A Call from Windows

9 minute read

I got a call from "Windows" the other day. My computer, you see, had reported errors to Windows, and they wanted to help me get rid of them.

First of all, let me point out a couple of essential problems with this scam. For one, "Windows" is not a legitimate company; Windows is a piece of software. Windows calling me to tell about a problem with my computer is like "Beetle" calling me to tell me about a problem with my Volkswagen. They didn't say that their call was about Windows (which would have been correct, to a point), they said that they were Windows. Secondly, should I have accepted that Windows was a legitimate company, why would Windows have known that my computer had errors? They addressed this by saying that my computer was "reporting" errors to them. But why? Even if Windows (or anyone else) had indeed set up a massive surveillance system to know how well my computer was working at any given time, why would they bother calling me to help me get rid of the errors? They would have no motivation to do so. I did not pay Windows to repair my computer or to protect it from viruses. If I'm like most people, I didn't even choose to buy a copy of Windows, much less enter into an agreement with Windows to maintain the well-being of my computer – my computer just came with it installed. It costs a lot of money to call people and help them fix their computers when they not only didn't do anything to deserve it but didn't even ask for help.

No, to anyone who pauses to think about it – even someone who is unfamiliar with computers, unfamiliar with this particular scam, and does not know that Windows is not a company – the premise simply makes no sense. Why would one of the world's largest software companies make an unsolicited telephone call to help you? No, of course this is fraud on a massive scale. Evidently there are a number of operations like this, but, no matter what, their goal is to cheat you out of your money.

So the call was handed off to me by another member of the household. (I'd stated previously that if we ever got one of these, I wanted to take it. This had been forgotten, but the call was passed on to me anyway because it was technical in nature.) The person, who had a strong Indian accent and told me he was "calling from Windows," explained that my computer was reporting many errors that were somehow related to a problem with viruses, then asked me if I could turn my computer on. He didn't explain that he was going to help me solve the issue, provide further confirmation of who they were, or anything else; he just asked, as if it was completely normal for strangers to call out of the blue and ask people to turn their computers on and start following instructions. Being an apparently agreeable person, I stepped over to the desk and pretended to punch the power button, complete with leaning-over-under-the-desk sounds, then quickly went over to my actual computer, googled the Windows 7 startup sound, and played it loudly. (The computer was booted into Linux at the time.)

The guy then proceeded to have me open the Windows Event Viewer and filter the display to show me all the errors. (Of course it's quite common to get some type of "error" logged in the event logs, which store practically everything that happens on the computer, even errors that aren't important enough to indicate to the user. One common "warning" indicates that Windows hasn't been able to synchronize the clock for one day, perhaps because the computer was switched off at the time.) I wasn't actually displaying the errors, though, because I wasn't even running Windows on the computer. In order to sound believable, I just played dumb and repeated the guy's instructions and said "okay" a lot. And, of course, I delayed things on purpose, since my goal was to waste some time.

After I said that I saw all the errors, he told me, "It's eating your computer, sir, day by day." He then immediately told me to "open Internet Explorer" and browse to a website; apparently I had been compliant enough that he didn't try to convince me further that there was something wrong. I chose to pretend I didn't suspect anything and follow the next set of instructions. He had me go to the website of a legitimate remote-access software product, then told me to click on a link that wasn't there. I told him it wasn't there (and it legitimately wasn't – I wasn't even making it up). We spent the next five minutes repeatedly spelling and retyping the URL, even though I said the page matched the descriptions he was giving. When that didn't work, he transferred me to another guy who had me try the same thing again, then transferred me again to someone who had me try a different piece of software.

The attempt to use this second piece of software gave rise to a farce where my computer displayed a thirteen-digit passcode and I was supposed to read it to him. (Before doing so, I unchecked the box that read "Grant Full Control" and put my finger near the power switch in case they connected and could actually do something on the computer.) I read it wrong, several times, then read it right. But it didn't end there: I had to read it loudly and clearly at least ten more times (correctly) before the guy heard it right. At this point I pulled up several terminal windows full-screen and typed "cat /dev/urandom" in each, causing the screens to fill with random scrolling characters, which I suspected would confuse whoever connected. He never actually managed to get the software to work, though, even after he finally read the passcode back to me correctly.

I was transferred again and told we would try "one more thing." "We" went to yet another website and tried yet another software package. This time it downloaded correctly, but it was a Windows executable and wouldn't have run on my machine. I said something like, "Uh, weird things are happening," then power cycled the machine and said, "Oh, my computer rebooted by itself." He sounded somewhat flustered, but bought it and sat waiting for my system to reboot.

Throughout all the people I was transferred to, I was asked several times how old my computer was. I responded "a couple of years," and was met with "okay"s and "huh"s every time. I don't know what the point was; if I had been thinking faster, I might have given several different responses to try to find out (assuming they wouldn't be recording the response).

I'm not sure what I was planning to do next, but I think I probably would have "caught on" and tried a bunch of objections to see how much it would take to get them off the phone, but unfortunately I didn't get a chance to do that, because the machine legitimately wouldn't boot: my punching of the power switch had, by some fluke of improbability, corrupted the hard disk to the point where it wouldn't start. After it became clear that retrying wasn't going to do the trick, I hung up on him, somewhat disappointed but still amazed that I had managed to keep them on the phone for 32 minutes while not even having a Windows computer in front of me. After about thirty seconds, they called back four times consecutively: I would let the phone ring for a moment, press "talk," then immediately press "end" and hang up the phone to terminate the call, and seconds later the phone would ring again. Finally I said, "Listen, I can't talk right now, okay?" and hung up again as I heard someone saying, "Hello?" (Evidently the computer was dialing and then trying to connect me.) They haven't called back since; I don't know if they figured out I wasn't going to talk to them anymore or just decided there was a problem with the phone.

The hard drive was fine; I just had to boot off a diagnostic CD and run a disk check. I don't know what they would have done if they'd managed to connect, but I suspect they would have tried to install some malware or some sort of backdoor, or perhaps purposefully broken the computer so that I would have had to pay them to fix it.

This was a big operation. You could hear the call center noise in the background, and there were managers they went and talked to when something didn't work correctly. The fact that such a relatively illogical scam can work is attributable to only one thing: people are scared about having their computers not work, and they're scared of "viruses," even though viruses as such are practically extinct in modern times. While the premise of the scam is ridiculous if you pause to consider, or at least odd enough to make you wonder what's going on, the idea that your computer is going to stop working if you don't let "Windows" (or "your IT department" or whatever) work with you is scary enough that enough people evidently play along and pay these guys enough money to make it a profitable scam.

So, if you get a call from "Windows," or an unsolicited call from anyone who claims they want to help you, think twice about what's going on. If it sounds legitimate, hang up, look up the number on the actual company or organization's website, and call them back and ask (while you're on the Internet, you could also google it and see if it's a known scam). Callbacks aren't foolproof (really determined people can forward the legitimate phone line to theirs, for instance, or the number can be changed on the reference page where it's listed), but if the scammers are just pulling a dragnet looking for the most gullible people, they're not going to bother. Caller ID, while useful, is not a shortcut for this: it's ridiculously easy to spoof caller ID, and nobody doing something illegal like this will display their actual phone number.

And if you get a chance, turn around and mess with them a little bit. It probably won't do anything significant, but it's much more fun that way! If you get a good story, share it with me in the comments.

Ars Technica also had an article about this or a similar scam some time ago.