[AusNOG] Hoax calls ?

Adrian Chadd adrian at creative.net.au
Sun Jul 17 01:53:40 EST 2011


You mean, a community-driven, open, accounted blacklist that is opt-in?

Surely not. :)

(yes, please do it. I could even be twisted to write up the code if people
committed to populating the db.)



Adrian

On Sat, Jul 16, 2011, Darren Moss wrote:
> How about we publish the offending DIDs to the list so we can block for our customers.
> 
> 
> Regards, 
>  
>  
> Darren Moss
> General Manager
> Australia and New Zealand
> 
> em3 People and Technology, Managed Technology Experts
> 
> [p] 1300 131 083 extension 105 [f] 03 9017 2287
> [e] Darren.Moss at em3.com.au [w] www.em3.com.au
> PO Box 2333, Moorabbin VIC 3189
> 
> New Zealand Airedale Street, Auckland City
> [p] 0800 888 285 [f] 09 887 0273
> PO Box 39573, Howick 2045 
> 
> DataCentre Hosting | Managed Software | My Hosted Exchange | GoVoIP | MailProtect
> 
> Send via my wireless Blackberry on MyHostedExchange.com.au
> 
> -----Original Message-----
> From: Tom Wright <tom.c.wright at gmail.com>
> Sender: "ausnog-bounces at lists.ausnog.net" <ausnog-bounces at lists.ausnog.net>
> Date: Sat, 16 Jul 2011 21:45:36 
> To: David Walker<davidianwalker at gmail.com>
> Cc: ausnog at ausnog.net<ausnog at ausnog.net>
> Subject: Re: [AusNOG] Hoax calls ?
> 
> Have seen exactly this, too.
> 
> They're aware they're dodgy, too, because they're quick to terminate the call once they know you're onto them.
> 
> 
> -- Tom
> 
> 
> 
> On 16/07/2011, at 8:33 PM, David Walker <davidianwalker at gmail.com> wrote:
> 
> > Howdy.
> > 
> > On 16/07/2011, Keith Anderson <KeithA at apcs.com.au> wrote:
> >> Hi All
> >> 
> >> My customers are getting calls from virtualitsupport
> >> 
> >> they seem to remotely connect to your PC so they can get all your personal
> >> records.
> >> 
> >> The web site used was www.support.me / it just redirects.
> >> 
> >> The return phone number supplied is 08 72000407
> >> 
> >> Anybody know who they are ?
> > 
> > You don't get out much do you ...
> > That's probably not true, you have a day gig right?
> > My experience is that's when they call ... I've had three or four as
> > of now and probably only one in the evening.
> > 
> > Still, this is not new ... and it's also very common.
> > 
> > Gummint:
> > http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm
> > http://www.commerce.wa.gov.au/ConsumerProtection/scamnet/Scams/SupportonClick.com.html
> > 
> > Notice the dates ... 2009
> > 
> > Microsoft:
> > http://www.microsoft.com/australia/presspass/post/Microsoft-issues-warning-on-phone-scam
> > 
> > Notice the date on that ... 2010
> > 
> > I had one of these calls a few weeks back and wondered ... when will
> > MS get on the telly and make a statement.
> > Coincidentally there's a story next day on A Current Affair with a MS
> > spokesperson suggesting users hang up and so forth ...
> > 
> > I phoned Microsoft (Philippines) the other day and they have a
> > synopsis of that warning during the on hold muzak.
> > 
> > Media:
> > http://www.computerworld.com.au/article/314295/windows_event_viewer_phishing_scam_remains_active/
> > http://www.smh.com.au/technology/technology-news/thousands-fleeced-in-microsoft-scam-but-police-powerless-to-act-20101209-18qgq.html
> > http://aca.ninemsn.com.au/investigations/8250275/call-centre-scammers
> > 
> > Here's the usual script:
> > 
> > Hello, I'm ... deliberately muffled/indecipherable ... Microsoft ...
> > ... we notice some problems with your machine that are from a virus ...
> > ... or some other awkward phrasing ...
> > 
> > Open up the "Run..." dialog and type eventvwr ...
> > ... which of course opens the logs replete with standard/common
> > Windows warnings and errors.
> > 
> > See that, this is very dangerous ...
> > Please do this to allow us to help you ...
> > 
> > What follows is predictably a remote session (everything goes) plus an
> > offer to "fix" issues for some certain fee ... for good or bad, credit
> > card details follow ...
> > 
> > http://nakedsecurity.sophos.com/2011/06/16/study-reveals-scale-of-fake-tech-support-call-scams/?amp&amp
> > 
> > I believe there's a thread or more at WP for this and many others
> > scattered over the globe.
> > They like to hang up on me ...
> > ... there's usually palpable anger when they ask me "are you in front
> > of your computer now ... which version of Windows ... sir" and I reply
> > either with "please let me ask you, are you aware that there are other
> > operating systems on the planet" or "how can you receive a bug report
> > from one of my machines and not know which flavour of Windows it is".
> > 
> > I apparently got someone in training once - yes they are a real call
> > centre with employees and training ... she put me on to her supervisor
> > to whom I spoke for about 45 minutes ...
> > Let's say the level of computing knowledge "on the floor" is next to zero.
> > Reminded me very much of talking to Microsoft support ...
> > ... they've hung up on me as well when I won't follow some lame script ...
> > 
> > So even though I'm fully aware what Event Viewer is and what it does
> > and doesn't show and even though there's no way I'm going to type
> > commands on my desktop peecee from a fake Microsoft over the phone
> > unless I know exactly what they do .... the guys at Fake Microsoft are
> > more than happy to type things on their workstations on my say so ...
> > to illustrate a point on how to get messages to appear in the logs ...
> > even when they say "they have never done that before" or seen that ...
> > 
> > So nothing new here.
> > All basic stuff ... unfortunately like most things of this nature only
> > combated by education ... which isn't happening soon ...
> > 
> > It'll be the same as phishing ...
> > Joe Public willl be told ad nauseum to hang up ...
> > The day Microsoft or their ISP does call they'll have no other skills
> > up their sleeve ...
> > 
> > Best wishes.
> > 
> >> Keith Anderson
> >> Managing Director | APCS / WIP
> >> 89 Marcia Street, Coffs Harbour, NSW, 2441
> >> T: 1300 3000 56 | F: 1300-765-427
> >> E: keitha at apcs.com.au
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> Disclaimer: This email may be confidential and/or privileged. If you are not
> >> the intended recipient of this email, you must not disclose or use the
> >> information
> >> 
> >> contained in it. Please notify the sender and delete this document if you
> >> have received it in error. We do not guarantee this email is error or virus
> >> free. If this is a commercial electronic message under the Spam Act, you can
> >> unsubscribe by return email to the sender with "unsubscribe" in the subject
> >> line.
> >> 
> >> 
> >> P Please consider the environment before printing this email
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >_______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA -



More information about the AusNOG mailing list