Mac Tech-Support Scam Exposed in Hilarious Video
A YouTube clip catches a tech-support scammer running ridiculous tests on a Mac and then trying to sell the user expensive protection plans.
Computer tech support shouldn't be like going to a car mechanic. You shouldn't have to worry whether the guy fixing your machine is ripping you off.
But that's what happens with fake tech-support calls, in which a remote technician, often overseas, accesses your PC and tells you that something's wrong with it — and that you've got to buy his company's support to fix it right then and there.
Such scammers have been preying on Windows users for years. Now it's starting to happen to Macs as well, if an unintentionally funny video posted to YouTube last week is accurate.
MORE: 5 Free PC Security Programs Worth Downloading
"We have only two plans," the remote technician's voice says in the video, after he's "discovered" that the Mac needs anti-virus protection. "One is the $99, one that is the instant support, in that a technician will be installing the protection, optimizing your computer, aligning the registries in order so that it will work fast and it will be protected."
Macs don't have registries. Windows PCs do, but have only one registry per machine, and no one "aligns" them.
"If you want to take the unlimited support, which will cover your operating system, your Internet security, downloads of programs on this computer plus the printer attached to this," the technician continues. "So that is the unlimited support for 12 months, and that is $200."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
The most expensive all-encompassing computer-protection plans from reputable anti-virus vendors retail for $80 per year and often cover more than one PC.
One ping to rule them all
How does the technician determine that this Mac and its printer need anti-virus protection? He opens a command-line terminal window, pings the website Protection.com, and gets a time-out error. (Protection.com does refuse ping requests, but is up and running, selling LifeAlert emergency-call pendants.)
"All of the requests are timed out. That is the first and the main reason why your computer is working slow," he tells the Mac user. "Because there is no protection installed, sir."
The ping command-line utility tests network connections and has nothing to do with security. The "clueless" Mac user on the phone with the technician is actually Malwarebytes security researcher Jerome Segura.
Segura chases phony tech-support scammers for fun, and, as he details in a Malwarebytes blog posting, when he saw an ad on Microsoft's Bing search engine for a company that promised remote Mac tech support, he couldn't resist and called the toll-free number.
(Malwarebytes has posted a useful guide for avoiding tech-support scams.)
MORE: Free Antivirus Software: The Best of 2013
Disalignment pact
Right away, the technician on the other end of the line asked Segura to download TeamViewer, a remote-access tool for Macs, and to grant him access to the machine.
The good news, the technician tells Segura after running the first "test" in the video, is that despite the lack of anti-virus protection, Segura's Mac is not yet infected.
"Right now, see, all of the sequence files are running in the last — you can see 61, 62, right?" the technician says. "The sequence files are running — so if it has to be a virus attack, the files will not be in the order, they will have to be disaligned. But right now it is aligned. This means that until this time, there is no virus in your computer."
As Colonel Potter from "M*A*S*H" would say, "Horse hockey!" Mac ping responses don't list "sequence files" at all, but simply count the failed connection attempts.
Segura noted that while the company, which we won't name, says on its payment page that it's based in New Jersey, a check of Internet domain registries shows that the true owners are in India.
(We couldn't find the New Jersey address on the main website, but did find this: "This company is registered in England and Wales, Number 11111111, registered office 123 Any Street, Anytown AB2 3CD.")
What about the Mac's browser? How well was that working?
The technician in the video has a "test" for that too. He pings "safari.com" and gets quick responses from the server. (The Safari.com site has nothing to do with the Apple Web browser. It sells African safari excursions.)
"There you can see two sequences are there, in the last, it's multisegment files, MS, and the sequence for your Internet registry as well," the technician says. "All are in order sir, 37, 38."
"MS" actually represents the number of milliseconds a server takes to respond.
At this point, Segura asks to buy the protection plan and is given the details about the $99 and $200 plans.
On the website order page, Segura doesn't type in his name, address or credit-card number, but instead enters, "You. Are. A. Scam. Thank you :) You know that right? Please tell me so :)"
Toll-free Beckett
But even after being confronted with Segura's message, the technician won't admit anything wrong. The support call turns into an absurdist play worthy of Beckett or Ionesco.
Segura: "Can you see what I'm writing?"
Tech: "Mmm-hmh."
Segura: "What do you think?"
Tech: "It is your choice if you want to continue or not."
Segura: "The ping that you did doesn't make any sense, right?"
Tech: "That was us showing you if it's aligned or not."
Segura: "It doesn't have anything to do with whether I have an anti-virus on my Mac or not. You know that, right?"
Tech: "That's a protection in your computer, not for the website."
Segura: "But this is to ping a website. It has nothing to do with security on my computer."
Tech: "That's what I'm telling you. It's to do with your computer, if it's installed or not."
Segura: "It says your company information is [REDACTED] Tech Support located in New Jersey?"
Tech: "Yes."
Segura: "How come you have an Indian accent?"
Tech: "I am from India."
Segura: "OK. You don't happen to be in India right now, do you?"
Tech: "No."
A passage from India
In the interest of fairness, we called the toll-free number on the website to ask about the YouTube video.
The man who picked up the phone sounded like he was in a small room with lots of Indian men yelling at each other, but he put us through to a manager.
"Are we on YouTube? Where is this video?" said the manager, who gave his name as Ashkay.
Told that the video depicts one of his technicians scamming a customer, Ashkay insisted we had it all wrong.
"It's nothing like that," he said. "We regularly check what the technicians are doing. We have been trained like that. We do have comments from the customers, and they're very happy with our services. We have a fair policy. If the issue is not resolved with the customer, we refund the service."
So why would the company's technician be trying to sell Segura paid protection plans for a Mac?
"It could be a communication problem. No one can be sure why this problem came up," Ashkay said. "Macs do not require protection."
Segura also got a manager on the line, who again refused to admit any wrongdoing (though he did admit he was in India). Instead, the man politely insisted that the ping command had tested the computer's firewall.
"I guess their strategy is to feign innocence until the end," Segura wrote on the YouTube video posting. "However, any decent computer technician would know that a ping command is not going to check for the presence of an anti-virus. They can claim whatever they want, [but] this one is in the box and labeled as a scam."
Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.