Hit by the ‘Tech Support’ Scammers July 29, 2016Posted by Duncan in Security, Troubleshooting, TW, Windows.
I got a call earlier today from the Tech Support Scammers. You’ve probably heard of this horribly unethical practice already, but the premise is that they cold-call seemingly randomly and try to convince you that there is a problem with your PC/router, and then attempt to get you to allow them remote access to your PC to ‘fix it’. Some then claim problems are due to expired warranties on the computer and demand payment, others setup a boot password and demand money for unlocking it. Either way, it’s a nasty thing to do and is taking advantage of people while pretending to help.
So, I thought I’d play along and see what they’d do.
The call appeared to come from a UK number, however it clearly originated from an offshore data centre. They introduced themselves as calling from my ISP and said that they’d detected a problem and needed to fix it on my PC. They could show me some symptoms to reassure me that they were legitimate. I asked them “who is my ISP?” as I wasn’t sure whether they’d know, however they were able to accurately answer.
The nice lady then got me to open Event Viewer and tell me how many errors and warnings were listed.
I’d wager that most computers have a heap of entries here, but when I said that there was over 8,000 she did some great play-acting that 8-10 is a typical number, feigning shock and how this proves the appalling state of my laptop.
Next, she asked me to open a command-prompt and run the ASSOC command. This lists all the file associations on my laptop, and she read out a string and asked me to verify that it matched the CLSID below.
This, of course, proves nothing as it would be the same on all versions of Windows. However, she said that CLSID stands for “Computer Licence Security ID” and that by knowing this code it proved her authenticity.
At this point she asked me to visit http://www.support.me, which forwards to LogMeIn – a remote control system – and said she was going to pass me over to a technical colleague called ‘David’.
When David came on the line I said I’d used the lengthy delay to google what had happened and found out what they were doing. He then swore at me and hung up.
I feel sorry for the poor people that fall victim to these horrible practices and wish there was some way of stopping them preying on the innocent.