Friday, 6 January 2012

How to deal with a phone call from "Microsoft".

CAUTION: Yen's blog contains harsh language and even harsher notions of propriety. Reader discretion is advised.

At one point last year,
I answered a telephone call on the land-line to someone claiming to be working for Microsoft. The gentleman told me (in alarmingly poor English), that Microsoft had tracked several "error messages" back to my computer, and that they could be indicative of malware, spyware and other related problems. If I could sit in front of my computer, he would guide me to a website which would be able to fix the issues.

Before we go any further, I'll summarise the contents of that link. This phone call wasn't from Microsoft. None of them are.

Now, it was the first one of these calls I'd had, although I found out later from friends that they were becoming more commonplace. Being a cynical bastard (at best), I saw through this ridiculous charade as most people would. Well, I say that, but I can't be entirely sure. It saddens me to know that some people are taken in by this, and they then visit a website and install "software" under instruction from a call centre worker, and basically sabotage their own computer, and in some cases even pay for the privilege.

But back to the phone call: One small, but strongly presented question later, and he hung up on me. The malware-salesman... hung up on me.

I've had three more calls since then, all with the same results. And it's not just one question you can ask. There are several others that'll vex them, and waste their time while you insist on an answer.

THE IMPORTANT FIRST RULE: DON'T give them any information they don't already have, and DON'T do anything on your computer that they ask you to. You don't need to be in front of your computer for the following questions to work. Remember, the only info they have of yours is your phone number, and the surname of the bill-payer, as will become apparent...

#1 - Sorry, what did you say your name was again? And your number hasn't come up on my phone; what number can I reach you on in the future?

Always ask for their full name. They'll make one up, of course, but it pisses them off that they haven't got a sheep on the line, and lets them know that this isn't going to be an easy call for them. Similarly with the phone number, they'll just make one up. Working from a call centre, they'll have an idea of how UK (or wherever you are) phone numbers work, but they won't give you a real one. I've done this one twice, and once the number was too long, and the other one was too short. This question is a delaying tactic, but it'll buy you some time to come back to this page, if you need to, or to dig out the piece of paper you've written the other questions on.

#2 - And what IP address did you log the errors coming from?

This is the big one. They'll try and palm over it, at which point you can ask the others; but if you execute this one properly, they'll hang up on you.
In short, your IP address is the number assigned to your current internet connection by your service provider. Some people's change often, some rarely, depending on that provider. You can read more about them here if you like, and you can tell (completely safely) what your IP address is by visiting here.
The important thing is, that any "errors" etc which would be logged would include this information. That's how they'd be logged. So surely, this "Microsoft Certified" company (or actual Microsoft, depending on their level of bullshit) would have this as the basis of their report? Well, these clowns haven't.
They won't be able to tell you either which IP the errors were logged from, or your current IP. If they make an address up (none have with me, so far), just deny that it's your IP address. You don't have to know what yours currently is, because neither do they. If you DO know your current IP do not give it to anyone over the phone. There's no reason to give these people any ammunition which could be used against you.

#3 - Can you tell me which operating system was generating the errors?

This is another one where 1) they won't be able to answer you truthfully, and 2) you can throw them a curveball if they try to make it up. All the information discerable from your IP address is here. There's not a great deal, but your operating system's on that list. As with the IP address, any "errors" which would have been logged would have captured that information.
The goons in the call centre (or rather, their employers) are taking a chance that you're using Windows, hence claiming to be from Microsoft. There's a strong chance you might be, of course, but they won't be able to tell you which version.
If they have the brass fucking neck to challenge you on this, tell them "well, I have several machines, each running different operating systems, I'd like to know which one the errors came from". Alternatively, if they make up a "oh, Windows 7" answer, you can tell them "Really? That's odd, because my machine's a Mac."
Again, if they fluster, press them for an answer. Don't let them move on until they admit they don't know.
It's also worth remembering that of all the info captured via your actual IP address, your phone number isn't in there. These folks are working from a phone-list.

#4 - Can you tell me what the error messages are regarding? Only my security-suite hasn't told me anything's amiss...

As above, they won't have this information. They won't be able to give you error codes or descriptions, because those answers are the kind of the thing that they can't just make up. They'll tell you that they "don't have that information", and that your current security software is malfunctioning.

#5 - Can you tell me what dates and times the errors were logged?

Wow, are they still on the phone to you after four questions? Well, if you're doing them in order, this should be the final straw. Ask them when the errors were logged and you'll get "I'm sorry, I don't have that information". Again. Then you can then really get stuck in with a:
"So, you're calling to tell me that my computer has caused errors to be logged with Microsoft (and/or a representative company), one of the world's leading IT manufacturers, and yet you can't tell me which IP address they came from, which operating system I'm running, or when the errors occurred? Are you actually being serious?"

If they're still on the line at this point, after getting nowhere for 5-10 minutes, they'll get pissed off and hang up on you. They haven't been able to back up their credentials or reason for calling, and they know now that they've been rumbled. They've given you a false name and phone number, so there's no comeback on them. They'll go and bother someone else.

In the event of them still persisting, you can hang up on them now. You've made your point.

The main idea is to keep them on the phone for as long as possible because a) they're paying for the call, b) it's stopping this particular piece of shit from currently bothering someone else, who might not be as knowledgable as us, and c) it's fucking amusing to watch people fluster. Especially someone who's trying to get you to install malware on your own computer.

You don't have to know what you're talking about, you only have to sound like you do.
If you can master that, you're already one step ahead of them.

Do me a favour, though, and spread the word, yeah?

• ^^^ That's dry, British humour, and most likely sarcasm or facetiousness.

• This is a personal blog. The views and opinions expressed here represent my own thoughts (at the time of writing) and not those of the people, institutions or organisations that I may or may not be related with unless stated explicitly.

1 comment:

  1. I've had one of these. It's a bit unnerving at first, until you realise it's a scam. I ended up saying I'd call them back, then checked the number they gave on Google.

    Unsurprisingly there's a a website dedicated to exposing them as a scam. Wish I could remember what it was now.