Those ‘PC virus’ phone call scams: the unanswered questions

The response to our stories about people being scammed by cold calls from Indian call centres has been remarkable. (A quick reminder: people get cold-called and told there’s a problem with your computer and talked into handing over remote access, and then £185 or so for remote support. It’s not worth taking up the offer, and the police took action against a number of sites used for this scam in April.)

It’s worth noting that there have been complaints for ages about this business; one of the biggest locations where comments have gathered is at Digital Toast, where a blogpost warning of these scams, first written in January 2009, has drawn (at the time of writing) 785 comments – the most recent from three days ago. (And they aren’t spam, unless you count the attempts by people linked to the scammers to insist that they got a great service).

Among the links there are some to recordings of the scammers at work, which range from the dire to the sweary.

What’s also notable is the huge number of site names that are being used in association with this scam. Every time I think I’ve come close to some sort of roundup, I find that another one is being named in the comments.

That is certainly a key problem here: if you can view a site, you can grab its source and make a copy and set one up yourself. What’s really interesting, though, is the fact that the people who are doing this

– have never, in any of the many, many examples that I’ve seen, installed malware on anyone’s machine; so they’re not malicious

– seem to be quite well-trained in dealing with Windows systems (though they get flummoxed at any mention of Linux or Apple Macintosh machines).

Both these details are interesting: possibly the first one means that they have the chance of arguing that because they haven’t done anything criminal (though I don’t know whether India has an equivalent of the UK’s Computer Misuse Act) there hasn’t been any crime. Unfortunately, the fact that the calls always begin with people being told there are problems with your machine when there aren’t means that this still falls under obtaining money through deception, which is section 2.1 of the Fraud Act.

The second detail is just as interesting: it implies that there’s a big pool of people with Microsoft training who haven’t got anything better to do than work in call centres where they have to cold-call (almost certainly on commission – if you were running a business like that, that’s how you would do it, isn’t it?).

There’s a very interesting comment by @LosBravos on the earlier story, which is worth repeating here:

These aren’t always cold calls. My mother called her telephone/internet provider about an intermittent problem with her phone line – it was an Indian call centre. 15 minutes later she received one of these calls – obviously her information had been passed on by an insider – claiming to be a follow-up as they had spotted a problem with her broadband. She was thoroughly bamboozled by the caller (she’s in her mid -70s), but had enough presence of mind to put the phone down when he started demanding money. Fortunately, this was before the dodgy software had been downloaded.

Of course, her phone provider denied that this was possible…

That is indeed one of the key threads that we haven’t been able to unravel yet: how do they get the names? Are they (as some people on the Digital Toast comments suggest) getting them from sales of new computers or broadband signups? From the phone book? Or something else? Are these people somehow going ‘freelance’, or is there a business going on which passes on the likely contacts?

As always, we welcome all your insights and information on this – especially if you’ve experienced this, or know someone who has and who has paid money: what company did the payment go to?

And meanwhile a big hand to Digital Toast for keeping the fire lit under this topic for so long.