Saturday, 26 November 2011

Gone phishing / letters from Uganda

I am writing this from somebody else's computer. Mine blew up the other night. Not with flames and all, but in an explosion of hard drive errors. I had it booted up in safe mode when the phone rang.



Hi. I'm from Microsoft support. We've been getting error messages from your computer. I will walk you through some steps to fix the problem.

(Microsoft calling me to help me with my computer? This is highly unusual ... but I have been having problems lately...) You've been getting messages from my computer?

Yes, for a long time. You computer has been infected with viruses and malware for a long time.
(Well I have had virus problems, but why did they wait so long to call if they knew I had a problem? ) I can take control of your computer and get rid of the problem, now go and turn on your computer.

My computer is on, but it's in safe mode so I doubt you can take it over; but I'm not sure I want to ...

What key is next to your left control key?

Uh .. the windows key.

Good, press the windows key and the "R" key.

What does that do?

Just hold down the windows key and press R. What do you see?

Tell me what it does first.

I'm going to help you fix your problem. Just hold down the windows key and press R. What do you see?

Geeze, okay: the 'run' command opens. (Boy is this guy ever rude...)

Good, now type e-v-e-n-t-v-w-r.. What do you see?

What does that do?

Just type e-v-e-n-t-v-w-r. What do you see in front of you?

Tell me what it does first.

Just type it sir. What do you see?

Look dude, I don't know who the hell you are. I'm not going to type it unless you tell me what it does first.

Just type the command. Okay, what do you see on your screen?

Can I have your phone number?

No, just type the command. I'll give you the phone number after you log in. Now enter e-v-e-n-t-v-w-r. What do you see in front of you?

I'm going to hang up unless you give me your phone number.

Just type the command first.

Okay goodbye. *click*

A quick search on the 'net shows that this scam has been going on for a long time. Eventvwr itself is harmless, but it produces computer logs which few people understand and may appear to indicate that your computer has a problem. The scammers use this to convince you to download a program which allows them to obtain control of your PC, and then you're fucked.

The weak link in this scam is the notion that Microsoft would actually call you to help you with your computer. The only thing that made this even remotely plausible in my case is that by coincidence my computer completely crapped out shortly before he called. I know my readers are far too sharp to fall for something like this, so I post this for your ammusement rather than as a warning necessarily.

This isn't the first time I've been scammed. My favourite was a 2-page handwritten letter in 2003 from Uganda. It had Ugandan stamps and was post-marked Uganda. The return address was a box at the Kabale Police Station, which appears to be a real place. It refered to me by name and came to my address, but it did not ask for money outright. The letter writer claimed he was a police officer who was guarding my father. He says "It is a really long time since we last met at Kabalagala Kansanga Kampala at the residence of your father... ". Wow, thats pretty bloody specifc! It's also not accurate. He goes on to mention other inaccurate details including relative's names and so on ... to the point where I almost wonder if the letter was legit and just went to the wrong person. It's impossible that they would randomly mail that to somebody who actually fit the narrative of the letter.

The letter ends with him explaining that his brother died and left him with 5 kids, and that he is struggling with money. Ah here we go, I thought. He wants money.. Still, the whole thing was so intriguing that I held on to the letter. I would scan it for you, except that my PC is toast. Maybe some day, if I ever make it to Uganda, I'll stop in at the Kabale Police Station and ask if Tumwebaze Alfred ever worked there.


The View from Seven said...

Good post! I usually just roll my eyes at the many scam e-mails I receive, but once in a while I can't help but chuckle at how absurd some of them are.

The best had to be the following:

"I am The Rt Hon David Cameron MP,Prime Minister, First Lord of the Treasury and Minister for the Civil Service British Government. This letter is to officially inform you that (ATM Card Number [...]) has been accredited with your favor... The VISA Card Value is £2,000,000.00(Two Million, Great British Pounds Sterling)."

Oh -- how nice of you to take the time out of your busy schedule to bring this to my attention, Prime Minister!

But at the bottom of the e-mail, it's signed, "Regards, The Rt Hon Gordon Brown MP, Prime Minister"

You need to sort out your identity, "Prime Minister". And using an *.hu e-mail address for state correspondence is a bit of a security risk, don't you think?

Another good one was the "personal note" from the widow of former Zairean dictator Mobutu Sese Seko, asking me (despite my lack of financial training) to be her personal financial advisor in exchange for a share in her fortune.

cherenkov said...

He was obviously on business in Hungary when he emailed you. Sounds legit.

/* Google Tracker Code