English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trying to unmask the fake Microsoft support scammers!

David Jacoby
Kaspersky Lab Expert
Posted August 04, 08:27  GMT
0.5
 

I’m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.

I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call ‘from Microsoft’ stating that there are some indications that your computer is broken or infected - please hang up!

Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.

Let’s pretend for a while that you have received the phone call, and you are playing along with the whole idea that your computer is infected. Their next step is to try to convince you that your computer is infected. This will be done in several different steps. Please find the steps below, including screenshots below:

  1. They will explain that your computer is only working with VERY low resources because the infection is consuming everything. This is completely wrong. What the picture actually shows is that your computer is only using very little resources at the moment.


  2. They will then open up the Event Manager to try to identify errors, warnings and other information that can be used to trick you into thinking that the computer is infected. The event viewer does show error messages, but not directly related to an infection. Almost all computers have errors in the log files, especially if the computer has not been re-installed lately and is running a lot of programs.


  3. At this point they are really pushing the idea that the computer is infected, and what needs to be done now is for you to confirm that your computer is actually the computer they have in their reporting system. They will then try to associate your computer with a unique number; a number they call the Consumer License ID, known as the CLSID. But the CLSID is actually a Class identifier. In the picture below you can see which program or CLSID an specific file extension is associated with. They will then ask you to execute the command “assoc” in a DOS prompt, and then ask you if your Consumer License ID is 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. This is actually the CLSID for the ‘ZFSendToTarget’ file extension.


  4. At this point they have not just tried to convince you that the computer is infected, but also that the computer that they are seeing in their system is actually your computer. They will now ask you to execute yet another DOS command called “verify”. They state that if the output from the verify command is “off” it means that your computer license is not verified. This command has absolutely nothing to do with your license, it only allows you to enable/disable operating system verification that data has been written to disc correctly.


  5. At this point the woman I was talking to was screaming “OH MY GOD!” in my ear, she was super upset that my license was not verified; according to her this meant that no security patches could be installed. She then suggested that the next step was to allow a technician to access the computer and fix all these problems.Of course I allowed the technician to do so - I was running everything in an empty virtual machine :)

  6. They use a Remote Administration Software called AMMYY. I had never heard of this software before this incident. It seems pretty straight forward and legit. From a unique ID they can connect to my computer and work with it. I could also see everything that they were doing. An operator with the ID “10878203” connected to my computer, and below is the permissions that he/she requested.


  7. At this point the administrator connected to my computer and was able to use it. He opened up the Certification Manager and selected an old certificate. I still had the woman on the phone, and she explained that the operator had now found out that my computer had not been updated since 2011 because of this invalid certificate.


  8. Now things started to get really fishy, they told me that the only solution for this is to activate my system and also to install security software which will protect me against viruses, malware, Trojans, hackers and other things. She asked me on the phone If this is what I wanted to do, and said that if I do want this the operator would fix my computer and also install this software. She said this would only cost me about $250 USD.

  9. The operator then installed a program called ‘G2AX_customer_downloader_win32_x86.exe’ from the website www.fastsupport.com. When this was done a chat popup came up. It was a person with the name “David Stone” who informed me that my computer was no longer at risk.


  10. They then told me that since I agreed to getting my software updated, I now have to fill out a form and pay $250. They then opened up a PayPal form. I was able to collect several different PayPal accounts including: ukfastcare@gmail.com and ddkcare@gmail.com

  11. Since I knew that this was simply a scam I wanted to see if I could get some more information about these people. So I tried several times to enter fake VISA and MasterCard information and also said that I don’t have the ability to buy things on the Internet with my card. They got quite frustrated with me at this point. I then asked them to visit a website, which I pretended to be the website of a “friend” who I know has put his card information on a website.The website is actually only a textfile containing a static text: “Hi, please connect from a different IP since your behind a proxy”


  12. We tried several times from my computer, using different browsers, but then I asked them to check from their site, and to my surprise they actually did. I was looking in my log file and as soon as they connected I got their IP address :)

    101.xxx.xxx.197 - - [01/Aug/2012:13:44:31 +0200] "GET //.txt HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1"

  13. At this point I also just disconnected from the phone several times when we were talking, because I wanted to see which numbers they were calling from. I was able to collect the following numbers: 00441865589771, 008028, 002127773456 and also a hidden number.

  14. After collecting all the information, i have now contacted all the appropiate people such as the security team at PayPal, various law enforcement agencies with the hope that we can stop these people. They are stealing alot of money from innocent people. I know that people have been warned about these scams, but my conclusion is that they are still calling people because they are still making money out of these scams.

    The software that they were using was not malicious in any way, which means that no security software can detect these types of scams. This is one of the main reasons for this article and others like it - we need to keep informing people about it until the cybercriminals are forced to stop.


72 comments

Oldest first
Threaded view
 

Donna J.Marn

2012 Aug 04, 19:12
0
 

"This Is Called Full Co-Operation"....

"This Is Called Full Co-Operation"....I am Proud To Be Me http://t.co/tduagA0 via @wordpressdotcom

Reply    

chezangelo

2012 Sep 14, 17:44
0
 

Re: "This Is Called Full Co-Operation"....

I called AOL to get Help to resolve a problem. Immediately I was "enchanted" by a very well literate person who calmed me and
proceeded to ask if I would give him permission to "overtake"
my computer with "LOGMEIN". I agreed and he continued to "take over", went thru many machinations and pointed out "ALL the corruption that a HACKER had taken control of my computer. By that time I realized this was an OUTSOURCE Parading as AOL HELP
and that I could not AFFORD THEIR $700.00 PRICE TAG, WITH A SECONDARY "BOILER ROOM" OPERATIVE OFFERING A "LARGE DISCOUNT ONE TIME ONLY--HARD SELL SHYLOCK AUTO SALES RIP OFF ARTISTS.
CONCLUSION..............G O O D B Y E - GO TO HELL.
BEWARE BROTHERS AND SISTERS, BEWARE.

Reply    

Martijn Grooten

2012 Aug 05, 01:34
0
 

Martijn Grooten

Re: 10 - I did get lucky once and my fake CC details were accepted. What they did afterwards was make some halfhearted attempts to clean up my machine with some free tools. Nothing that would have been worth the 90 pounds I supposedly paid - but at the same time, it could have made some victims' machines a little better/faster/cleaner.

(I will speak about this at VB2012 btw.)

Reply    

ronrichter

2013 Jul 04, 22:28
0
 

Re: Martijn Grooten: Fake Windows support call

Just got the same scam from 971-217-9514. 7/4/2013 11:24 MDT. I kept trying to ask how my PC was linked to my phone number and the only 'proof' was the CLSID number. Thanks for the info.

Reply    

Philipp

2013 Oct 09, 15:08
0
 

Re: Martijn Grooten

Deutsch:
Heute hat mich jemand mit verborgener Nummer angerufen, und angefangen mit dem was oben beschrieben ist, sein Name sei Jack Wilson. Ich bat ihn mir seine Homepage und Telefonnummer zu geben, damit ich bei Microsoft seine Angaben überprüfen könne. Damit hatte er nicht gerechnet und wurde verunsichert. Ich müsse ihm vertrauen! Schicken Sie mir bitte ein E-mail mit der Prozedur, sagte ich. Nein, dann würde mein Computer bereits nicht mehr funktionieren! Es folgte viel bla bla bla in Englisch mit indischem Akzent..., bis ich auflegte. Es freut mich dass ich auf securelist.com die Bestätigung fand von dem was ich befürchtete. :-) Danke!

English:
Today someone called me with hidden number, and starting with what is described above, his name was Jack Wilson. I asked him to give me his website and phone number so I could check his information from Microsoft. He had not expected and was confused. I had to trust him! Please send me an e-mail with the procedure, I said. No, my computer would not work by then! There was a lot of blah blah blah in English with an Indian accent ... until I hung up. I am glad that I found on securelist.com the confirmation of what I was afraid of. :-) thanks!

Reply    

Steve H

2013 Dec 14, 15:43
0
 

Re: Martijn Grooten

Just had these scammers on the phone for over an hour trying to convince me that they needed to gain access to my PC to save me and went through all the steps listed above by Martijn. They got really quite angy when I wouldn't let them install the AMMYY software on my computer so they could fix all the problems for me and threatened that they would remove my CLSid from the servers which would mean I would never be allowed to use the internet again. what a bunch of idiots.

I can see how people that had little computer knowledge would get sucked in by all this but the first clue for me that it was a scam was when he said his name was Jason calling from a Microsoft company based in London and he could barely speak English and was clearly not in London but in India.

Reply    

mijami

2014 Apr 02, 17:31
0
 

Re: Martijn Grooten

OMG It is April 2014 and I was just contacted by 'Microsoft Computer Maintenance' the woman telling me I had errors on my computer. I asked her how she knew and she said they get a report linked to the security number for my computer. Curious :) I asked her for the number and she patiently read it out, 888DCA60-FC0A-11CF-8FOF-00C04FD7D062. I then said I'd have to check it against the documentation I got with my computer which I did :) and told her the numbers didn't match so she passed me on to her supervisor who had no idea what had just occurred and wanted to proceed with the scam. I kept harking back to the mis-match and he hung up. Unfortunately his phone number was only recorded as 'Private' Obviously the same scam is still alive and well. I found this page by searching for the so called security number and could hardly believe that it came up.

Reply    

David Jacoby

2012 Aug 05, 17:22
1
 

re: 10

Hi Martijn,

Thank you for your comment! Thats great, i will also be presenting at VB2012, we should hook up for a beer. If you would want any of my information from this scam, just mail me at my kaspersky-mail and i can share some info.

Im looking forward to hear what you have to stay about these scams.

See you in Dallas man!

Reply    

Martijn Grooten

2012 Aug 06, 18:59
0
 

Re: re: 10

Thanks David! There's actually four of us speaking, from different companies - just to give you an idea of how prevalent the scam is.

Reply    

Martijn Grooten

2012 Aug 06, 19:05
2
 

Re: re: 10

And see you in Dallas of course!

Reply    

aussie1234

2013 Nov 08, 05:18
0
 

Re: re: 10

Hi there,
I got the same scam here in Australia yesterday. It was an Indian lady who was very pushy. When I told her I knew it was a scam she got really angry. When I told her the call was being traced and the details would be handed to police she hung up. I then got a call from "her manager" wanting to know about the call tracing and how it was happening. He then told me that he cant be traced so it doesn't matter. I thought he was almost gonna tell why he thought he could be traced before he stopped himself. He continued to try and push his scam which was rebutted with laughter. In the end I thought this idiot was so ridiculous he was entertaining, he got angry and hung up.

Reply    

Nikki

2014 Apr 16, 22:00
0
 

Re: re: 10

Houston Tx- I have been getting these calls for about a year. It is April 16, 2014 and just got another one.
Decided to ask them, why Microsoft website says they won't call you and these types of calls are scams. Caller (no caller Id) said not a scam, and he can prove it. Had me run CMD comand and read off the now famous # you mentioned the CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062.
Didn't go any further, hung up. They actually called me back twice both times showed "999-xx". I didn't answer.
Keep in mind for this entire year, I have asked that they stop calling me, and take me off their call list.
It is bording on harrassment at this point.

Reply    

rferris

2012 Aug 06, 14:51
0
 

I also managed to get one of these guys on the phone, it seems they are using various VOIP services to make it look like in country calls, they will also tailor the call geographically as well to the nearest city to you. I made various audio recordings and videos of what they were up to. All very entertaining, I think I managed to keep them on the phone for 45+ mins.

In this instance they were using logmein services and specially one of their URLs that made the call look very legit.

Speaking to logmein after the scammer called, they said they were almost powerless to stop the scammers using their systems as the scammers used the trail versions of their products. All seem a little bit of an excuse to be honest. I had expected more from logmein.

I could share some of the material you would like it.

rferris

Reply    

Richard Baldwin

2012 Aug 06, 17:24
0
 

Similar Scam in UK

Hi David
I too am plagued by similar phone call at the rate of at least 2 a week, by somebody purporting to come for 'Windows', who told me that my PC was infected. I did once get as far as them directing me to a website that has a home page that looks like "My Computer", (well My Computer if you were still running Xp that is). The page showed that my "C" Drive was very infected with numerous virus' and other malware, but then he hung up, I guess he had cottoned on to me trying to sound worried at the sight of all these warnings. I guess the next step would be along similar line to the one you encountered, with somebody accessing my PC to 'Clean' it up and then charge me.

Regards

Richard

Reply    

Michael

2012 Aug 06, 20:07
0
 

Telephone Scammers

Nice post, thank you!
In Japan, such scams are not that sophisticated, 'they' just call some old folks and state "Hey, I am your son and I am in trouble, please wire me some money". Sadly it still works again and again and again :/

Reply    

dharley

2012 Aug 06, 21:33
0
 

One of Martijn's co-presenters...

Nice summary. I hadn't come across the VERIFY wrinkle: just commented on it (with credit, of course) for the ESET blog. ;-)

Reply    

David Jacoby

2012 Aug 07, 21:38
0
 

Re: One of Martijn's co-presenters...

dharley:

I am working with various law enforcement organizations on this, and told them about your presentation at VB2012, i hope they will come and visit.

These scams are extremely wide spread, and i would really like to hear what kind of information you have collected, because it seems that they are pretty hard to catch :(

See you at VB2012 :)

Reply    

Mykes

2013 Feb 18, 19:10
0
 

Re: Re: One of Martijn's co-presenters...

Dear Support,

I live in South Africa. Earlier today I received a phone call which, I believe was a phone scam. Everything fit with what you described in his article.

While speaking with a female with a slight Indian accent, I went so far as to download a file she recommended:
g2ax_customer_downloader_win32 _x86.exe from a site they gave me called GoToAssist at www.fastsupport.com but I didn't open the file. The file came from a company called citrixonline.com....a company based in Santa Barbara, California in the USA (probably legitimate). While speaking with this woman on my landline, I simultaneously phoned my techie friend on my cell phone who advised me that it was probably a phishing scam...so I hung up the phone.

The reason I'm telling you all this is because I hope I can help provide you with some information that will help nail these bastards. BTW, the number she was calling from was 0019354790...wherever that is.

Good luck. Thanks for doing this for the rest of us.

Reply    

nixrevol

2012 Aug 08, 19:18
0
 

Very interesting article.

I received a phone call from my mother the other day as she had received a call like this in the lawyers office where she works in Scotland.

I have received similar calls over the years from people purporting to be from a variety of software companies however I have heard many more instances of this particular scam being reported in Scotland and Ireland recently (which is unusual as you usually hear these reports coming from England more than those places).

Just glad my mother had the sense to ask me first before putting her company credit card at risk!

Reply    

upoole

2012 Aug 09, 07:18
0
 

I've been receiving these calls a lot the last few days. I haven't actually answered the phone (I don't answer from numbers I don't recognize) but when I google the phone numbers the comments are always about this scam. The phone numbers the last few days were from 122538203089 and tonight it was 516-746-9347 (which is an area code that is similar to a local one).
My question/comment is this: Could they have already placed a virus on my computer because I just realized tonight that at least the last couple times they've called was about 10 to 15 minutes after I turned my computer on. Kinda creeps me out.
And a week or so ago my husband answered the phone to a private number and it was someone with what he said was a heavy Indian accent trying to sell us something related to our electricity bill (well he asked for me). The phone calls from the numbers associated with the scam started a couple days later.

Reply    

David Jacoby

2012 Aug 22, 11:33
0
 

Re:

"Could they have already placed a virus on my computer because I just realized tonight that at least the last couple times they've called was about 10 to 15 minutes after I turned my computer on. Kinda creeps me out."

Well, i have not heard about this before that they are proactive and first infect people with some kind of malware, then call the victims.

But i can confirm that during this entire process of scamming you, they did install a program on my computer which connected back to them as soon as the computer had Internet access. The software was used to remotely administrate my machine.

But i have not heard of any case where they first infect, then call.

Reply    

aris

2013 Feb 04, 08:20
0
 

Re: Re:

Hi David,

I experienced the same thing last week. I was able to download the AMMY software and was able to give them my IP address. They then were able to manipulate my computer. But after sensing that I made a mistake of giving this to them. I immediately turned the thing off. The next day, I was able to do system restore. Is my computer safe now? What should I do to make sure that my computer is safe now? Thanks for your advise above. I called up my bank and have asked them for new credit cards. I am constantly monitoring my other bank accounts now.

Reply    

Donna J.Marn

2012 Aug 09, 22:58
0
 

Please Help Kaspersky Lab

This is a Canadian Law Enforcement Address,And a Cleveland Fbi Address.How long do we have to piut up with such Ignorant Human beings?This is very,very serious.Locking up Phone Service,Isn't a joke.We have Officials,Military Intelligence,That use computers to communicate.

Reply    

a1l3x

2012 Aug 12, 03:21
0
 

I´d like to point out that the same happened to Mac OS users. As long as i noticed mostly located in Germany UK. Some reports show that targeted persons were perplexed by the fact that the caller knew their OS. But since there is no indication of compromised devices, they might used a few simple sounding questions indicating the used OS. Most of them were told that their system is infected and is sending mails/spam everywhere, their "company" noticed that and will help to clean the system. They advise them to visit a website, enter a told code, download and execute a file, enter their admin password in this process and allow a remote session.

The phone id is from UK, the caller are not native german or english speaker. Since most reports came from people who found that behavior suspicious and didn´t followed through the complete process, their is atm no indication what would have been installed and i wasn´t able to get hands on an infected device yet.

Reply    

Wm Stan Li

2012 Aug 19, 05:50
0
 

Fox Hounds?

Well done on use of very standard anti-crime technologies to bring about a better game of Fox Hounds! These (for me) India based operatives pose themselves as being from Microsoft (to whom they seem to have an inside informant) and tell me that they are here to help me resolve my computer problems... and then they want to access my computer remotely. They are nosy and open up strange files that do not do anything such as the task manager. They want me to believe that normal operations are defects and then tried to download "Spybot.exe" - When I resisted because this would conflict with my anti-virus program the session was closed and this alien hung up. They can be avoided, but a better game would be a reverse flim-flam or Sting. Trouble with this is that Law Enforcement has no interest in crime prevention only in questioning victims. Unfortunate, but true. Any bright ideas? << Wm

Reply    

David Jacoby

2012 Aug 22, 11:36
0
 

Re: Fox Hounds?

Law Enforcement's around the world are working on this, the problem is that most of the time the Law Enforcement get involved AFTER the scam, and not during the scam. It is very difficult for Law Enforcement to do anything about it, since the money is already wired. What they can do is tell the bank or PayPal or something like that to try to get the money back, but thats all.

But now we have some juicy information that might help Law Enforcement.

Reply    

mscindy

2013 Feb 11, 09:49
0
 

Re: Fox Hounds?

Hi
I want to tell you about my situation that's similar to yours. I called the "myphonesupport" number to get help with my computer. It was a foreign guy who claimed to work for microsoft. I thought it was legit since I called a number that they claim is support for microsoft. I made the mistake of giving him the remote access to my computer. He claimed that I had 29000 errors on my computer and I only owned it a month. At first he talked to me on the phone and then cut off the phone call but wanted to continue to talk to me on the computer using notepad. He claimed that something went wrong with the phone lines on his end and that's why we had to continue communicating on my computer. He was trying to get me to purchase a package that will give me technical support for a year. I got nervous and told him I had to get off the computer now. So he said he would contact me and finish going over my computer problems. He has called me back at least 4 times now. I kept putting him off until about the 4th or 5th call and said I had my computer fixed so he'd quit calling. I changed the passcode on my router, changed my credit and debit card numbers. Then I had a geeksquad guy from Bestbuy go through my computer to see if I had anything on my computer and he said he didn't see anything unusual. Do you think everythings ok now? I feel like such a fool giving him access to my computer in the first place.

Reply    

flilitha

2012 Aug 24, 15:56
0
 

Got called yesterday.

I hadnt heard of this scam before but I got called yesterday but it was pretty easily to identify that something was fishy. Apparently they are from microsoft.. too bad for them that I'm running redhat linux on my pc.

Reply    

ldominick

2012 Dec 22, 08:06
0
 

www.fastsupport.com scam

I actually do have an issue after I tried downloading microsoft office 2010 to my PC
I was instructed to download xp service pack 3. When I did my PC started rebooting.
I was sent a survey asking how my experience was after my download. I expressed I was unhappy. So when I got the phone call I thought it was in response to my survey. I was already in my PC in safe mode. The indian dude asked me to log on safe mode with networking and had me go to www.fastsupport.com. Then I was told that the technical support rep was taking over my computer and would call me shortly. We got disconnected and I was called back. They restated that a tech was taking over my PC and that I would be called. The first number was a CA number. The second number was a NY number. As I watched the remote access I noted that no one called me and that they were going to various web sites. When they went to western union I decided to a shutdown my PC. No one called back. When I tried calling both numbers I got the disconnected recording. Although I gave no information I am concerned if they accessed any info from my PC. What should I do?

Reply    

Koos van Klojum

2013 Jan 16, 01:11
0
 

The beat goes on, also in Holland.

Yes, I also got a call a couple of weeks ago. English speaking help desk people. Luckily I had already learned about this scam thing and David's brilliant setup, so I kept the scammers in the dark at first and just played along.

First of all, I had a hard time not to laugh since the scammers told me of all the Windows' system errors they had received from my computer. I then asked them, which of my computers had sent the errors (since I have several of them running). They told me "the one you used most". Yeah, right...

Anyway, I had my fun for a few minutes, after which I told them and explained to them that they were simple frauds (I didn't have a Windows VM ready). None of my computers actually run Windows software since I use Ubuntu Linux. I told them that I just kept them on the phone long enough for me to track them and notify the police, who would arrive in seconds.

Somehow the guy hung up the phone very quickly... :o)

Reply    

Dr. Gonzo

2013 Feb 13, 07:58
0
 

Haha good one

I work for an MSP myself and would deal with allot of viruses. You know those fake ones that say regular system files are infected OR just makes a fake list period. Well for a while the moron who wrote the software was stupid enough to include a phone number. That number went to a supposed 3rd party call center where they would provide "support". More like hustle you for more money.

I had a chance around that time to also speak with a public servant who worked in computer crime. He told me straight out that most of the time nothing is done due to jurisdiction. If the number isn't in your respective country then good chance you may be @$$ed out. Part of the other reason aside from jurisdiction is that some of these scams are government sponsored. Not much of a shocker really. On the other hand though it is perfectly legal for you to say whatever and I mean whatever you want to them. Goes both ways hehe :)

So whenever I feel blue or just angry and want to cheer myself up I would give those jack holes a call. One time in a drunken rage I was asked for the last 4 digits of a credit card. I gave him a random number and he asked "are you John Asdflkashjd". I was toasted so I didn't catch the last name but I yelled 'YES I AM GIVE ME MY {bleeping} MONEY BACK'. Long story short the scammer got scammed muahahaha!

Unfortunately I haven't gotten any calls from those fake MS guys, I would soooo gank those fools too haha.

Reply    

Phil

2013 Mar 15, 14:34
0
 

My little story.

I’ve had many of these bogus calls. The latest was yesterday. This guy with an Indian accent and called himself Jack Martin. He gives me the usual nonsense of my computer is infected. I ask him what operating system I’m running, he tells me Windows 7. This is wrong so I know full well it’s a scam. I lose my temper to quick and politely tell him to **** off.

I remember one chap went through all the operating systems Microsoft brought out in order for him to pick the right one. Another one after he introduced himself, I can’t remember the name he used, but after a few minutes I asked him for his name again, he gave me a different name from the first. I assume they have a list of names they use. I won’t go very far with these idiots. I’d never let them into my computer.

Reply    

jonerinick

2013 Mar 21, 21:30
0
 

I just got this call yesterday and unfortunately did not know about it. I didn't give them credit card information because when they overreacted about my computer being so out of date I thought it sounded a bit dodgy and looked on my other computer while they were on the phone and saw all the scam alerts. They had already gained access and I had a heck of a time logging off. Called Microsoft and spent 3 hrs and $100 to get everything uninstalled. I'm trying to let everyone know. Truly truly made me mad.

Reply    

Francis Voignier

2013 Apr 05, 01:11
0
 

francisvoignier

This just happened to me this morning. Someone with a heavy Hindu accent in a busy call center rang to informed me my computer was being used by a 2nd party to send spam, and that they, at Microsoft could help me clean things up. I was wondering why this guy was putting me through steps which could be done with the use of much more simple paths... Same thing as with your article with the pseudo security code, etc... By curiosity, I stuck with the caller for a while and when he directed me to the Teamviewer main page, I knew the game was over. But for a sec, he had me confused... Yes, they are still at it people!

Reply    

pieterdekam

2013 Apr 06, 00:54
0
 

Entertaining half hour with a scammer.

I had a similar experience to David, having been called on and on for the last year for at least 8 times or so, me as well as my wife. I always get an English speaking guy on the phone with an Indian accent and a lot of call center noise in the background who says he calls from the windows computer center and my computer has been sending errors and warnings so they suspect that it is infected. I normally just hang up or yell something mad at them first. But this morning when they called again I decided to play along with them for a while because I was intrigued by their persistence and who these guys are.
I asked him for his name and company and how they got my phone number. He gave a fake name and said he was from Microsoft. He even gave me a fake jobid number (8007). He said he got my number because I gave my personal information when I bought my computer. Then I asked: so my computer store gives my phone number to Microsoft? Then he made up some confusing story about my software license and the personal information I gave them. I decided to go on and see what he was going to do. So I asked him what his intention was. He said he wanted to show me the threats on my computer and asked me to logon and enter the event viewer. I started being careful but pressed on. There he asked me to set a filter on errors and warnings and asked me how many errors there were. When I told him there were more than 2000 he faked to be shocked and asked when the first error was occurring and then said OMG in only two months you have this number of errors. This shows there is something definitely wrong with the computer. Then he asked to start the url www.fastsupport.com from the run box to check on the threats on the computer. This was going to far for me, so I said I don't trust you, why would Microsoft call every computer owner with a virus. They would have a hell of a job. He then said that my computer was sending errors and warnings to Microsoft, just like when you have a program that crashes and the OS asks you to send an error report to Microsoft. I was not the only one but he was checking other computers in England and Canada this morning. I than said please prove to me that you're not fake. I must say that he was not in the least taken aback and persisted in a friendly manner that he was from Microsoft and that they wanted to help me because of the threats to my computer. I said well then I will call Microsoft to see if they have an employee with that number and name. Then he claimed that he could prove he was not fake because he knew the license id Microsoft issued to me and I was curious how he would pull that one off, so I agreed and he started enumerating the digits of the same CLSID as used with David above and after that he told me how to start a cmd window and then execute the assoc command. I was wandering what was coming but wanted to go on while harmless actions where asked from me. He showed me that the CLS ID was in the output of the assoc command. When he said: you see this proves that I'm not a fake so you can type in the url www.fastsupport.com in the run box. I told him I now was completely sure he was a fake as this number was just a class identifier that is the same in every windows computer. And than I was fed up with all this and hung up on him.
I must say I am surprised how friendly and persistent these guys are even when confronted with the truth. And I can imagine people without computer knowledge being fooled by them. It's a big shame. I hope these criminals get caught soon.

Thanks to all for confirming my own experience with your stories and beware!.

Regards Pieter de Kam, The Netherlands

Reply    

Sylvanya

2013 Apr 19, 12:07
0
 

Re: Entertaining half hour with a scammer.

From my experience they weren't so nice. I also talked to some guy with an indian accent and when i told him it was a scam he got kinda mad. He specifically said "fuck yourself, [censored] your mother" and hung up xD
I had a good laugh.

Reply    

TFarquhar

2013 Apr 07, 07:23
0
 

Scammers

I, too, have been bombarded with these calls from these creeps and their MO is the same as many people here have reported.

The phone number simply showed 1234567890. I didn't take the time to get creative like David but past experience capturing this info didn't go far. The US doesn't regulate foreign sources.

I am well aware this is a scam and got fed up this time. I've told them repeatedly NOT to call but they do it again anyway.

After about 20 minutes, they started giving me bunch of double talk when I persisted in seeking answers to specific questions. When I insisted he give me his phone number, he said "I don't want to talk to you anymore". LOL. Finally. Geez

I wish we could nail these creeps...

Teresa Farquhar, California

Reply    

chunter

2013 Apr 13, 00:55
0
 

Annoying Fake Microsoft Technician

I was searching for some information on this subject to see how others were dealing with these calls ,I see the story and post started last year,and it's still going on. I have received two calls this week along ,from these pests.Hanging up on them don't work they still call back usually from blocked numbers,but today I guess (Spencer?)forgot to block because a list of numbers showed up on my caller id M41215570200022. It would really be great if all of these creeps could be caught.

Claudia Hunter,Alabama

Reply    

TheOwl

2013 Apr 15, 09:52
1
 

I got one today

Yep. Got a call from someone with a Vietnamese accent. They were from "New York" (of course ;-))
Unknown caller showed on the ID, and I had to answer Detective Martin, cyber crime unit, start talking. They went through the same spiel, but seemed quite nervous and hung up after I asked for a call back number and their supervisor's name. I wanted to ask what time it was in "New York", but they ended the call. Too bad.

Reply    

Renier

2013 Apr 24, 17:16
0
 

My wife got scammend, South Africa

They phoned yesterday and she thought this was the right thing to do.I walk in onto this hole thing still in prosess but to late to stop the payment. Whe stopped the bank cards and ask for a reversal, they said we need to wait 5days...they will ivesticate.

Never the less, where can I report this who would actually do something about the scammers to prevent them scamming the next one.

Problem is that my wife runs her own accounting bussiness from home and all her clients detail is allso on the her PC they hacked onto and we do not know what type of information they will be able to use.

Reply    

oldbloke

2013 May 20, 12:25
0
 

chin wag with Indian scammer

I'm plagued with "are you the owner of the computer and it may be infected"
I take them all the way to final ID box for remote connection, then fumble which annoys them intensly - then stop.
This time I got talking to the scammer and found out they operate from Deli from a call center with 14 people in it.
Outside of the script they have little idea of computer technology, only trained in leading you on to reveal your ID.
Phone numbers come up automatically on their screens.
The web site they use is www.ammyy.com but also www.universaltechcare.com
If connection is made to your computer then total remote control of desktop, loading files, uploading personal details, malware etc. It's possible that login details are passed to another agency and who knows what they can do!
If infected I have advised to wipe hard drive and reload operating system.

Edited by oldbloke, 2013 May 20, 14:09

Reply    

Phil

2013 Jun 23, 16:37
0
 

Another one.

I had two calls the other day. I had three P C’s with me on the day they called. They were confused right away. They told me my computer was infected and needed to be fixed. I asked them which one they were referring to as I had three. They put the phone down, such a shame as I intended to give them the run around.

Reply    

stan R.

2013 Jul 05, 13:26
0
 

i had the phone call today

David, today they called me first i hang up for 3 times but they didn't stop calling. So i also played along but i only did it till they asked me to log on to "www.fastsupport.com" so i stopped but is there any chance they harmed my computer?

Your Sincerely,
Stan

Reply    

StephenH

2013 Jul 06, 22:51
0
 

Hum. Got it myself.

I just got this call and went through with it until I reached the verification of the "licence number" in the cmd prompt. I told the man on the phone that the internet is real, and so is google.

... It's kind of sad I couldn't figure out what was bad or not in time so I could drag him on a bit further, but eh.

Reply    

sherriew8

2013 Jul 31, 23:47
0
 

and into canada...

How on earth have they been doing this for so long? I have been getting calls for about 6 months now, maybe once a month or so. I have asked them numerous questions from how they got my phone number all the way to getting their phone number cause "my phone wasn't working properly".

They are annoying, and other than googling the scam I have not done much about it. What can we do? Until this time.

Last week my husband got a call from the bank, someone was using his credit card online. Thankfully for their security they denied charges / reversed them after speaking with my husband.

Other than making online purchases through sites like Dealfind, there is only one website he made a purchase through. Could this have been fraud through that website, possibly. But my question is without giving these scammers access to my computer, which I never have, are they able to gain any kind of access on their own?

They always end up hanging up on me when I keep asking them questions about themselves, I guess they don't like to talk about themselves lol.

Reply    

Gabe L

2013 Aug 13, 15:31
0
 

May be using new approach...

I live in south Louisiana and received a call last night from someone with a heavy (Indian?)accent. They claimed to be an "Associate of your computer's Operating System" and that they had received some "system reports" from my computer. I just removed the Harbinger.a malware last week from my wife's notebook, so I was already on edge with the caller. After explaining that the computer was not running he said that's okay I just need to be near it. I assumed this was going to end with them trying to get my serial number or something like that off of the sticker on the bottom. I made mention that I had cleaned the computer recently and that this seemed kind of shady and they disconnected. Had it not been so late, I may have tried to egg them on a bit more. I found it odd that I had just killed a bootkit that slipped through my wife's antivirus somehow and all of a sudden, phone call! Just adding my story in case they are changing up their approach.

Reply    

If you would like to comment on this article you must first
login


Bookmark and Share
Share