I think most people and everyone who reads my blog is familiar with the phone support scams that are common nowadays. There’s the “we are Microsoft support and have found a problem with your PC”, the “we are from your ISP and want to warn you that your Internet access will be cut off”, and the “here’s the bill for something expensive and we need you to confirm whether you want to pay”.
Most people hang up when scammers call them and don’t call them back. But I like to talk to them. I review the quality of their criminal enterprise and tell them that I expect better quality criminals to call me. I ask them if they are proud to be criminals and if their parents would be proud of them. I ask them if they are paid well to be a criminal. Usually they just hang up and on one occasion the criminal told me to “get lost” before hanging up.
Today I got a spam message telling me to phone +61-2-8006-7237 about an invoice for Norton “Software Enhancer” and “Firewall Defender” if I wanted to dispute it. It was interesting that they had an invoice number in the email which they asked me for when I called, at the time I didn’t think to make up an invoice number with the same format to determine if they were actually looking it up, in retrospect I should have used a random 9 digit number to determine if they had a database for this.
On the first call they just hung up on me. The second call they told me “you won’t save anyone” before hanging up. The third call I got on to a friendly and talkative guy who told me that he was making good money being a criminal. I asked if he was in India or Australia (both guys had accents from the Indian subcontinent), he said he was in Pakistan. He said that he made good money by Pakistani standards as $1 Australian is over 100 Pakistani Rupees. He asked me if I’d like to work for him, I said that I make good money doing legal things, he said that if I have so much money I could send him some. ;) He also offered to take me on a tour of Islamabad if I visited, this could have been a genuine offer to have a friendly meeting with someone from the opposite site of computer security or an attempt at kidnap for ransom. He didn’t address my question about whether the local authorities would be interested in his work, presumably he thinks that a combination of local authorities not caring much and the difficulty of tracking international crime makes him safe.
It was an interesting conversation, I encourage everyone to chat to such criminals. They are right that you won’t save anyone. But you can have some fun and occasionally learn some interesting things.
Don’t do this. There are precedents where criminals used parts of the recorded conversations to get past the victim’s bank’s interactive voice responder which uses speech recognition and voice-based authentication, without any humans involved.
It’s probably a good idea for people to avoid messing with criminals unless they know what they are doing. But I never phone my bank and I’m pretty sure they don’t have any record of my voice. I don’t think that phrases like “you aren’t a very good criminal” would be expected by the bank IVR.
Hello, Russel. I got your post from Planet Debian’s news subscription. Your words ” I review the quality of their criminal enterprise and tell them that I expect better quality criminals to call me” made my day in this difficult time I am experiencing right now. Thanks, this article is very amusing to me. Thank you for everything you did on Debian and The Linux Kernel.
Sincerely,
Ade Malsasa Akbar
Ade: Thanks for your nice comment. I’m glad you appreciate my work, although I hardly ever do kernel stuff and most kernel stuff I’ve done hasn’t been accepted upstream. The most significant kernel stuff I did was maintaining Debian kernel patch packages for SE Linux and some other security systems before they were accepted upstream so Debian users could more easily make their own patched kernels.