Can any of you tell, from the accent of this English, WHERE it comes from?

Page 1 of 4  
Can any of you tell from whence this caller came from, based on his English accent (as he attempts to 'repair' my home Windows PC)?
Here is a 3MB 30-minute MP4 recording of an unsolicited call today that I received from the “Microsoft IT” department, telling me my computer was "sending reports" to them (this file kindly uploaded by Marek): https://app.box.com/s/0yluyszg1qj2l83ynbm2
I realized it was a scam within the first seconds, but I was surprised, that, at the 21:30 mark, the increasingly frustrated caller threatens to f* up my entire family (explicitly threatening my sister, my mother, my daughter, etc.).
That first tirade lasted more than two minutes, from 21:30 to 23:50. Miraculously, the caller calmly resumes his attempt to get me to execute the Microsoft file, even going so far as to attempt to remotely log into my computer!
Despite the fact the caller calms down after the first set of invectives, within 10 minutes, the caller repeats the threats against me and my family at the 32:24 mark to about 33:29, which is essentially the end of the recording.
Here is a truncated 400KB 5-minute recording with chirps inserted into the removed (boring) sections: https://app.box.com/s/czwpmr905zxqfk92rgxx
The first web site they had me go to was the following: - http:// www (dot) windowscare (dot) us Which brought me to: - http:// www (dot) windowscare (dot) us/microsoft.com/ (Calling the listed phone number, +1-845-241-1234, just gets a computer- generated recording identifying itself as "Thank you for calling Windows Support ... please leave a message"). The domain is registered to "windows tech support" (all lower-case), which has a New York, NY, postal address.
The caller then directed me to click on the green "Get Support" button at that web page, which downloaded a Windows executable file (into my Linux / tmp directory), which actually came from: - http:// www (dot) ammyy (dot) com The postal address for the ammyy domain is in Panama.
The downloaded file was 764KB file, named: - 764184 Aug 26 09:28 AA_v3.exe
$ md5sum AA_v3.exe - f8cd52b70a11a1fb3f29c6f89ff971ec AA_v3.exe
$ sha1sum AA_v3.exe - 6a0c46818a6a10c2c5a98a0cce65fbaf95caa344 AA_v3.exe
The caller repeatedly asked me to execute that AA_v3.exe file, which, of course, I wasn't going to do, so I had to fish for what he was looking for as a result.
After quite a few false starts where I made up numbers, and many excuses, I belatedly learned he was looking for an 8-digit number that starts with 39 just below the "client wait for session" text that said "Your ID".
Of course, I never came up with a valid number, which apparently frustrated the caller, who probably thought, at first anyway, that he had a fish hooked on his line from the very start.
At the 16:00 time point, he tried his second tack, which was to have me boot my Windows XP pc to Safe Mode, so, I stalled until I could find a Windows machine, and then booted it to "Safe Mode with Networking", where he told me "it's totally safe now". At 18:12, he had me go to the same web site above (you can hear me breathing heavily as I climb the stairs from Windows to Linux).
The caller used the "broken record" approach, to get me to repeatedly run the AA_v3.exe file, but I was guessing wrong as to what he had wanted me to report back to him (having never executed the file).
Finally, at the 26:40 time point, the caller tried a third, and totally new approach, which was for him to take over my machine so that he could (presumably) download the file himself.
In order to take over my machine, he instructed me to go to: http://www (dot) support (dot) me Which took me to: https://secure (dot) logmeinrescue (dot) com /Customer/Code.aspx The postal address for the above domain is in Boston, MA.
Then he gave me the 6-digit logmeinrescue authorization code: https://secure (dot) logmeinrescue (dot) com/Customer/TrialWarning.aspx? code6536
Entering that 6-digit code downloaded the Windows executable file into my Linux /tmp directory: 1529152 Aug 26 09:51 Support-LogMeInRescue.exe
Which the Linux “file” command reports as: Support-LogMeInRescue.exe: PE32 executable (GUI) Intel 80386, for MS Windows
Afterward, I called LogMeInRescue at 1-877-337-2102, and at 1-866-478-1805 and provided them with the 6-digit number, for which they thanked me, saying they will cancel the account, but that it could be a trial account, and therefore, it would have little real impact.
They did say that the Support-LogMeInRescue.exe file allows the attacker remote access to your Windows PC, but, since I was on Linux, they say nothing would happen.
Where, probably in India?, do you think this accent came from? I'm guessing somewhere in the middle or eastern India.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Ned Turnbull" wrote in message

Yet you carried on with the call for 30 minutes? Why?
--
Guy Barry


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Guy Barry" wrote in message

To waste their time. If everyone did this, they might be driven out of business.
I yell at them and call them dirty names, until they hang up.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8/27/2014 2:08 AM, Guy Barry wrote:

Sometimes a guy just wants to have fun!
Different Scam and different outcome...
Several years ago I posted an ad on Craigslist selling a rather expensive ($2,100) riding law mower. The creeps came out of the woodwork. One "I want to buy your lawnmower, I will have my man pick it up once we agree. I will send you a cashier's check for $2,500. You cash, give him $300 when he loads the lawnmower, and keep the extra $100 for your trouble" Obviously a scam since there was no questioning whatsoever about the mower, etc.
Decided to play along to see what would happen and what he would send. Stressed that it wasn't my mower, but my widowed mother's, had to send it via US Mail as it was the only way she could receive it and provided a PO Box.
The dumbsh*t's emails were traced back to North Carolina and he actually sent his "cashier's check" to me THREE times by FEDEX (I verified the tracking numbers, etc. by logging on to my FEDEX account so I KNOW that they were legit)
Each time he sent it, FEDEX (at the time anyway) could not deliver to a PO Box. I'd email him back explaining why we couldn't drive 20 miles to the nearest FEDEX "depot" to pick up the check and he'd turn around and send it again - to the same PO Box using FEDEX. He'd send an email inquiring after the check and was the deal still on and so it went.
I verified three separate FEDEX attempts at probably $15 each to scam me.
Never saw a check from him but took some satisfaction in screwing with him.
I can see where Ned's coming from on this. If you have the time to play with them, do so. While they are concentrating on you they have no time to mess with somebody who might actually follow through with their plan.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Guy Barry wrote:

Hmm, Sounds like East Indian or Pakis. Nothing better to do, Eh?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2014/08/27 17:22, Tony Hwang wrote:

They call Sweden too, typically from India; VoIP services make it cheap.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Hans Aberg wrote:

Hi. Latest call is from Pakistan for duct cleaning job, blah, blah. The instant, I hear the vpoice, Click!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2014/08/27 22:49, Tony Hwang wrote:

Perhaps the business has expanded. :-)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 27 Aug 2014 06:58:58 +0000 (UTC), Ned Turnbull

There is a similar thread in alt.windows7.general.
I'm not downloading a 3Mb file at this time of the month, but I receive such calls about 3 times a week, and in nearly all of them the accent has sounded Indian to me.
--
Steve Hayes from Tshwane, South Africa
Web: http://www.khanya.org.za/stevesig.htm
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 27 Aug 2014 06:58:58 +0000 (UTC), Ned Turnbull

I would say Bangalore India.
BTW, I just tell them I don't have a computer and that when I need one I go to the library.
--
Web based forums are like subscribing to 10 different newspapers
and having to visit 10 different news stands to pickup each one.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| >I realized it was a scam within the first seconds, | | Yet you carried on with the call for 30 minutes? Why? |
Indeed. And don't people have caller ID? I get more spam phone calls than real calls these days. They even hide behind "Private Number" sometimes. So now I only answer known callers. The rest can leave a message.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 27 Aug 2014 08:08:44 +0100, Guy Barry wrote:

To find out *what* the caller was up to, and, to get him to incriminate himself, and to have enough data to *report* to authorities and to provide enough information for the *next* person to pick up where I left off (e.g., the 8-digit number starting with 39), etc.
I reported the scam, in its entirety, to the FTC, logmein (who revoked the account), and to folks here (to make them more aware of the scam particulars and objectives).
I even appended my report to the various virus scan pages found by searching the MD5 checksum on the net.
If everyone were like you, nobody would help each other and it would be a selfish "everyman for himself".
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 27 Aug 2014 02:30:33 -0700, William Sommerwerck wrote:

That too!
It's selfish to just let the *next* person deal with it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 27 Aug 2014 08:17:18 -0400, Mayayana wrote:

I don't have caller ID on my landline, unfortunately.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ned Turnbull wrote:

Hi, You can just hang up, on the first word you hear. I have caller id but I often don't even look at the display. Also I never say any thing first. Mostly we let the answerer do the job.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2014/08/27 15:16, Ned Turnbull wrote:

Here in Sweden, one typically has to order it from the phone company and pay a few bucks a month. For mobile phones, it is built into the protocol, so they always have it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8/27/2014 12:17 PM, Hans Aberg wrote:

Same in the US for old telephone lines. Internet phone, voip, give all such services with no extra charge or charge for long distance. Think it is the same with cell phones.
I've always refused to pay for a service that costs the telephone company nothing to give you.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2014/08/27 21:53, Frank wrote:

You mean: like SMS. Here in Sweden, there is a flood of telephone spammers, so it is hard to not have it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 08/27/2014 08:16 AM, Ned Turnbull wrote:

For a lot of calls I get, caller ID NAME shows as one of:
1. the phone number
2. the letter 'V' followed by the phone number
3. something meaningless, like "FYN DSO INC"
4. an unfamilier company name
5. some charity (if I donate I do it and NOT by phone, they can't TAKE it).
Those, I don't answer let the answering machine get it. Fewer than .1% leave a message. It's like they know what they're selling isn't worthwhile, and if you have a chance to think about it you won't want it.
--
Mark Lloyd
http://notstupid.us
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 27/08/2014 20:40, Mark Lloyd wrote:

The auto-diallers which these scammers use can recognise an answering machine and so do not put the call through to a human but just drop it.
--
David

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.