How to hack a "computer problem call" scam?

You know the typical phone call with an strange country code, and as you pick up the phone a person claims that your computer has been hacked and offers help, and so on...

So, I just got one of these calls on the way to work and asked them to please call me back in the evening when I'm home. I think it'll be fun to mock the scammer a little.

Of course I'm not providing any access to my home computer. So instead I'm planning use a linux host to start a VM with a windows guest, then stablish contact with the scammer from this VM.

As a minimum, I thought it would be fun to waste this guys time with a pointless connection to an fresh installed VM with no personal information on it.

As for security, I think these scammer are really only prepared for the uninformed windows users providing direct access to their machine, but just to make sure, any information if they could gain access to the host machine from within the VM guest? Would it add an extra security layer to start a VM from inside another VM? In this case, would be better Linux Host->Linux guest->Win guest, or Linux Host->Windows Guest->Windows Guest.

And also, any idea on how to gain access to his computer and try to get hold of his identity during the call? I'm not sure what kind of systems they use and how to explore them. Possibly get his IP address and report to his ISP or VPN?

I personally would not. Never allow them access to your computer regardless.

The experts say to just hangup but I like to verbally abuse the caller. One time I told the caller he was full of crap and hung up. He actually called me back to scold me. I have not had a live windows scam call in quite awhile.

There was someone on this forum (unfortunately I can't remember his name) who used to keep these people hanging on the phone for hours while he pretended to be trying to follow their instructions. He would keep complaining to them that he couldn't find the buttons they wanted him to click on. Finally he would say, "Do you think it's because I'm using Linux?"

Amusement is where you find it, I guess.

There's better use of my time not gabbing with sales people, scammers, and/or fanatics.

I agree that it's best to avoid any situation where you're potentially allowing someone to get exactly what they're trying to get.

There are some guys on Twitch that stream their calls with these guys. Not sure if they post any of the precautions they take, but that would be a good place to look for info.

There are videos out there on YouTube about hackers hacking scammers - some are funny. The implication is that you have a clean "sandboxed" environment you would have to give them access to that you can use to determine their IP and try to abuse their system with it.

I personally would not do this because of the risk. Not to say the far end are skilled hackers but never underestimate an adversary. Having said this, I used to hack phishers back in the day when it first started. Would trace the exploit back to the hosting site, tell the site owner and report the phisher.

Quote:

Originally Posted by haphaeu As for security, I think these scammer are really only prepared for the uninformed windows users providing direct access to their machine, but just to make sure, any information if they could gain access to the host machine from within the VM guest? Would it add an extra security layer to start a VM from inside another VM? In this case, would be better Linux Host->Linux guest->Win guest, or Linux Host->Windows Guest->Windows Guest.

If you can't already answer those questions yourself, you're not ready to be taking the risks of giving someone access to your network.

As pointed out, there are ways to waste their time - and yours - without taking such risks.

Quote:

And also, any idea on how to gain access to his computer and try to get hold of his identity during the call?

I'm fairly sure discussing this would be a violation of the LQ Rules.

Again, as others say, there are plenty of people on Twitch/YouTube/etc that regularly do this sort of thing - perhaps you would be better reaching out to them instead.

Quote:

Originally Posted by sevendogsbsd Having said this, I used to hack phishers back in the day when it first started. Would trace the exploit back to the hosting site, tell the site owner and report the phisher.

Most financial institutions have a special email address for reporting phishing scams. I track those down from their websites and keep them in my address book. When I get a phishing email, I make all the headers visible, copy them in above the text, and forward it to the organisation concerned. Sadly, most of them never say thank you.

https://arstechnica.com/information-...rly-two-hours/

Quote:

Originally Posted by haphaeu You know the typical phone call with an strange country code, and as you pick up the phone a person claims that your computer has been hacked and offers help, and so on... So, I just got one of these calls on the way to work and asked them to please call me back in the evening when I'm home. I think it'll be fun to mock the scammer a little.

My in-laws got one of these and they were "this close" to forking over a credit card number. I shudder to think what would have happened if the missus hadn't been there to visit when the call came in---she shut it down before anything awful happened.

I got one of these and I strung the caller along for a while until he said on that he was "on my Windows" and could see that it had been hacked. At that point I said "Oh, you are are you" and called him an idiot and a liar after telling him that I don't even run Windows. (If memory serves, by then, even my work laptop running Win7 had been replaced with a RedHat laptop.) I haven't gotten another of those calls since. Maybe because I immediately put the number in my mobile phone call blocker or maybe I've just been fortunate.