Thursday, June 23, 2016

My 40 minute conversation with a "Microsoft" scammer

We've all heard about the "Microsoft" scammers for a long time now, they pretend they're calling from Microsoft support in order to scam you and make you pay for support you don't actually need. I've had several relatives and friends who have received calls from these scammers, but I've yet to receive one myself. Until today.

Before I tell you this story, I'd like to point out that you should not try this yourself unless you are absolutely confident that you know what you're doing. If you get this call, hang up. And don't ever run any commands that you do not know the consequences of.

Him: "Hello, I'm calling from the IT services and support department"
Me: "Excuse me, what department?"
Him: "The IT services and support department"

I have an active support ticket with the actual Microsoft support department, so I was a bit confused at this point as to whether this was a scam or the real deal.

Me: "What company are you calling from?"
Him: "I told you, the IT services and support department"
Me: "Yes, but which company is that department in?"
Him: "Microsoft Corperation"

Every time he said Microsoft throughout our conversation, he said it extremely fast and he mumbled the words. My guess is they're aware that the scam has been all over the media and that people know Microsoft is being used

Me: "Alright. What is this about?"
Him: "We have reports showing that your computer downloads malware whenever you go on the internet."
Me: "Oh, that doesn't sound good. How does that work?"
Him: "Whenever you go on the internet, on a web page, watch a video or pictures, malware is downloaded to your computer."
Me: "I had no idea. How does that happen?"
Him: "Don't worry, I will help you fix it. Are you in front of your computer?"
Me: "Yes"
Him: "What do you see?"
Me: "Uh, what do I see?"
Him: "On your screen"
Me: "I see a webpage"
Him: "Ok, please go to the desktop"
Me: "Alright"

I'm not going to type out all his spelling and my confirmations of doing what he said. Basically he asked me to open Run and type in 'eventvwr'. You guessed it, opening the Event Viewer. Pretty innocent so far.

Him: "What do you see?"
Me: "I see a window called Event Viewer. What is that?"
Him: "What does it say on the left hand side?"
Me: "Uh, it says 'Custom views', 'Windows logs', 'App...."
Him: "Click on 'Custom views' and then on 'Administrative events'
Me: "Done."
Him: "What do you see?"
Me: "I see lots of things, I have no idea what all of this is."
Him: "But what do you see?"
Me: "I don't know, are you sure about this?"
Him: "Are you below the age of 18, madam?"
Me: "No, why?"
Him: "Are you sure? You don't sound like you're an adult"
Me: "I'm an adult"
Him: "Are you sure? How old are you?"
Me: "I'm 29"
Him: "Are you on your personal computer?"
Me: "No, this is my work computer"
Him: "The problem is with your personal computer, can you get that please?"
Me: "Ok, hold on..."

I act as though I'm starting up my personal laptop, but what I'm actually doing is trying to get the recording on my laptop to work (I just got it, so I haven't set anything up yet). Unfortunately, he keeps asking what I'm doing and why I'm taking so long and I wasn't able to get a recording to work.

Me: "Ok, it's up. Should I open the event viewer again?"
Him: "Yes. Whenever you go on the internet, malware is downloaded and installed on your computer, and we're here to fix it. Now what do you see?"
Me: "Oh, I'm seeing lots and lots of errors and warnings. That can't be good?"
Him: "How many do you see? More than 10?"
Me: "Yes, there are thousands."
Him: "What do they say?"
Me: "I don't know, I don't understand what this is"
Him: "Read them to me"

I was scared of giving myself away at this point, so I tried to find the most meaningless warnings I could. I didn't want him to realize that I was on a computer that was part of a domain or that I was a developer.

Me: "There's something about not being able to connect to a service or something? Is that bad?"
Him: "Yes. Right-click the warning and go to 'Help'"
Me: "Done"
Him: "See the 'Online Help' option that's there?"
Me: "Yes"
Him: "That's what we're going to do. I'm the online help"
Me: "Oh, that's perfect"

Here's a screenshot of what I was seeing at that moment:

Him: "Now, close that window and hit Windows+r again. What do you see?"
Me: "Ok... I see the 'Run' window again"
Him: "Good. This time type in and hit enter"
Me: "Ok"
Him: "What do you see?"

I didn't actually want to go to this website as it might be unsafe, so from here on I was faking the entire conversation.

Me: "It's a website"
Him: "What sort of website? Can you explain what you're seeing?"
Me: "Uh... It's a support website?"

(Wild guess based on the URL he'd asked me to go to)

Him: "Good. Now, Microsoft gave you a six digit code when you bought your computer, do you have that code?"
Me: "A code? No, I don't have any code?"
Him: "Ok, I'll give you the secret code that Microsoft gave you when you bought your computer."
Me: "How do you know my code?"
Him: "You are connected to the Microsoft server, that's how I know your code"
Me: "Oh, ok."
Him: "Enter the code and click on download. Then click open or run."
Me: "Hold on a second"

Here I took some time to tweet a bit and before long he got impatient.

Him: "Can you tell me what's going on?"
Me: "It's downloading. I think there's something wrong with my internet...."
Him: "What do you see?"
Me: "Still downloading...

Or should I say, tweeting?

Me: "Ah, there. It's done. I pressed run"
Him: "What do you see?"

At this point, I'm pretty screwed as I have no idea what he thinks I just downloaded. Does it open a command window? Is it an application? I had no idea. But I wanted to try to fake it a bit longer.

Me: "It opened a new window"
Him: "What kind of window?"
Me: "What do you mean? I've never seen this before? Are you sure about this?"
Him: "Yes, just click next'
Me: "Ok"
Him: "Now what do you see?"
Me: "It went to the next step"
Him: "And what do you see?"

I simply couldn't fake it anymore. I had no idea what he expected me to say.

Me: "Alright, I think it's time to stop the scam now."
Him: "Yes, you have been scamming me this entire call, wasting my time, only talking bullshit. I knew it all along."
Me: "What? I've been scamming you? No, I've been doing exactly as you said but I don't have a good feeling about this anymore"
Him: "Well, I knew that you were scamming me from the second we started this call, so I entered a secret password into your computer. When you turn off your computer the next time, everything you have, all your pictures and videos and documents will lock down and you will need my secret password to open them up again."
Me: "Right, like I'm going to fall for that."
Him: "Don't you want your computer back? You can either do as I say and have a big smile when this conversation is over, or you can lose everything. You lose your computer."
Me: "Ok, ok. I don't want to lose my computer! Tell me what to do"
Him: "What do you see?"
Me: "I told you, that program you asked me to open"
Him: "Do you see the Microsoft Corperation box"
Me: "Yes"
Him: "Select that"
Me: "Ok"
Him: "Hold on a second"

He disappears, talking to one of his colleagues in the background.

Him: "We can't connect to your computer. Have you selected the Microsoft Corperation box?"
Me: "Yes"
Him: "Are you sure?"

I couldn't keep it up any longer...

Me: "Are you're working for Microsoft? You know, I actually work for Microsoft myself"
Him: "That's bullshit"
Me: "No, I'm serious. I work at Microsoft"
Him: "What department?"
Me: "Developer Experience"
Him: "I don't believe you, you are full of shit. What's your employee number?"
Me: "You think I'm handing my employee number over to a scammer?"
Him: "I am going to put my d*** in your a**"
Me: "Hey, that's not very compliant, seeing as we're colleagues and all"

I'm censoring the next two minutes of our conversation as that consisted of him yelling at me like I've never been yelled at before. There's no need to recite that, the initial comment above gives you an idea of the direction he was headed in.

And then he hung up.

My hands were literally shaking after this, I was furious and to be honest: a bit scared. I spent a minute trying to get a recording going and decided to call him back. Of course, he'd called from a one-way number so there was no answer.

What scared me the most about this experience was how far they're willing to go to get you to do what they want. They begin by being 'helpful', follow up by making threats and finish by scaring the hell out of you. I've never understood how elderly people fall for scams like this, not until now. I always assumed they were technically incompetent and naive, but now I've realized that maybe they were frightened into it.

After writing this blog post, I provisioned a VM in Azure to see what the website they wanted me to go to was. It turns out that it's a legit company called "LogMeIn Rescue", that delivers remote assistance to users. I hope they know their services are being used for scams. If not, I just told them on Twitter...

Lessons learned:
- Being scammed is a lot scarier than I had imagined
- I should always have a recorder installed. Yes, I'm prepared for next time now!
- Learn from Troy Hunt to scam the scammer

Wednesday, May 4, 2016

Would you hire a pregnant woman? Microsoft did.

Would you hire a pregnant woman who was planning on taking nine months of maternity leave after the birth of her baby?
My guess is: Probably not. 
There's no denying it: Women are still discrimitated against in the workforce. As a woman working in an industry where women and other minorities are underrepresented, I've felt the unfairness that such an off-balance environment can create. Still, I'm lucky. Being a woman in tech, I've had more positive experiences than negative ones, and that encourages me to keep speaking my mind although some might find it controversial. But this blog post is not meant to focus on the negative, because there are so many stories out there highlighting the issues we have in our industry. This blog post is meant to do the opposite: I'd like to tell the story of how Microsoft employed a pregnant woman who was planning on taking nine months of maternity leave after the birth of her baby. 

Let's start from the beginning... 
I approached the CTO of Microsoft Norway a couple of years ago, telling him I was interested in a certain position at the company. The position I wanted was not available at the time, but I was in no rush to make a career change. I simply wanted him to know that when the time came and the position became available, I wanted him to think of me. 
A year went by, and I received an email: "Still interested?". Two positions were opening up: The one I had wanted and a similar one that they thought might be an even better fit for me. I was thrilled. And to be honest, quite disappointed. I was 4 months pregnant and my first thought was: There's no way they'll hire me now. Because not only was I pregnant, I was also planning on taking nine months of maternity leave. Which in effect meant them having an unmanned position for over a year. 
There are plenty of laws against pregnancy discrimination, both in Norway and the U.S. Despite this, we keep hearing stories in the news about employers who manage to get around these laws by coming up with other reasons for not employing pregnant women: They found someone who was more qualified, or they were not the right fit for the job. Some of these cases go to trial, others are never reported.
I replied to the email I had received, confirming that I was very interested. I also informed them of my pregnancy and my planned maternity leave. In Norway, 9 months of maternity leave is completely normal so I wasn't expecting any big surprises there, but I still had a feeling that keeping a position unmanned for a year could be troublesome. I mean, the position is there for a reason, if they could do without it the position wouldn't have existed in the first place.
After a couple of rounds of interviewing and personality testing, Microsoft presented me with an offer and I signed. This was in May 2015 and I had my first day with the company one month ago.

Diversity and inclusion at Microsoft
Since I've joined Microsoft, I've come to realize just how big of a focus diversity and inclusion is in this organization. Kathleen Hogan, the Executive Vice President of HR recently published a blog post on "Ensuring equal pay for equal work", an initiative started to ensure equal pay, not only for women, but also for racial and ethnic minorities. For womans day, Microsoft lauched the #MakeWhatsNext campaign to celebrate women inventors and inspire the next generation to make what's next. Last but not least: diversity and inclusion is not a finite goal, it's something that needs constant work and maintenance. Therefore, Microsoft has a Global Diversity and Inclusion network that offers mentoring, organizes event and ensures that diversity and inclusion will always be on the agenda.
These are some of the many reasons why I decided to join Microsoft and although I had my doubts as to whether they would hire a pregnant woman with nine months of maternity leave planned, I haven't had a single regret so far. If you'd like to know how my first two weeks were, I wrote about my first impressions in this post.
Now I'd like to ask you: Would you hire a pregnant woman?
Microsoft did.

Wednesday, April 20, 2016

My first two weeks at Microsoft

Two weeks ago, I started working at Microsoft as an ALM Solution Specialist (also called DevTools Sales Solution Professional) in the Developer Experience team. I'll get back to what that actually means in a bit, but for now I'd like to leave you as clueless as I was before I started this job.
I knew what my job would be, of course. Well... Kind of. I'll try to rephrase that: I knew what my responsibilities would be and what my purpose at Microsoft would be. However, I had no idea how I would achieve all those things I'd be in charge of. To some extent, I still don't know and I've heard that's what it'll be like for the first 6-8 months of working there. 
Because Microsoft is a very confusing place to start working at. You are overloaded with information from so many sources you have no idea which ones will be of use to you later on. You receive about a trillion e-mails a day, and everyone you meet seems to have forgotten their entire vocabulary except for the first letter in each word. I started talking to a guy in the elevator today asking him what his job was. His reply? "I'm an ATS in EPG"... And I'm like: "You know the YMCA?" Nah, I didn't actually say that, but now I wish I had.
The good news is that you are supplied with a map that guides you through the jungle of information, showing you where the treasures are hidden. I've attended mandatory on-premise and online "onboarding sessions", where all the new employees get together, ask for help and receive all the support they need. I've been assigned two mentors, one higher up in the organization who can guide me on my career path, and one who has the same position as me in another country. There's required training you have to do on everything from "What is Microsoft" to "Legal affairs" and Sales. Last, but not least (and this was a huge surprise to me as I've always mistakingly thought Microsoft would be a very competitive environment), everyone you meet is delighted to help. Because the truth is: If you succeed, you are contributing to the success of a lot of other people as well.

So, you're saying Microsoft doesn't have a competitive environment?
I'm saying it doesn't have an unhealthy competitive environment. Of course, everyone is very focused on making their scorecards green, but that doesn't prevent collaboration. Your colleagues have your back and they support you, even if you've only ever talked to them in an e-mail. One of the realizations I've had is that Microsoft is such a huge organization that someone always knows the answer you're searching for. I don't know how many "Hi, I believe you and I can make great use of each other, want to grab a coffee?" emails I've sent these past weeks, but so far every receipient has been positive and able to help me on my quest to find the correct answer. The excitement of working with so many brilliant minds is quite overwhelming! 

What do you do then?
As mentioned earlier, I'm an ALM Solution Specialist which is also called a DevTools Sales Solution Professional. I can't believe "Sales" is now a part of my title, but yes it is. 
What this means is that I'm in charge of developer tools in Norway. Think Visual Studio, VS Code, Visual Studio Team Services and TFS. My job is to demonstrate these tools to developers, making them want to use them, and to convince their managers that buying licenses for these tools will be worth their while. I will advice developers on how they can improve their development process by taking advantage of continous integration, automated testing and release management. I will present at conferences and user groups, and cooperate with our partners to educate developers about their possibilities when using these tools. And I will become a licencing expert.
I currently spend a lot of my time preparing demos and presentations. I have four different presentations coming up in May: 
1) News, updates and our favorite features in Visual Studio
2) Building a Java app with Maven in Visual Studio Team Services and deploying it to Azure
3) Creating OSS applications in Visual Studio Code and deploying them to Azure
4) The agile testing capabilities in Visual Studio Team Services
Is this cool, or what? 
I've heard all about Microsoft being open and focusing on all languages on all platforms. You know the drill. I never really understood the extent of it all before I joined the company though. So far, I've focused more on OSS development than anything .NET specific and the support all these tools have for non-.NET developers is simply awesome.

What has your biggest challenge been so far? 
My biggest challenge is to stop thinking like a consultant. I've been a consultant for my entire career, and there's no doubt consultants are always keeping count of their billable hours and how much they've billed so far this week. The consequence of thinking this way for so many years is that I feel stressed whenever I feel like I'm not "billing". For example, I was asked to attend an event we had last week, which was basically a meet and greet with a bunch of customers. Suddenly I found myself feeling stressed because having great conversations about tech made me feel guilty for not "billing" and I had to tell myself over and over again that this in fact is my job now. I've talking to others who have had the same experience as they left the world of consulting and I suspect the feeling will pass eventually. 

Are you happy with your new career move?
Are you kidding?! I get to talk about and play with the newest pieces of technology all day, while at the same time seeing the industry for a completely different angle. I'm used to viewing the IT industry through the eyes of a developer, but now I have to view it from two angles at once: Through the eyes of a developer and also from a business perspective. The business perspective is a completely new area for me, so I'm have a very steep learning curve ahead of me. But that's exactly what I wanted, so I couldn't be happier.
I haven't said anything about how I got this job, but that story is so good I'm saving it for later. You will get a sneak peek of it next week on The Developers Life podcast, but I'm saving the full story for a blog post when I'm ready to give it all the oompf that it deserves. Let me know if you have any questions because there are about a thousand things I haven't mentioned at all yet!