 Baker Street, Westminster, London. Russell: You gave my father an address of 124 Baker Street yesterday. Scammer: The server is at 123, that is the server room. It is a different room for technicians, we are in 124 Baker Street. Russell: Have you ever heard of a program called BBC Click? The technology program? Scammer: Yes. Russell: I’d really be interested. I’m one of the presenters on BBC Click. I’ve been working in the technology industry for 15 years. I’m a reporter. And I know for a fact that what you’re saying here is the biggest load of [bleeped] I’ve ever heard in my entire life. There is no way you have a server connected to the Internet that is monitoring millions and millions of IP addresses and will flash a red light at you if they're infected with malware or a virus. Scammer: Uh huh. Russell: Do you like coffee? Scammer: Yes. Russell: Because I also happen to know 124 Baker Street is a branch of Costa Coffee. You know what, I have my own coffee machine at home so I don’t need to visit you to get coffee at 124 Baker Street. You guys are scamming people. I’ve had several people complain on the Internet to me already about the scams. You’re preying on old people, on people who haven’t got much computer information and technology knowhow, and I’m afraid I’ve been recording this telephone call and you can consider yourself being thoroughly investigated.

Incredibly, the scammer continues as if Russell had said nothing at all, saying "OK, thank you for your time, we will be waiting for you. We will be open 9 to 6. Any time you feel you can just visit us and speak with the server team, OK?"

But Russell wasn't done. "That’s all you have to say?" she added. "You don’t have any kind of regret that you’re preying on people who don’t have computer knowledge, that you’re picking on elderly people, that you’re trying to scam people? I know for a fact you're not going to just charge £80, and actually what you're doing is not removing a virus. You’re just deleting a few broken files from installations and service updates... Don't you feel bad?"

The scammer hung up.

The Internet gets angry, and clever

“While he was telling me about the dangers of all the harmless debug messages in Event Viewer I pulled up an elevated command prompt, ran 'netstat' and copied down the results.”

Russell is not the only one to get aggressive with a tech support scammer. Just last week, a British man living in Germany named Steve Paine allowed a scammer to install remote desktop software on his computer so he could obtain the person's IP address.

"Just to let you know, the call is being recorded here, and I’m a journalist and also a security expert," Paine told the scammer. "And I have also been communicating at the same time with some people who are on the Internet, this has been streamed live on the Internet. And I now have your IP address, your name, and your company name, and I will be following this up as a security issue because I believe you have tried to hack my computer. Do you understand what I’m saying? Hello?"

On the lighter side, one reddit poster named aveilleux really wanted a tech support scammer to call him. Waiting for such an occasion, he had prepared an unpatched Windows 2000 virtual machine and a flash drive filled with viruses. After toying with the scammer by pretending not to know what a keyboard was, he let the "technician" take remote control over the system. He put the viruses in an archive titled "bank_data.zip" and put some you-will-want-to-scoop-your-eyes-out pictures from a notorious subreddit into a file called "passwords.zip." He recounts what happens next:

Naturally, the guy at the other end of the line grabs passwords.zip and bank_data.zip and uploads them to a fileshare server. (Why he didn't just use the LogMeIn VPN is beyond me.) I make a note of the deletion links. This takes maybe 45 minutes (I have a fast connection). After that's done, he snags some files from \WINNT\ (to grab registration info and such; of course, the system's data is all incorrect). I get a call from Jason [the scammer]. "Okay, Mister aveilleux. We have all the information we need and we'll be back in touch with you if we need anything." "Thanks much, Jason. I hope you enjoy my data as much as I did." "I'm sorry?" "Never mind. Goodbye!"

One Ars commenter with the username Albatron reports getting in on the action, feeding the scammers an elaborate set of lies.

"The 'Expert' directed me to install TeamViewer, which I did. I let him into my PC and watched him open Event Viewer and show me all the messages. While he was telling me about the dangers of all the harmless debug messages in Event Viewer I pulled up an elevated command prompt, ran 'netstat' and copied down the results," Albatron writes. "By then he had stopped talking and was asking me what I was doing. I told him I was 'backtracing' him and that I was 'behind 7 proxies'. I also told him I worked for the FBI as a DBA (none of which has a shred of truth). He told me he was only 17 and had been working at the company for just 14 days. I asked him where they were based out of and he told me Orlando."

The tao of the troll

Are those who troll the scammers performing an important public service? While we hope the FTC crackdown has a chilling effect, we've already seen "Windows Technical Support" squads continue to operate as if nothing is amiss. If they're making tens of millions of dollars, as the FTC claims, why would they stop? Ultimately, they'll keep right on scamming until no one is gullible enough to fall for it anymore.

If the people trolling the scammers—even the ones who may just have a little too much free time on their hands—can help prevent the tech-illiterate among us from being duped, they'll have made the world a little safer. Anyone who has ever visited the Internet knows that trolls often waste their talents by raining down insults on people for "crimes" such as using one or another smartphone platform. But in this case, they have at the very least found a worthy target for their wrath.