Inside the treasure chest that is YouTube's recommendation system, I found "scam-baiting" videos. These consist of a chap getting a tech support scammer' number and calling it (usually employing something like FireRTC) in an endeavour to piss off whoever picks up the phone. Watching these videos is good fun, but most people take this to the next level and gain control of the scammer's computer and start copying the scammers' files to their computer's hard drive for further inspection, while the files are copying the "scam-baiter" attempts to access as much of the network as possible to discover these scammers modus operandi. Some of the most notable discoveries include contacts (Yes, Windows contacts, it seems they remain in 2009) of victims or intended victims including phone numbers and home addresses and administrator passwords for their entire network (composed of dozens of Windows machines).
I also, briefly, delved into this, I daresay, trend. I determinedly fired up a VM and a copy of FireRTC and called a scammer. I was received with an Indian voice screaming something along the lines of "Helloah Rakesh from Microsoft tech support here how can I help you?". At this point, I stifled a laugh, gasped for air, and attempted to maintain my composure, this must-have taken too long since the scammer kept repeating "Helloah? Helloah?". When I finally believed I could talk without it appearing I'd inhaled a helium balloon I continued with the theatrical performance whose sole beneficiary was the, I assume, middle-aged Indian man on the other end of the line. He got me to install a copy of AnyDesk and fired up some bogus diagnostics program that told me that my pristine VM had, without exaggeration, 400 viruses. Meanwhile, I was running WireShark and grabbed his IP which roughly tracked to a suburb of New Dehli, no surprise there. Unfortunately, since we were using AnyDesk I couldn't flip the session and gain control of his PC, so no luck there. After wasting his time for approximately 70 minutes I pointed out that I knew what he was doing was a scam, and that the "PC" he was connected to was a virtual machine. He swiftly attempted to run syskey, this feeble attempt and this clear ignorance regarding the nature of virtual machines made me laugh so hard that I accidentally disconnected the call.
After my enterprise into "scam-baiting", I began thinking. If you are a 60-year-old individual living in, say, Yeovil and you get a popup whilst browsing the internet, who is to say that you won't believe its a legitimate Microsoft page? and call the number indicated in an attempt to resolve whatever problem your computer is supposedly receiving. For the more tech-oriented folk, it is really hard to even imagine this scenario happening to us but these scams are only successful because of the quantity of misinformation regarding computing, notably concerning cybersecurity. The mass media doesn't help, it paints hackers as wizardlike criminals and security researchers as nerdy, isolated and mostly overweight people who sit in front of a computer and look at scrolling lines of green text while consuming industrial amounts of MacDonalds. This is why I honestly believe in the power of community education events, most of all those directed at the older population.