I love easter eggs. They’re a great user experience if done right. They make people feel more connected to your product because they know one of its secrets. Easter eggs remind people that there are real people behind what they’re using. They let the team show some personality and a sense of humor.
I’ve gotten a bunch of fake antivirus/malware scammers calling my home lately. Like others, sometimes I take delight in stringing them along, playing dumb while they try to get access to my machine. Sometimes, I’ll ask them, “What’s Windows?”, waiting for them to figure out that I’m not actually a Windows users at all. Or sometimes, when they tell me that they’re from Microsoft, I’ll use my old Microsoft credentials and say, “wow, I wasn’t aware that we were being more proactive about this, I’m so glad that our company has decided to do more to eradicate malware”. Once they realize that they have someone technically adept on the call, they hang up instantly.
But I’ve never strung them along like this. A couple of weeks ago, one of these scammers cold-called a security researcher from Sourcefire. The security researcher immediately knew that it was a scam, but he decided to take it a step further: he quickly set up a virtual machine for them in VMware Workstation, and let the scammer go to town: “I realized I could give them an environment to bang around in”. So the scammer installed LogMeIn, and then he watched (and, yes, captured video) while the scammer disabled Windows Services and VMware services (but not actually realizing that this means that he’s in a VM!), all the while insisting that he’s removing malware. Then they force a reboot under Safe Mode, which (given that they’ve disabled everything) won’t work properly. This is how they try to get the victim of their scam to freak out and give them their credit card details, and likely will leave the victim with a computer that won’t work at all unless they can find someone else who can figure out that it’s simply that Windows Services have been disabled.
Dark Reading has a good breakdown of the security researcher’s call, and a shortened version of the call is available on YouTube.