Sam Black

Sam Black at

45 minutes, 2 people.

Since I had the Win10 VM open from earlier, I used that for this call.

Standard stuff, `eventvwr`, "My goodness, all those error and warnings"...

Installed TeamViewer, then gave me their ID and password.

I was greeted by a "TalkTalk Technical Department" background, and they were telling me to switch so they could see my screen.

I assume this was to reassure me that, yes, I was talking to the TalkTalk Technical Department.

I did switch screens, after having a quick look around their files and copying some across.

Interestingly, they had me open `cmd`, and type in `cd/` and `tree`.

We're now self service scamming!

The `tree` command finished quicker than they were expecting (They didn't notice the `^C` in the terminal), and I watched them paste `color cf` (red background) and some gumpf about "Internet Software Warranty expired", my router requiring replacement and the refund I was entitled to.

The refund was for the fact that we were paying TalkTalk £7/m for the "Internet Software Warranty", and since it had expired, we were in for a refund of it.

Yeah, I don't get that either.

To process my refund, they had to get me to log into my bank, and would only allow me to use Chrome or Firefox; amusingly, to do so, they had me type `iexplore` to get Chrome.

I don't get that either.

Whilst they were trying to get me to download Chrome, I noticed I could switch screens back to theirs, and there was a momentary panic on the remote desktop (Windows XP FFS!) as they disconnected.

Reconnecting again, and I was again greeted by the "TalkTalk Technical Department" background, and started to copy the files from their desktop, as they looked much more interesting.

The session dropped, and I heard another voice in the background, and I think they mentioned transferring and files, at which point the caller tutted and hung up.

As an aside, I've noticed that these cold call scammers seem to have a "voice" and a "tech", in that the person on the phone doesn't seem to be the same as the one accessing the VM; the "voice" doesn't know what's on the screen, is asking to confirm what I'm seeing and I'm pretty certain I could hear in the background the "tech" relaying to the "voice" what I was doing.

The files I pulled contained 5 peoples contact information, and notes about when to call back, the computer they had, and who to ask for.

One of those was an OAP/Senior.

This is why I waste their time, so even if I just rate limit them for 30-60 minutes, just slow them down a bit, it'll prevent as many people falling for this scam.

Aren't you afraid that you're, in a way, making them learn to be better scammers?

JanKusanagi at 2017-03-30T15:40:55Z

Not really.

They (as a collective) have been ringing us for over 2 years, and none of them have done any sort of checks for a VM or scambaiting, and most don't even admit they're scamming when I call them out.

I think for every person wasting their time, they've probably hit 60-100 who don't, and it only takes a few of them to be conned to make it worthwhile.

Honestly, if I did cause them to pause and check, more people would hang up on them because, depressingly, most people would be frustrated it was taking too long, rather than them knowing it was a scam.

Sam Black at 2017-03-30T16:06:13Z