I occasionally get calls out of the blue from a 'Refund Department' of a major computer company (I won't give the name, but anyone can guess). Today I decided to actually let them talk me through their little fraud just to see what they would do. I want to emphasize: THIS SHOULD NOT BE DONE UNLESS YOU KNOW WHAT YOU ARE DOING.
As a preparation, I set up a virtual machine with the OS suggested by the 'Refund Department' before my call. The person who answered asked me my name (I gave a false one) and proceeded to claim that there was $499 of refund owed to me from this company. Oh Boy! almost $500 free dollars! jackpot!
So, what did I have to do to claim this wonderful refund? Well, the first thing they wanted to do was to have me download a remote desktop application. Now, these programs *do* have legitimate uses (for example, to remotely log into a work computer) but I can assure you that a refund department will never want you to download one.
So, I faked ignorance and incompetence, having the virtual computer reboot a couple of time, pausing the VM, and generally hitting wrong buttons and closing downloading stuff to drag out the overall process.
After about 30 minutes of this I *finally* got a remote desktop installed and gave over control to the person on the other side. They wanted me to go to my bank's website (oh, no, I don't do online banking!--so I said). After the other side clearly got frustrated with me, he proceeded to change the password on the machine, eventually claiming that he locked up the computer (he *would* have, but it is a virtual machine and I saved a snapshot) and called me some rather foul names for wasting his time.
All in all, about 45 minutes on the phone.
What is bothersome is that there were clearly other calls going on in the background, probably by actual suckers for this fraud. Of course, once they obtain your banking information, they will empty your account. Of course, they never got that from me.
The only reason I engaged with these guys (and I do NOT recommend doing so) is that I was bored and know how to set up a system that could (and did) fool them.
But I want to warm people who don't already know:
DO NOT GIVE OUT BANKING INFORMATION TO ANYONE CALLING YOU COLD.
ALSO, DO NOT GIVE PERMISSION TO CONTROL YOUR COMPUTER TO ANYONE YOU DON'T TRUST.
This has been a public service announcement.
As a preparation, I set up a virtual machine with the OS suggested by the 'Refund Department' before my call. The person who answered asked me my name (I gave a false one) and proceeded to claim that there was $499 of refund owed to me from this company. Oh Boy! almost $500 free dollars! jackpot!
So, what did I have to do to claim this wonderful refund? Well, the first thing they wanted to do was to have me download a remote desktop application. Now, these programs *do* have legitimate uses (for example, to remotely log into a work computer) but I can assure you that a refund department will never want you to download one.
So, I faked ignorance and incompetence, having the virtual computer reboot a couple of time, pausing the VM, and generally hitting wrong buttons and closing downloading stuff to drag out the overall process.
After about 30 minutes of this I *finally* got a remote desktop installed and gave over control to the person on the other side. They wanted me to go to my bank's website (oh, no, I don't do online banking!--so I said). After the other side clearly got frustrated with me, he proceeded to change the password on the machine, eventually claiming that he locked up the computer (he *would* have, but it is a virtual machine and I saved a snapshot) and called me some rather foul names for wasting his time.
All in all, about 45 minutes on the phone.
What is bothersome is that there were clearly other calls going on in the background, probably by actual suckers for this fraud. Of course, once they obtain your banking information, they will empty your account. Of course, they never got that from me.
The only reason I engaged with these guys (and I do NOT recommend doing so) is that I was bored and know how to set up a system that could (and did) fool them.
But I want to warm people who don't already know:
DO NOT GIVE OUT BANKING INFORMATION TO ANYONE CALLING YOU COLD.
ALSO, DO NOT GIVE PERMISSION TO CONTROL YOUR COMPUTER TO ANYONE YOU DON'T TRUST.
This has been a public service announcement.