Calling Gmail technical support (yet another scam story) | Dafacto
Dafacto

The personal website of Matt Henderson.

Calling Gmail technical support (yet another scam story)

27 September 2013

My livelihood and many of my hobbies revolve around technology. This past week, after witnessing an unfortunate series of technology problems affecting my Mom, I’ve been reflecting on how I take for granted as commonly understood so many technological concepts that, in reality, are not commonly understood at all.

An unfortunate series of events

Earlier this week, my mom discovered that she couldn’t send or receive email.

Wondering what could be wrong, her attention was drawn to the flashing amber light on the AirPort Extreme, which in turn is connected via ethernet to the AT&T modem.

The Airport’s flashing amber light was an indication that it had no internet access — access which it, in turn, gets from Mom’s AT&T modem. Unaware of all that and assuming the amber light was an indication of a problem with the Airport, my Mom switched off the Airport completely and plugged her iMac directly into the modem via ethernet.

Just at that moment, the temporary AT&T internet outage happened to resolve itself, and so after connecting the iMac directly to the modem, she found herself again with internet access — confirming in her mind the belief that the Airport in fact had a problem.

I found out about all this upon receiving a call for help from my Mom, saying that Dad’s iPod couldn’t access the internet any longer. That call ended up with Mom restoring the original AirPort Extreme + AT&T modem setup.

The second problem that happened just afterwards is that my Mom tried to email someone at Bellsouth.net. Whenever she tried to send an email to someone at Bellsouth.net, it bounced back. (Bellsouth is infamous for rejecting incoming mail for any of a number of reasons.)

Of course, my mother doesn’t understand how email travels from her computer to the recipient, and would have no way of knowing that the cryptic content of the bounced mail was actually a communication from the Bellsouth servers, and not her own computer.

So she did what came natural to her, and called AT&T for support. After what I’m told was a two-hour conversation, the AT&T support staff managed to (a) convince my Mom that her Mac had a “Trojan horse”, and (b) completely mess up the outgoing SMTP settings in her Mail.app (resulting in her inability to send any emails at all.)

Mom then called me, and I explained that the problem was not on her computer, but rather with Bellsouth. I demonstrated that by trying to send a mail myself to Bellsouth, and confirming it bounced back. I also connected to her iMac via screen sharing, and fixed her messed-up outgoing SMTP settings.

As we finished the call, I asked who at Bellsouth she was trying to email, and my Mom said it was my uncle. I explained that it’s generally a bad idea to use the account provided by your internet service provider as your primary email account, because of lock-in. Once you’ve told the whole world to contact you on [email protected], it’s kinda hard to switch to another ISP!

So I suggested she tell my uncle to get a Gmail account, and it’s at this point that a bad story turns considerably worse.

On my Mom’s advice, my uncle setup a Gmail account. Afterwards, my Mom gave him an email address to use to send a test message. Unfortunately, she communicated an email address that doesn’t exist (an easy-to-make .com vs .net typo), and so my uncle’s sent email bounced back.

Neither my uncle nor mom understand what a bounced email means, and so they concluded that my uncle must have his Gmail account setup incorrectly. My mom volunteered to go over and help sort it out.

I first became aware of this when I got an email from Mom saying:

BTW, I went to your uncle's house to help him sort out a problem with his new Gmail. We called Gmail Tech support, and they suspect he has a Trojan Horse, and said we should take it to Staples or BestBuy to have it looked at.

Of course, alarm bells immediately started going off when I read that. I’ve never heard of “Gmail Tech Support”, and suspecting a virus as the cause of a bounced email most certainly didn’t sound like something expected of the smart folks at Google.

So I called mom to find out what happened. I began by asking how she got in touch with “Gmail Tech Support”, and she said she’d called them. When I ask where she got their number, she said she Googled it: 1-888-505-6485.

When I googled that number, I landed on this web page, and the alarm bells got louder. This is obviously not anybody related to Google.

Quite worried, I asked for details about the support session with “WeSoftTech”, and here’s what I learned:

  1. They requested, and my mom granted, control of my uncle's computer via some web-based screen sharing tool.
  2. They made some changes in the Advanced panel of the Network settings.
  3. They spent quite some time entering commands in the Terminal app.
  4. They requested, and my mom told them, the admin account password on my uncle's computer.
  5. They requested, and my mom told them, the password on my uncle's Bellsouth account.

At this point, I was quite concerned that my Mom had been unknowingly scammed.

I told Mom that we have to suspect that my uncle’s iMac and email account have been compromises. And we also had to consider that any online accounts he has are compromised too. Why? Because with access to his email account, they could dig through his his email history, discover he has an account at Bank XYZ, visit the bank’s website and click “Forgot Password”, after which the bank would send a new password to the email account that these guys now have access to!

My uncle’s iMac would need to be wiped clean, and his various accounts either deleted or have their passwords change. I asked her to do the following:

  1. Call Bellsouth, explain what happened, and have them delete my uncle's email account or change the password.
  2. Change the password on any online accounts that my uncle has (online banking, etc.)
  3. Download SuperDuper on my uncle's computer, and figure out how much disk space he's using.
  4. Physically disconnect my uncle's computer from the internet.
  5. Buy a 2.5" USB drive with enough capacity to copy over the data on my uncle's drive.
  6. Use SuperDuper to clone his startup drive to the USB drive.
  7. Take his Mac and the USB drive to an Apple Store, explain what happened, and have them help figure out the best way to wipe his computer, and get setup again. (I told here that using Migration Assistant might not be safe in this situation, because I have no idea what WeSoftHelp might have installed.)

That was Tuesday. I called Wednesday night to ask about their progress, and Mom said that Bellsouth couldn’t delete my uncle’s email account; that would require signup for completely new internet service. (What a piece of shit company.)

She then said that hearing that from Bellsouth, they just decided to “delete his account using the Mac.”

Huh? When I ask what that meant, she said they’d gone into Mail.app’s preferences, and deleted the email account. Sigh. I explained that all they did was cut off their own access to the account, but that the account still exists!

It’s late afternoon today, and my mom and uncle are now on their way to a Genius Bar bar appointment at the Apple Store — where I hope they’ll get some good support. It’s tough being on another continent. I wish I was there to better help them through this.

Fortunately, this particular story has a happy ending. The good folks at Apple were happy to help, and spend quite some time cleaning up my uncle’s computer, and getting his data from the USB drive copied over. Amazingly, they didn’t even charge for it? (Perhaps that was because, on the same trip, my Mom upgraded her iPhone?) They also got the passwords changed on all his online accounts.

Many lessons learned!

Observations

Here are some things—some specific, some general—that I noted as my Mom’s situation evolved:

Bounced emails

Most people don’t understand how an email message travels out from their email program, ultimately arriving in the inbox of someone else’s email program. Imagine if, rather than containing cryptic content like this:

SMTP module(domain bellsouth.net) reports: gateway-f1.isp.att.net: incorrect SMTP prompt at the host

…bounced emails instead assumed that their recipients weren’t system administrators, and included useful content like:

Ooops! — This is a message from the computers at Bellsouth.net. You tried to send an email to [email protected]. Unfortunately, we couldn't accept this message for delivery. Click this link to find out what went wrong, and what you can do about it. http://some-link.com

Explain what happened, in understandable terms, and let the user know what they can do about it. If nothing else, it’d help prevent people like my Mom from taking consequential actions based on wrong assumptions.

Who, what, where?

Many people don’t understand the client/server architecture of the internet, which can lead to confusion about what’s happening on their computer, and what’s happening on the internet.

I’ve seen people deleting messages off Facebook because their “iPod only has 8GB of memory.” In this story, my Mom didn’t really understand that everything happening at Gmail when viewed through Safari is happening on Google’s servers, and not her computer. If she had understood that, she might have gotten suspicious herself when told that the likely cause of a bounced email in Gmail was a Trojan horse on her computer.

In a similar way, we see that my Mom and uncle believed they were deleting my uncle’s email account by deleting the email account from the Mail.app. When you think about it, that’s not at all an unreasonable assumption. And just think of the potential consequences, had they not had someone available to alert them to the fact that their potentially compromised email account still exists.

False confidence

They say a little knowledge can be dangerous. I’ve noticed having observed many computer users that often, having successfully built and printed a document in Pages, they develop a false confidence in their broader understanding of computing, and happily volunteer to help others. And that, obviously, can lead to dire consequences.

The Trojan horse

It seems the common response of all tech support wanting to get off the call is to suggest that the user has a Trojan horse. That happened twice in this story. I’m unsure if that’s a reflection of irresponsibility or incompetence, or both.

The bad guys

I don’t know for sure whether WeSoftTech are scammers, but I fear the worst. They certainly didn’t mind playing along with my Mom’s belief that they were “Gmail Tech Support”, i.e. a part of Google. And their actions—asking for the computer password, asking for my uncle’s (unrelated) Bellsouth email account password, and spending considerable time in Terminal—are awfully suspicious. If nothing else, this story serves as a stark reminder that there a lot of bad guys lurking out there, waiting to prey on people’s misunderstandings.

We've got a long way to go

In some areas, we’ve made good progress in allowing users to benefit from computing without requiring them to understand how things work. Tablet devices like the iPad hide the file system. Time Machine backup and restore “just works”. And it’s not just Apple; nowadays (perhaps as a result of Apple’s success) it’s far more common to see companies give top priority to usability. Nest, for example.

But this story serves as a reminder (to me at least) that we still have a long way to go. And I wonder whether the pace of increasing product usability is keeping up with the pace of technology. Overall are things getting better or worse? As this story unfolded, I kept thinking how sad it is that such unfortunate things can happen to people because, in general, they are still exposed to too much of the complexity in how computers and the internet work, and the support channels available to them are often incompetent or at worse fraudulent.

Those of us working in technology design should keep in mind that many of the concepts we take for granted each day may not be commonly understood, and we should try to minimize the exposure of those complexities to the users of our products. And where they are unavoidable, we should anticipate and address in our designs where gaps in understanding can cause our users to stumble.

Enjoy this article? — You can find similar content via the category and tag links below.

Questions or comments? — Feel free to email me using the contact form below, or reach out on Twitter.