Having done my time in the tech support trenches, I do one hell of an "end user" impersonation. I held one of these guys on the line for 1 hour 20 minutes one evening, then told him my phone was dying and that I'd need to call him back. I called back two days later and tied him up for another 20 minutes before he finally cracked and hung up on me.
Yes, it was a terrific waste of time, but boy did it feel good. I consider it volunteering. All the time I spent on the phone with the scammer was time they couldn't spend targeting vulnerable individuals.
Better than I did. I got a call from "Visa" about a decade ago telling me that hackers could break "the codes" used to protect my credit card. I played dumb and gave him a card number (first 16 digits of pi) and we ended the call. I just a bunch of callbacks that I refused to answer several minutes later.
I was still on dial-up and I don't think any of my credit cards offered virtual numbers at that point, but I should have set up a card with a $0.00 or $0.01 limit and given that to him, and then sicced fraud services on 'em.
I wonder if they have phone metrics as well - "What do you mean you spent 80+ minutes on the phone with him and didn't get the credit card number? Don't you know where this will put you in the stack ranking?!?"
Given that it's a criminal enterprise, with a direct financial link between a person's performance and the money they make, I'd guess that 1) their metrics are really easy, e.g. did you make at least $X today? and 2) the consequences for not measuring up are substantially worse than a poor annual review.
I did the same for an hour or so. What made it fun was while he was doing everything he could to get me to run their .exe file, he didn't clue in that I was running a Mac (and, of course, I didn't tell him: I just expressed polite confusion why his instructions weren't working).
Haha. Got a call like this at work one day and did the same thing for a few minutes ("Hmmm, 'Start Menu'? I'm having trouble finding it..."). Before it was all over, all my coworkers in the area had turned their chairs and were just watching and listening. A collective "WTF?" was let out when I got off the phone.
I get these calls at least once a month and sometimes as frequently as once a week (I'm in Perth Australia and they call from India). I always tell them I need to change phones to be next to my PC then I place my phone next to my speakers which are normally blasting out music and just leave it there. They are never on the end when I pick it up again but they do keep calling.
Yep. I really had the guy going. I spent a lot of time with him, at first feigning suspicion about who they were, then finally muddling around with the computer coming up with every possible way to make things difficult, but always remaining polite and thanking him repeatedly for "getting me out of a bind" and other silly sounding colloquialisms. I started pressing the info button on my phone so it would beep, and he gave me a number with a 918 area code. I looked it up and it's an Oklahoma number. That doesn't mean much though. The numbers could be issued by a SIP provider that terminates pretty much anywhere in the world.
While it's fun to do this, sometimes I think of the flipside. This scammer is probably trying to make a living and support his family. The company's owner though, is probably not in the need to do these unethical things. He/she should be screwed over.
I'm not advocating for his actions, just offering another point of view. Is it always correct to assume that the guy who xut you off in traffic is just an asshole, or does he really really need to be somewhere right now (eg. a hospital)?
What else would you suggest? Sure, the guy making the call is probably desperate, but by wasting his time, you are keeping him from calling gullible people. Even if the guy making the call never costs the owner because the caller gets paid on numbers gleaned, it still ties up the owner's phone lines and costs him rent.
No, bu why actively screw with the file and rank employee? Assuming he just gets a salary, cool, waste all his time (which costs the scamming company). But if he works on commission then why bother?
I would put my efforts in bringing down the company itself. (In fact I am actively fighting a company that tried to scam me. But their low-level employees? I prefer to give them the benefit of the doubt).
That's entirely fair (and I think you're right, if your goal is to mitigate their harm as much as possible), but you were previously arguing that it was actually bad to screw with these people, not just a sub-optimal use of time.
Got the call from these guys a few weeks ago - actually about 20 calls. I finally picked up and kept the guy on for about 10 minutes asking him progressively dumber questions. Finally, I told him I was running OSX, which led him to call his manager. The manager had a really hard time understanding that I wasn't running Windows. It did not sit with his worldview at all.
This now makes me hope I get called. If so, I'm going to say that I'm from Internet Explorer support and that THEY have viruses and they need to download a program so I can remove the virus from their computer.
I told the guy who called me "If you are going to keep doing this, the world would be a better place if you get run over by a bus. How does that make you feel?"
What is most bizarre to me is that someone could actually do this and do it more than once.
Why wouldn't people feel bad about scamming someone like this? You have to talk to someone, get them on your side, and then scam them?
I could maybe imagine myself in an alternate universe doing something like this, perhaps enjoying a sort of "heist" feeling like when you're playing poker and no one's aware that you're totally prepared to take the table. But if I succeeded (at the scamming call) I'm sure I would feel devastated that I just did that to someone.
Maybe I'm just supremely naive, but it seems hard for me to imagine anyone I've ever met in my life scamming someone like this. It seems so completely incredible that it could ever happen on such a large scale.
--------------
Is there something in a culture (besides wealth discrepancy per se) that makes this sort of thing more OK?
A point I'd make is that we don't know how their internal processes are set up. There's definitely a bad actor somewhere, but it probably isn't the people you talk to.
Pretty much everyone universally reports that these aren't skilled workers. They're given a script, and they read it out. Their job is to deal with branches effectively and direct the conversation back on the script. They've been told that the person they're talking to has a virus--as reported by the company's skilled team of real elite computer gurus who claim to have fancy degrees from IIT or something--and they're apprentices who have the ability to help out those poor souls who probably have actually been downloading viruses of one sort or another.
There's no reason for them not to believe that the procedure that they've been given is something that will help their marks. The list of phone numbers? They definitely don't generate that themselves. I can imagine a workflow that insulates them from anything that reveals that they're pawns in a scam. Combine that with the fact that the job is probably relatively decently paying and "white collar" and the natural human aversion to thinking that you're doing a bad thing, and we've got an explanation.
Modern companies rely on abstraction as much as they can. If you build a service oriented architecture for your company, you decouple the explicitly evil part of what you do that requires a uniquely sociopathic personality from the more banal customer service oriented part that can be fulfilled by commodity labor.
While the GP's comment might be a little... racist? isn't your own experience prejudiced as well? I certainly wouldn't characterize the entirety of the US by the people I work with in the Valley.
I really don't think I am being racist, it's no secret that the west is more affluent than many of these countries and not a stretch to imagine that being used as a reason to justify this sort of behaviour.
I played the who dumb user thing for a while with one scammer until I got bored.
Then I went for the guilt trip: "how do you feel trying to destroy people who don't know how to protect themselves", etc etc.
The guy did the whole "I don't know what you mean blah blah blah" for a while, and then said he'd get his boss.
I heard him talking to the boss for around 30 seconds, and then the phone hung up.
I came out of it convinced (in this case at least) that the person on the phone really had no idea they were running a scam - they were just given a list of numbers to call and a script to run.
Sadly, you can create a structure to rationalize any behavior that is destructive to other human beings as "good".
Operating/creating a machine that causes death is quite often reframed as "defend" or "save lives" in certain situations that stretches this definition. This happens is a "large scale" everywhere.
I think implying that it is something inherent to the place (or the culture) where the scam is taking place is utterly wrong. The reason in this case for the scam to come from India is not cultural - it is simply a case of economics.
Your poker analogy is also not really the same thing either. In the scammers case he's already made the decision that him having your money is better than you, but also you haven't actually made a choice to part with your money at the front of the 'game'. In your poker analogy everyone who sits at that table understands the risk of being there.
Well there's an awful lot of "demand" that's manufactured in commerce. I suspect, but have no idea, that the pitch goes something like "Nearly every window machine has performance issues that we can improve. Our methods for getting people to help us clean up their registries etc are a little unorthodox but in the end our customers have faster machines and are happy with the service" or some variation. And you're not asking too many questions if you get the chance to make 2x your other job options and talk to Westerners all day.
Why wouldn't people feel bad about scamming someone like this?
I envy your innocence.
Let my try to explain this with evolutionary algorithms. People have been running simulations of social life for many years. That's how we know that social contract "cheaters" naturally evolve. The same type of simulations have shown how "punishers" also evolve. And how complex group dynamics become long terms stable with all of these roles and then some.
Is there something in a culture (besides wealth discrepancy per se) that makes this sort of thing more OK?
I doubt all of them are sociopaths. Most of them probably are just good at rationalizing to themselves why it is not wrong. Maybe the victims deserve it, maybe they need the money and will just scam one or two more before they quit, etc.
If I get them I generally just put the phone down immediately, or I'll wind them up asking stupid questions about their qualifications. However, my nana has had a few recently who've been super aggressive about it, I told her not to do anything they say and to call me if she's unsure, but apparently saying 'no' and putting the phone down gets you repeat calls if you sound like like a good mark.
Edit: I'll point out, this happens in legitimate call centres as well. I worked for a fairly well known a credit card company and left not long after I heard a top seller say "Focus on old people, scare them enough and they'll always buy".
I've had these calls too, now and again but never had the patience to keep them on the line.
So , they want to install some kind of remote admin software on your PC? I'm going to assume it is something based on VNC or RDP.
In that case if you really wanted to troll them it might be fun to figure out which protocol it was using and implement a custom server that you can run when they call you.
> I'm going to assume it is something based on VNC or RDP.
It's not at all. Very few end user support tools are VNC or RDP based. Most of them use services like LogMeIn or GoToAssist. I've received a few of these calls where I strung them along and they were all using one of the two listed above (most used LogMeIn). I did encounter one that was using an off-brand tool, but it was commercial and not VNC or RDP based.
Even if they were using something like VNC, you couldn't run a custom server to troll them, because the connection is initiated in the inverse of what you're used to when controlling a remote computer. They don't connect to your machine, you run an executable, which initiates a connection from your computer to their server.
You could still build an application to troll them, it would just involve reverse engineering the custom protocol and having your program connect out to the proxy.
I guess you would have to be a much more determined troll though with plenty of time on your hands.
If they are using a legit service like logmein I'm surprised they aren't taking more action on this.
>You could still build an application to troll them, it would just involve reverse engineering the custom protocol and having your program connect out to the proxy.
And do what? Say you reverse engineer the protocol. Then what? What proxy? Who said anything about a proxy?
>If they are using a legit service like logmein I'm surprised they aren't taking more action on this.
If they're using LogMeIn, good luck reverse engineering. LogMeIn's security is really fantastic. The protocol is encrypted with strong algorithms and has a lot of spoof detection measures in place.
I'd love to hear an explanation of what you think you'd do with this theoretical troll server. I've messed with these guys a lot. They wan't control of your machine so they can install their software, then extort you for money. End of story. If they don't feel like they're moving in that direction, they hang up and move on. I drag them along using social engineering, then let them log in to a VM with nothing on it. I let them install their software, then I find a way to terminate the call and trash the VM.
There will be something in the middle proxying between the attacker and your computer, to get through NAT.
Regards reverse engineering, you would have to grab packet information from your memory before it hits SSL. Not sure how the spoof detection works. I'm sure these protocols have been reverse engineered before.
Regards what I'd do with it, really not sure. I've never had these guys on the line for long enough to know much about how their scam works.
In practice it would probably be easier to just construct a VM in such a way that it makes whatever they are trying to do difficult in some amusing way, depends on how much patience they have I guess.
A tainted VM would be a lot more fun and easier to execute.
One thing I've seen from using various TeamViewer and LMI apps is that poor quality connections can cause frustrating issues.
A few things like a mouse driver that sporadically moves the mouse exactly opposite of the way they are trying to move it ("Not sure why it does that, maybe because I bought this PC in Australia and everything is upside down there"). Icons and a desktop background that look like the artifacts you get from poor connections (wrong colors, smearing, etc.).
Random popups on the screen with things like "Fraudulent Windows Support Department detected. IP trace from FBI in progress!!".
Though thinking about it , I'm not sure it's wise to piss these people off too much since in order to contact you they must have your telephone number which will probably have a 1:1 relationship with your physical address.
I see. I was thinking you were headed more in the direction of reverse tunneling to screw with their systems. You never really stated any goal; e.g., to make the target machine difficult to control.
Simply making things difficult for them would be much easier to achieve on the client. Hell, probably the most fun thing to do would be to load the system up with malware so badly that the system was practically useless, then watch as they try to navigate around all the bullshit in order to install their scamware.
You needn't issue any special CC numbers. "Follow the money" is standard fraud investigation practice, and a defrauded consumer's CC will do just fine. Tracing the transactions back to the processor and merchant account is doable, but it's often a temporary solution. How do you stop them from simply opening another?
When someone establishes a merchant account, they often do so as a corporation. Corporation blacklisted? Start another one. The requirements for opening a merchant account are similar to a standard credit check. If you have no credit history, your terms will be worse, and the bank will probably hold funds for a longer period of time than if you had good credit, but ultimately, that's just a cost of doing business. If there's inbound cash flow to be had, the exercise of managing costs is standard business practice.
To stop them, you have to find the people behind the operation and put them in jail. Given that they're not US-based, that takes time. Most foreign governments have more pressing matters than taking down the scammer that is stealing money from non-constituents.
That's what MATCH (Member Alert to Control High-Risk Merchants) and TMF (Terminated Merchant File) are for.
When someone establishes a merchant account, they must provide the tax IDs (SSNs) of the principals of the business, not just the business itself. If the account is terminated for an egregious offense, like fraud, all those principals get added to MATCH and TMF, which all acquiring banks have access to when reviewing new applications.
In theory, it should be impossible to open multiple Visa/MasterCard merchant accounts for fraudulent purposes without having a new human being signing up each time, not just a new shell corporation.
It has been years since I worked in the industry, but once upon a time, I worked for some online pharmacy guys. Yeah, I know. Yeah, I'm ashamed to admit it, but I never spammed anyone, and we never did anything nefarious (technologically speaking).
Anyway, things might have changed theses days, but the guy who ran that business was always fighting to keep merchant accounts online. He kept the dev team out of the business side, but I overheard plenty of conversations involving fake identities and shell companies. I have little doubt that its harder than it used to be, but still, it remains a "cost of doing business" issue.
Just yesterday I ran into someone's computer hit with a variant on this scam[0], which was demanding you buy them a prepaid debit card to pay off the ransom. Seems nearly impossible to trace back to the extortionist if they're careful about spending them.
Had it happen to many people I know. They only were successful with one person I know - they replaced her OEM Windows XP license with a pirated/fake one...then stole the original perhaps? Can't imagine how useful an OEM XP license to a Acer POS netbook would be valuable.
If you get one of these calls, just screw with them - pretend you are following their instructions for as long as possible before saying "Ubuntu doesn't have that."
> pretend you are following their instructions for as long as possible
It's not just fun, it's a very responsible thing to do. Every minute they spend with you is a minute they don't spend screwing over someone else.
But don't end with "Ubuntu doesn't have that" or "I only have a Mac, sorry" or some other snarky comment. Just fake stupidity until they give up. They are constantly tuning their scams based on successful and unsuccesful cons, and if they realize you're screwing with them they'll just filter you out of that. Or worse, they'll realize that "calling from the windows" tipped you off and change it to "Microsoft Support Associate" or something.
If you instead come across as someone who believes the "calling from windows" bit, but for some reason aren't able to open the remote control software ("i try to download it but the screen moves?" or "when i click RUN, it says dotnet could not complete the operation?"), you will reinforce the stupid parts of the scam, and possibly have them waste time trying to research the technical difficulty you "experienced".
I guess they are trying to get money out of people and Mac users probably have more money (on a broad average).
I suppose they say they are calling from "Windows Support" but would it be a far stretch to also claim to represent someone from Apple? Or put someone else on the line under the premise of transferring you to Apple.
I screw with these guys almost every time they call, but I try my best not to let on that I'm screwing with them. I usually get off the phone by making an excuse like "my battery is dying" or I hang up mid-sentence so they think the call dropped. That way I don't get taken off their lists.
Anyway, I will occasionally tell them that I have a Macintosh computer, which results in one of a couple responses:
1) Often, the person calling has no idea what I'm talking about and continues to instruct me to click the Start Menu. Obviously the people making these calls aren't computer savvy; they're just reading from a script, trying to earn a living.
2) They hang up without saying anything. I mean, why waste the time, right?
The other day, I got a surprise though. The caller instructed me to open Finder, then click on Go in the menu bar and select Utilities. From there, he had me launch Console and explained that these were all system errors and started toward having me visit a LogMeIn Rescue support domain (can't remember which one).
I was totally unprepared. Normally I run them around the mill in the process of faux-launching Event Viewer on Windows, but on the Mac, I just rolled right through the instructions. I ended up just hanging up on the caller, but it's clear that at least some of them are targeting Mac users as well now.
> Mac users probably have more money (on a broad average).
I sadly suspect this is part of the reason. They have more money and chose a Mac because they are educated and can get a decent salary and mentally independent enough to make a conscious purchasing decision.
If you just obediently go with what the trustworthy computer salesman pushes at you, you end up with a Windows computer. And obedient trusting people are what the scammers want to target.
They have more money and chose a Mac because they are educated and can get a decent salary and mentally independent enough to make a conscious purchasing decision.
I'm going to have to disagree with that. I know plenty of people (with money, yes) that want to "get a Mac". There's no mentally independent purchasing decision, it's just what other people have, and they look cool.
As it happens, it's a good choice. But it could easily not be, and they'd still do it.
Perhaps even knowing enough to discern between a Mac and PC is enough to make them a poor mark.
Notice that they are saying "Windows support" not "Microsoft Support", not knowing that Windows is a product from Microsoft would suggest they are looking for people with a very low level of knowledge.
I'm guessing retired people who have a good pension coming in.
OTOH that must put an upper limit to the amount people are willing to spend to get their computers back from the scammers. If you only paid $300 for a PC from wallmart you won't pay more than that surely.
> Notice that they are saying "Windows support" not "Microsoft Support", not knowing that Windows is a product from Microsoft would suggest they are looking for people with a very low level of knowledge.
They do this to avoid being cornered. On one occasion, when screwing with one of the callers, I had a little rage fit accusing them of breaking all kinds of laws. The "manager" informed me that "We never claimed that we were calling from Microsoft, we're calling from Windows Tech Support, which is the name of our company." The agents are very careful not to say they're calling from Microsoft. I suspect that this is some attempt at circumventing exposure to local fraud laws wherever they are based. I'm not saying it will be effective, mind you; just that I suspect that's why.
It could also be that they're trying to filter out people who know "Windows support" sounds dodgy. This also fits with the fact that they still seem to all have Indian accents -- an immediate off-put to those who have heard about these scams. People who don't hang up when they hear the words "Windows support" coming from someone with an Indian accent would probably be very much more likely to fall for it.
I recently had an intelligent, highly educated, highly paid woman tell me that "Macs are immune to viruses".
Education and money don't necessarily translate to domain expertise in everything.
I don't have to tell you that Macs aren't immune to viruses, just that they're targeted less. Like malicious software, there simply aren't enough Macs out there for the scammers to give a shit about, yet.
You don't go trawling in your garden pond when you live next to the Atlantic Ocean.
> I recently had an intelligent, highly educated, highly paid woman tell me that "Macs are immune to viruses".
I don't doubt that, but you can't really refute a general argument with a single data point. It's not as if I said "all Mac users are more intelligent than all Windows users", which would be nonsense.
"Women in IT are generally paid less than men." cannot be refuted by "I know a lady who makes a ton of money in IT."
You make a completely unfounded generalization and then ask ME for citations?
You first bub.
Edit: and frankly, I don't see how you're refuting my point that being intelligent and educated doesn't necessarily make you a domain expert in fields you have little experience in.
Or are you the kind of guy who lectures the mechanic with 30 years experience on how to fix your car?
I got a call once. They told me that basic Windows Services were viruses. They were determined to get remote access to my machine to "fix" things. It ended with the "supervisor" getting upset that I was wasting his time and asking me if I knew how to f--- myself.
It seems they have gotten wise to this recently, I've heard a few stories about them being quite nasty if you do this. Anecdotally, this was on my Facebook feed yesterday (NSFW language): http://i.imgur.com/buv06.png
I wonder how these guys are organised. Is it just a bunch of people doing this from home who have heard about the scam from a friend and have tried to imitate it?
Or are there actually physical call centres with rows of desks of scammers doing this as a 9-5?
There has to be large scale call centres. The number of calls they're making is impressive. I got two of them from different people last night (I'm in Australia).
Although that might suggest independent scammers.
It would seem inefficient to cold call the same person again if the first was unsuccessful. Although it is possible they just take random numbers from a big list and don't update it until the end of the day.
If they are indeed operated from actual call centres I would be curious to know how agents are recruited. I wonder if people actually apply for call centre jobs and are told they will be working for "Windows support" in other words, maybe some of them don't even know that they are scamming people.
I have also had this happen to me and a friend. We have both calls recorded and the numbers logged, is there anywhere we are supposed to send these reports?
We get these in the UK all the time. Usually either try and hold them on the line as long as possible (if bored) or tell them to "fuck off" straight away.
Alas, the one I got a few weeks ago hung up on me when, after trying to get me to say what version of Windows I was running, I asked, "what's a, an 'operating system'?"
Obviously there's a fine line to tread between playing dumb enough to keep them on the hook and playing too dumb to be useful.
(Haven't had one of them call since, alas: refining your technique is hard if you don't get enough practice calls.)
I've had 8 of these calls in the last month (had two in one day a few weeks back).
For me, the most frustrating part of the experience is that regardless of what you say, they follow their script to the letter - they're like method-actors which never get out of character. Just once I wanted them to say "ok - you got me!" but alas - apparently not having a PC or Windows is not enough to sway them.
If they're so true to their scripts it should be easy enough for someone to listen to a call and formulate a response that can just be played down the phone, requires no time investment from the recipient of the call and because the scammer is so desperate for a sale they'll stick through even when it seems like the person on the other end isn't 100% legit.
I use the "I'll just go and get the PC owner ... he's at the bottom of the garden". Then put the phone on mute. My personal record is getting them to hang on for 5 minutes.
Not quite the same, but I was on the phone to BT (British ISP) a couple of years ago as my internet was down yet again, and they were telling me to reboot my router. I'd already does as much diagnosing myself as possible, and completely knew rebooting my router would do nothing, but of course they wouldn't budge. I was in a pretty bad mood at them, so I said I'd put them on hold to go do it, then I went and had a bath. Twenty-five minutes later they were still on the line, and I got back and said "OK it's rebooted, still not working" and the call went on...
Yes, I've had similar experiences with Virgin Media.
Internet goes off, so I reset router and modem and check all the cables are properly connected etc.
So I login to the router admin page and sure enough it tells me it's unable to establish a WAN connection, modem lights also indicate that it's not getting a connection either.
So I call technical support hoping that they will check and tell me if there is an issue with the service in my area.
They ask me to reset modem and router, so I say "yes, tried all that" they make me do it again anyway. Ok , well that doesn't work so I ask if there is any problem in my area.
Instead they want to dig around in my computer's network/firewall settings. So I tell them the problem is that my router can't get a connection out to the WAN. Lady on the other end doesn't really know what a WAN is but I've already told her that the modem light that should be on is off.
Still they insist on going through the troubleshooting steps on my PC and can't proceed until they've done that. The only computer in my house at the time is my Ubuntu box so they insist it must be that and I have to call them back from a Windows or Mac computer.
So I call back, pretending to have a Windows computer in front of me, pretend to go through all of their steps to no avail. About 45 minutes later she gives up and checks the service status. Sure enough, there is maintenance in my area which is why my internet doesn't work.
Us techies like to laugh about how the idiots in tech support always ask us to do stupid things like "Turn it off and on again".
But honestly, do you know the level of computer knowledge of 90% of callers to the tech support line of residental ISPs? Requests like "is it plugged in?" or "turn it off and on again" do help lots of people who don't know about these things.
What's worse is often people think they know about computers (and actually don't), and then ring up tech support. This is why "I know computers, I know it's not that" will never work with tech support. For every person who says that & knows computers, there's people who say it and think that (say) the IP address 192.168.1.2 must be on the 2nd port on their router (because the .2 means second port, see?).
Just accept that you have to go through the motions.
Better solution: tell them you're an ex OpenReach engineer - they let you right through to second line straight away. Repeat the story until you get what you want.
I get all the details out of the as possible and report them to the police. Reason being, just becasue I know there con artists I do know there are people who are completely IT ignorant and they would not fair as well.
Some of these spoof there CLID, and use VOIP dialouts alot as well, so you need to log time and duraction of the call as well as the CLID presented. Any other details you can obtain from them like pretenting you want to do a instant BACS transfer of money to them or need to call them back etc to get more details the better.
One of the things that frustrates me is that phone companies will carry calls purporting to be from numbers that don't terminate. Why would they ever think that was a good idea?
You get a scammer, they've sent their [spoofed] number, you ring it and get 'boo-boo-boop this number is not recognised'. The phone company knows the numbers that aren't taken because they use that list when you set up a new phone line.
Though it does just strike me that it's possible the number actual did terminate but the scammers pretend it didn't; but that seems a long shot.
Back when I was a BOFH, I would string these calls on all the time. Usually I could manage 30-40 minutes before the Indian would get tired of it and hang up. Occasionally I'd get one that would last for over an hour.
I've done this a few times at work - they are very convincing. This would definitely catch some of the MS Windows users I know.
One time the Asian guy on the other end (who couldn't pronounce what he said was his name) accused me of wasting his time and said that they were going to invoice me! That was probably the funniest.
After a couple of goes around it gets boring. Now I just go along for the first bit and then say I have to put the phone handset down to type and leave the phone on the side until it screeches at me that I've forgotten to put it 'on the hook'.
The most effective way to troll these types of scams is to let them convince you, but repeatedly tell them that your computer froze and needs to be restarted. If they feel certain you're willing to pay, they will wait for the 20 minutes it takes to "restart" your computer. The more you "restart" your computer, time they invest in you, and the less costly that 20 minutes will seem.
That said I don't think I'd have the patience to do it more than once. And I suppose there are better ways to help humanity than trolling scammers.
I'd suggest trying to get the email address and any other personal info. of the scammer. Tell them you have an office with 200 PC's and they're all infected. Tell them you want to buy their software for all of your PC's. Try to get bank wire/routing info or a mailing address to send payment. Then report to FTC, DHS, FBI, et al.
If you've not seen it... http://www.itslenny.com/ you can forward VOIP telemarkers to "lenny" - an automated bot who will happily chat with them for ... ever..
Ugh. A friend's mother fell for this exact thing. Spent a couple days "disinfecting" her computer. A few hours later, it finally dawned on her that she had been scammed (when someone asked her how the people could have known she had viruses), but she was too proud to talk about it/fight with the scammers.
Very smart though, targeting home phones, as they're just the right generation to fall for this type of scam.
Ah such tales are so entertaining. There was a brief period here in New Zealand when I'd receive a few of these kinds of calls. Folks in my Computer Science class considered it a badge of honor to receive a call and troll the scammer. It's been a while since I received any calls and I guess thats a good thing.
The pitches for these sites can be seen on day-time tv, and late night tv, sandwiched between infomercials. I heard these on radio too. ex: doublemyspeed.com , totallyfast.com
Yes, it was a terrific waste of time, but boy did it feel good. I consider it volunteering. All the time I spent on the phone with the scammer was time they couldn't spend targeting vulnerable individuals.