Talk:Technical support scam/Archives/2015

Many sources appear to be poor and promotional
I think all the blogs and self-published references should be removed as sources. If any actually meet WP:RS, then that should be explained. Clearly this article is attracting security companies looking to promote themselves. --Ronz (talk) 18:31, 11 November 2014 (UTC)
 * I agree. There are quite a few sources which are not publications with fact-checking editors. There are quite a few citations, for instance, to the Malware Bytes website.  While I appreciate this software, the writers there do have a conflict of interest, so if the same information can be sourced elsewhere, it should be. &mdash;Anne Delong (talk) 15:47, 23 March 2015 (UTC)
 * I replaced the first one.&mdash;Anne Delong (talk) 15:57, 23 March 2015 (UTC)
 * I tend to disagree to some extent (though these sources have been removed and I won't reinstate them). A great many technical points appear on blogs that are eminently reasonable, either because they are fairly obvious to a reader reasonably well-versed in the topic, or because they crop up insistently, with many people saying similar things, and no contradiction. The problem is that there is a lot of useful information that doesn't get into "reputable" published sources, but is fairly clearly right. I think one source deleted from here quite a long time ago included an online session with a "technical support" crook, illustrating the details and tone; I think it added value to the article, and was far more useful than some self-serving "reliable" statements by malware companies and the like. As an example of excessive zeal on deblogging from another article (CryptoLocker, I think), a software company's statement that "XYZ Co. first investigated this malware on " was used to support "CryptoLocker was first observed on by XYX Co." (a claim even the company hadn't made!); a time-stamped blog entry from months before to the effect that "malware calling itself CryptoLocker was found today" was deemed unreliable, and the earlier date rejected. Date stamps in blog postings are, I think, reasonably reliable; in this case the date could be confirmed on the Wayback Machine archive. Obviously judgement is needed; but the no-blog guideline is a guideline, not a law (WP:IAR). Pol098 (talk) 14:10, 27 October 2015 (UTC)

"Tech support" victim's machine used for theft
This is something that happened to me (so wp:original research and not suitable for inclusion in the article). I report it to encourage others to seek reliably sourced instances which could be added to the article; I couldn't find any.

I run a virtual machine (VM), essentially a computer that people can mess with; when they finish I simply delete it (with any malware it might now contain) and recreate it afresh whenever I want. I let tech support scammers connect to it and do whatever they want; they waste up to 1 1/2 man-hours when they could be defrauding others, and amuse me (more fun than TV). Usually they just mess around trying to convince me that my machine has problems; the VM is set up so that it is difficult, confusing, and time-wasting to do this. They are often definitely fraudulent, not just pushy salespeople: they have tried to get my bank account details so they can send me a "refund" for my "faulty" router, via a Web bank detail entry page purporting to be my ISP (which they deduce from my IP address I suppose).

I had a session some months ago which surprised and shocked me. After the preliminaries to convince me (a rather naïve and stupid user) that my machine was cursed, they said that they would fix it without charge, I could go about my affairs and they would work on the machine and ring me when finished. This would take quite a long time, and the screen would go blank. I agreed, prevented the screen from blanking, and watched. With no waste of time they set up a Yahoo (I think) email account (with their own details, they didn't know any of mine); then they logged into the Western Union Web site and initiated a money transfer, entering details of a bank card, and a recipient in the US (I'm in the UK); I took notes. At this point I pulled the plug—I had no intention of being a party to fraud, particularly associated with my IP address. I phoned the police Internet fraud people, Western Union, and the bank, who (without giving me details of course) indicated that the card had been reported stolen by the time I rang. After finishing the long phone calls I found two increasingly desperate phone messages "we are the support people, the connection dropped".

That's what happened. I was never at risk of being defrauded as they had none of my details beyond my IP address, which they were using to try to steal money from a bank card they had stolen from someone else. I'm not sure why they did this; if they wanted to carry out fraud without being traced I would expect they could have used an appropriate proxy server without going to the trouble of finding a dupe.

Anyway, if there's a reliable source for this happening in other instances, it belongs in the article.

Best wishes, Pol098 (talk) 14:36, 27 October 2015 (UTC)