wnd's weblog


July 2017
Mo Tu We Th Fr Sa Su
26 27 28 29 30 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6
Categories
Archive

International phone call scams are very much real

31 July 2017 14:27:04 misc

tl;dr: I lost my "yes scam" virginity.

In 19 July 2017 I received an unexpected phone call. By means unknown to me, my phone displayed not only the number (+442079460873) but also word "London". Because of reasons, I typically answer these calls. I did answer the call.

I was greeted by a woman who spoke reasonably good English, but her pronunciation wasn't exactly the best I've heard. I could not identify the dialect, but my suspicions pointed towards east. The caller first wanted to confirm she was speaking with a person with my name, yes? "That would be me." The call centre noise in the background was rather annoying. She then continued to introduce herself as a researcher at CTAM in London. It took a couple of pardon-mes and sorries to actually make the abbreviation out. The company was supposedly doing an economy research on European households. "Could you answer some questions, please?"

I can't remember the details on how the call then proceeded, but the questions where mostly meaningless, and the data should've been readily available in most EU countries. "Do you own an apartment, yes or no?" "Do you have a mortgage, yes or no?" Some of the questions were utterly irrelevant. "Is this your personal phone, yes or no?". As is typical for me, I answered nearly all questions with proper sentences such as "I do" or "I have", or "it is". Repeating the yes-or-no part started to sound a little fishy at some point. I am certain I slipped some direct "yesses" a few times.

Not all the questions were like that, though. She was also interested in my income bracket, my profession, and my thoughts on how the recent efects in Europe have affected my financial security. For whatever reason, she wasn't happy with "software engineer", so she had to settle with "a programmer". Obviously she'd also like to have my email. I provided her with a GMail address that I only use for irrelevant stuff.

After seven minutes of her time and my holiday being closer to its end, she thanked and ended the call. I did a quick internet search with the phone number and ended up reading an article by national news agency about strange international phone calls. The recommended action was obviously not to answer the calls. The article did not speculate what the attack vector for the calls was. Reading about the fishing for yesses, I grew a little nervous. The few yes answers I'd given worried me, but eventually managed to put the thought aside. Should it become necessary, I'd have a recording of the call. Except I didn't. The latest software update to my phone meant the recording application was no longer functioning. Oh dear.

On 27th my phone beeped again. A call from a secret number. I left my workstation and went to one of our meeting rooms, and answered the call. By now I'd replaced the recording application. At the other end of the line there was a voice of a man. A voice that spoke good (British, or close enough) English. Good English by my standards, at least. I've tried my best to preserve the original mistakes in both of our language. Like with the previous caller, I could hear a call centre in the background. However, the background noise was much less of an annoyance.

Caller: Hi there I'm looking for Tommi [unintelligible] - sorry - [yet another attempt].

Me, thinking: Sigh, here we go again.

Me That would be me.

Caller: Aha, excuse my pronounciation there, Tommi.

Caller: It's Mike Rose here, I'm one of the senior account executives over Tokai National Partners in Toronto. I understand you was contacted a week or so ago by one of our research partners who called you on behalf of CTAM, yes?

Me: I believe so.

Caller: Sorry, sorry could you please repeat that there, Tommi?

Me: I believe so.

Caller: Ok, I'm, I think, uh, the reason I'm calling you back today is just to introduce myself and my company and I'd just like to tender out some information just so you can verify who we are and what we do there, okay Tommi?

Me: I honestly didn't get that.

Me: Uh, sorry?

Caller: Yes, well, as I say, I'm one senior account executives here at TNP, and what we do here is we isolate companies who are trading on overseas markets. These have been overlooked [unintelligible, the values] and they are very rarely offered to European professionals such as yourself.

Me: "Professionals such as yourself". Aww, that is so sweet of you.

Caller: Tommi I have here you're programmer, yes?

Me: I think that's what I said the last time, but I --

Caller: Ok --

Me: -- at this point I just have to say that from what I remember from the last call I find these calls more or less very suspicious and I'd rather not continue the call.

Caller: Oh! Ok, suspicious you say there, Tommi. Why, Christ's sake. My company is Tokai National Partners, we are very well in the Bloomberg [unintelligible] Finance [unintelligible] -- do you have a computer in front of you there Tommi?

Me: I honestly am not. Besides what different would have it made? If I'd opened Google's company page would it have meant that you were a Google employee and worth my trust? Sigh.

Me: Not at the moment.

Caller: No? Aha. This is Tommi, I'm trying to give you some information to help out, for Christ's sake, this is a no-obligation call.

Caller: You did spoke to one of our research partners. Now, every couple of years we have a team of outside experts that go through our books and they conduct a complete assesment about our entire client base here, not just to isolate out clients who're receiving best returns, but also the clients who're the happiest with our style and approach and, that conduct business and... all we do then, we give those demographics to various research companies... who... and we say to them "go out and find owners, directors, managers, programmers, any professionals, who match these criterions."

Caller: Looking into your details here I can see you was recently contacted by one of our researcher partners in London. They called you on behalf of CTAM, and you completed a survey with him, yes?

Me: The caller was a she, but I suppose their register doesn't go that far.

Me: As I mentioned before. And yes, I am intentional avoiding saying certain words because I find this very suspicious.

Me: I've already given you my email address. If you wish to continue any further than that, please provide me the details over email and that's about it.

Caller: Of course, so, I mean I can provide the... I mean, I don't want no details from you other than an email address. I'm the one that wants to fend you details there, Tommi. So, I don't understand where this suspicion is aroused by. All I'm doing here is to start a chain of communications, and give you some information about my company, and also give you one of our latest recommendations. Like I said, there is no obligation whatsoever.

Caller: It's my job here is to give you 15 % off the work, ok? And then, 85 % of the work is on you. So, I wanna provide you with the information, our recommendation, to you to go away [edit: that can't be right], have a look, and to see if you want to come aboard [unintelligible, us?]. That's what we do here, that's my job here, as a senior account executive.

Caller: Now, Tommi, if you wish to see, some detail documentation on an investments opportunity, why Christ's sake, not just because myself, or someone like my company was to call you up and tell you so. But because you did your own research, your own [unintelligible, toutilions?], and you was confident in your own mind that you would profit from that situation. I take it then you would be open-minded into just taking the [unintelligible], look at it, yes?

Edit: Ogg recording, MP3 recording.

Me: Well, again, I find this suspicious and unless I receive some details over the email address I've already provided, I am going to finish this call right now.

Caller: Ok, you say you find this suspicious, Tommi. I'm just a bit baffled here. What suspicions are arising your concerns, what's you concern about at the moment?

Me: One word: scamming. And that's about it. --

Caller: (different voice in the background) hey!

Me: -- I am now closing --

Caller: (the same different voice in the background) hey!

Me: -- this call. Good bye and have a nice day.

Surprisingly enough, I haven't heard back from them. Anyway, I'm impressed by the operation they're running. Having a first-tier person to call me with basic stuff, and a "senior" person to make the follow-up call was impressive. What was even more impressive, was the latter's language. For all I know, he could've been native speaker. Also, I liked his accent.

While I was transcripting the call (and could finally, on most parts, make out what he said), I made some observations.

Part of me wishes I would've gone with the call, discovered how the scam works. I was a chicken right from the start. I'm new to scams over phone, and I know I easily miss things in phone calls, even in my native language. Actually, this also applies to face-to-face conversations with people I am not familiar with. That is why I prefer written communications with strangers. Even though I tried to keep it short, the guy still managed to take five minutes of my time. Hopefully that was all he managed to do...

I must admit that I feel much more at ease after this second call. Still, I hope this was the last one of its kind.

Permalink | Comments (3)

More on Game of Life in 6510 assembler

7 December 2016 09:02:09 my software

As it turned out, I never released the sources for the second generation of my Commodore 64 version of Conway's Game of Life. Unlike the earlier version, this second attempt packs four cells per byte. While it adds to the complexity, it also reduces time spent in data retrieval by a lot. This version uses lookup tables to count live cells by using a lookup table on zero-page.

Get the sources. You may also read an earlier entry and/or see the earlier version(s).

Permalink | Comments (0)

Stockholm, August 2009

28 November 2014 20:16:18 photos, travel

Vasa warship, Stockholm, Sweden Extremely minimal set of photographs from Stockholm, Sweden. If it weren't for Vasa, I suppose there photos could be from anywhere. You have been warned. See the few photos here.

Permalink | Comments (0)

N900/Fremantle and Iodine

15 June 2014 09:11:31 maemo, software

Grab a minimal-dependency iodine client start up script from here.

Long story short: I've rewritten iodine-client-start to have minimal dependencies and to run with standard Bourne shell. The only additional packages this script should require are iodine and iproute.

Back in the days when Nokia N810 was my main and only "internet tablet", I discovered iodine, a IP-over-DNS tunneling... thing. I set up my own server and tried to set up the client with provided iodine-client-start script. Things didn't work out-of-the-box and I soon discovered number of dependencies. Because I was keen to see iodine in action, I quickly built a package with all necessary dependencies in it. If my memory serves me right, I had to strip down things like ipcalc to run on Diablo, and compile some others. Eventually I got Iodine to work, and never bothered to properly package things.

When I finally got a N900 of my own, I tried to set up Iodine client for it as well but failed. Life being busy and all, I never get around to get things working. Until two weeks ago. I was walking back home from downtown and being nice and sunny day, I stopped to sit on a bench. I can't remember what I was going to check online, but in any case I tried to establish an internet connection using an open AP that happened to be there. It turned out it was one of those that requires a login. One thing lead to another, and by the time my head hit the pillow that night, I had a nice little script ready for field testing. Much to my surprise it worked without a hitch - except that the routing to my own subnet was broken from my iodined.

Permalink | Comments (0)

Vim and long lines

4 December 2013 18:29:11 rant, software
highlight LongLines ctermbg=red ctermfg=white
match LongLines /.\\%>81v/"

Some months ago I switched to i3 window manager after discovering a Vim option to highlight column 81. As silly as it may sound, not easily spotting long lines was one of the biggest reason for not switching earlier. However, colorcolumn option wasn't perfect. It messed up using X11 to paste text from Vim.

When I first grew tired to colorcolumn and loads and loads of unwanted whitespaces in pasted text, I figured I'd use X resources to configure rxvt to draw column markers. These markers would obviously be completely separate from actual text buffer. After struggling to introduce X resources in rxvt, I realised my plan also was flawed; this wouldn't work properly with Vim's windows.

When the time to have a Christmas party at work arrived, I realised I'd have quality time to work on this again. I patched rxvt with a private set of VT escape sequences to manage a list of column markers. Adding this functionality was surprisingly simple and the unminimised patch (without partially implemented X resources) was just 145 lines. The next step would be to create a Vim script, or in worst case scenario, patch Vim to send required sequences to set the markers.

When I was testing my fancy little patch, I came across some settings in Vim configuration file I had added for highlighting redundant whitespaces a decade earlier. That's when I realised I could use exactly same thing for highlighting long lines. It wouldn't be exactly as pretty as my fancy little patch, but there would be no patching and no compiling.

The next time I think I need to patch some piece of software, I really need to sit on my hands and think if it's really the only way. That would have a lot of time.

Permalink | Comments (1)