Scammy: A Public Service Reminder

The malware scam has a long and ignoble history. We’ve talked about them before, most notably in the context of confusing the scammers. Back then (2014), we were seeing the rise of the robo-scammer. Surprisingly, it seems that was a short-lived phenomenon.

For the record, I keep an eye on what scams are making the rounds both out of personal curiosity and as part of my day job. A rare occurrence, being paid to do something I’d do anyway (that doesn’t involve writing).

Anyway, in the absence of data, I speculate that people hate talking to a computer so much that not enough people pressed 1 to allow the auto-dialer to connect them to a human being. It seems logical, anyway: the reason these scams are so successful is that the caller has a well-written and well-practiced script to panic the recipient into forking over their money and opening up their computer. No one is going to trust a robotic voice that says “Your computer is under attack.”

Heck, most people are going to assume that the robotic voice is the one that’s doing the attacking.

So we’re back to more traditional methods of scamming. But there are still new wrinkles.

Remember those popups that claim you need to install a special codec to see the video you’ve clicked on? They’re still around, but they’ve been joined by a new come-on. With the long-awaited and well-publicized demise of Flash, now we’re seeing popups telling would-be viewers that they need to reinstall the Flash player that has been removed from their browser.

I would have thought people would stop to ask themselves why Flash was removed in the first place, but apparently there’s a sufficiency of people who aren’t that self-inquisitive. Sufficient enough to keep the scammers happy, anyway.

Of course email spam is still a potent venue for scammers. The “I’ve hacked your webcam and will send your family pictures of you masturbating” letters seem to be on the decline. And good riddance. The current popular approach is a subscription renewal. “Hey, this is [large corporate entity]. Your subscription to our service is about to expire. Your card will be charged [outrageously large fee] tomorrow.” This scam works well because the fee is so high. “Five hundred bucks for a magazine/website/streaming service?” If the victim is actually a subscriber, they call to correct what they figure must have been a typo; if they don’t have the service, they call to prevent the large charge. Of course, if they aren’t a subscriber, the scammer is set with a script to apologize for the incorrect message, pitch the service in glowing terms at a much more reasonable price, and get a credit card number that can then be wildly abused.

Oddly, while the scammers go to great lengths to make the emails look like they’re coming from the real company, incorporating stolen graphics and boilerplate legal text lifted from actual emails, they often don’t make the slightest effort to forge the “From” on the email. Though the evidence suggests that they don’t need to make the attempt. People seem to be quite willing to assume that “” is fully authorized to speak for Netflix, Fox News, or Xfinity. Or, more likely, nobody even looks at the sender’s address. Those big numbers apparently attached to their credit cards exert a magnetic attraction on the eyes.

The big winner from a scammer’s perspective, however, is still the phone call. Yes, Sam and Nancy and their ilk are still in business. Apparently, however, enough people have figured out that Microsoft and Apple aren’t monitoring their customers’ computers and phones that claiming to be “Sam from Apple” doesn’t work well enough.

Today, the caller is much more likely put a gloss of plausibility on their claim. “Hi, this is Jolene from Norton Security Services.” LifeLock is popular with the scammers, since so many people have subscriptions to LifeLock, either directly or through their association with Norton. Other name-brand security companies’ names are being abused as well: McAfee (many computers come with a trial version of McAfee antivirus installed, so people are used to seeing or hearing the name) and ADT–“Hey, I got my burglar alarm from them, I guess they’re protecting my Internet too”–are at the top of the list.

So let’s be careful out there. Remember, when someone says they’re watching out for you online, they’re telling the exact truth. They’re watching out for you and your wallet.

Support the Arts

The Baseball Bloggess, an occasional commenter here, has a love/hate relationship with telephone scammers Sam and Nancy. It’s not a conventional love/hate relationship. She loves them, and wants only the best for them.* They hate her. Take a moment and read those two posts. I’ll wait.

* Jackie, I know I’m oversimplifying your side of the relationship a bit. But it makes the story better. Work with me, OK?

Hopefully you all know the scam Jackie and I are talking about, but just in case you don’t, it goes something like this:

“Hi, this is [insert a safe, generic American name here] at Microsoft Internet Security. We’ve detected that your computer is leaking dangerous information on the Internet.”

If you let SafeGenericAmericanName continue the pitch, he’ll help you install remote control software so he can show you exactly what horrible, dangerous information is leaking and then fix the problem, all for a fee, naturally.

Of course, your computer isn’t leaking anything and the “repair” doesn’t actually do anything The whole point of the call is to get you to install that remote control software and anything else the scammer bundles with it.

Once you do that, you’ve given a criminal the ability to explore your computer, steal passwords, look for nude pictures to blackmail you with, encrypt your files and hold them for ransom, or anything else he feels like doing. And the best part is that you’ve paid him to take over your machine.

It’s a nice deal for Sam and Nancy–or rather, it’s a nice deal for their boss. Nancy and Sam are most likely working in a boiler room for a flat hourly rate. Maybe they get a small bonus for each successful call, but it’s their boss who gets the big payout when he raids your bank account, sells your personal information and access to your computer, and runs up your credit card bill.

Lately there’s been a new twist in the scam. A few days ago, I got a robocall: “Your computer is generating a large number of errors and warnings. Please press one to speak to a technician.”

That’s right. The scam master has decided that Sam and Nancy are too expensive.

My optimistic side hopes that the public is becoming smarter and more scam-aware, leading Nancy and Sam to make fewer sales. Once it gets done laughing hysterically, my cynical side points out that the more likely explanation is that Sam and Nancy were wasting too much time arguing with former customers–probably of a different scammer–who thought the problem had been fixed the previous time, and didn’t see why they should pay again.

Either way, the sad truth is that we’ve reached the point where it’s not economically sound to let humans scam humans and we have to outsource our fraud to robots. Poor Sam and Nancy. Not only are they unloved by anyone but Jackie, but now they’re broke and unemployed.

Maybe I’m too pessimistic. Maybe my roboscammer is an isolated, local fluke, or an experiment. Jackie, please let me know if roboscamming spreads to your side of the country. If it does, we may need to set up a support fund for Nancy and Sam. Do you suppose Patreon would be interested? Telephone scamming as an artform? I don’t see why it couldn’t be one.