Support Desk Scams: CLSID Not Unique
Yeah, yeah, yet another coldcall scam post, but featuring a ploy I haven't come across before, intended to convince you that the scammer really knows something about your system, so that you're likelier to fall for the scam.
Rebecca Herold reports for InfosecIsland that she was contacted by one of those helpful "support desk" people who call you up to help you with problems you didn't know you had such as malware you don't have. (Hat tip to @FSecure for the pointer to the article.) She reports that the caller was from a company calling itself EProtectionz and using what looks like a New Jersey number. However, I notice that company's web site also has phone numbers for Australia and the UK, so it looks as if the usual English-speaking populations are being targeted, using ammyy.com and logmein.com to get remote access to your system – there's actually an ammyy.com link on their web site, which is registered in Illinois, though Herold's caller had the Indian accent we've come to expect from this kind of scam.
The really interesting feature, though, is the way that the scam seems to have moved on from giving you your address (which they get from a telephone directory)and a fake IP number to convince you that they can really see your system. According to Herold (and a quick google indicates that others are experiencing much the same thing) the scammer now asks you to check a CLSID.
A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOT\CLSID, but I don't recommend that you go digging into the Registry unless you really know what you're doing. Fortunately (from the point of view of interfering with Registry entries), the scammer doesn't need you to edit the registry to find the CLSID he's looking for. He simply has to persuade you to run the ASSOC command. It's easy to do: you click on the Start button, Run, type in CMD to get to the command prompt (DOS prompt) and type ASSOC. That runs through a long list of file associations, telling you (for instance) that ".xltx=Excel.Template".
Since it's a long file it scrolls straight to the bottom, but if you're really interested in seeing exactly what it contains, you can get it to go through page by page by typing in "assoc | more": however, the scammer wants you to go straight to the bottom so that you'll see this entry:
ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
That's the CLSID on both the PCs open on my desk at the moment. Amazingly, it's also the one that the scammer quoted to Herold. And I bet that if you have a recent version of Windows and go through the same steps you'll find that you have it too. In other words, the scammer can't see your CLSID or anything else on your PC, including your Event Viewer logs. Unless, of course, you fall for the scam and give him remote access with AMMYY or LetMeIn.
Event Viewer? That's the tool he uses to persuade you that the transitory errors inevitably flagged in its logs are "evidence" of a system problem or malware infection. Of course, they're no such thing. See http://www.eset.com/us/resources/white-papers/Hanging-On-The-Telephone.pdf for more information.
The good news, though, is that if they're using a local number and other local presence, you may have some legal recourse if they insist on phoning you even though you're signed up to a Do Not Call registration service. I don't know anyone who's gone that route yet, though, so no promises. All the scam calls I've had (and there've been many!) have been international.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
125 Responses to “Support Desk Scams: CLSID Not Unique”
Leave a Reply
- David Harley (740)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Robert Lipovsky (12)
- Jeff Debrosse (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
July 20th, 2011 at 2:33 am
I've received four such calls in recent months. Never made it to the CLSID stage but I'll try to get there next time and give them a completely different number. See how they'll react.
July 20th, 2011 at 3:23 am
I was getting several a week at one point, but they seem to have given up on me.
August 4th, 2011 at 9:33 pm
I just got this call. Said he was with my ISP, but didn't mention the name of the ISP. SCAM ALERT ACTIVATED!
Asked for me to hit Win+R for the Run Prompt, but otherwise the same routine. Of course, as I'm telling him "yeah… ok… I see it…", I'm hitting up Google. 'Command prompt assoc scam' delivers me here, and confirms my suspicions. I'm A+ certified, but even I was unaware of this little registry entry. Still, I can see how less the less tech-lit might get caught…
August 18th, 2011 at 8:31 am
I just got one of those calls…Actually I have had many many of those scammer calls here in Canada but this is the first time the person quoted the CLSID and amazingly the CLSID was exactly the same as the one you have posted here. Many people are actually getting scammed by these thieves. They ended up hanging up on me when I gave them the run around but surely there must be a way to stop these scams.
September 21st, 2011 at 8:21 pm
Still in Canada, this time in Vancouver, this scam has just improved. The caller is now pretending that “your Microsoft’s Computer Licence Security ID has been identified has obsolete and need to be renewed”.
Naturally such Computer Licence Security ID doesn't exist, and the caller is still going to trick you with that same CLSID acronym, using that same Class ID number that you can also obtain using “cmd” and “assoc .zfsendtotarget”, (which prompts the unique Class ID that identifies the software component associated with the .zfsendtotarget file extension name).
But whatever you could know, it’s always better to be used to check on Google, to verify in real time if what being told you, is clear from tricks.
September 29th, 2011 at 10:23 am
Vancouver here. Just received a phone call…they are pretending to be with All Windows Operating Systems…if the sales person cannot get you, they transfer you to a technician..they say that if I do not type CMD in run my computer will crash. I advise I do not believe they are who they are and to send me an email. They hang up.
October 2nd, 2011 at 11:29 pm
Adelide Australia. Just received same phone call and got passed up through two "supervisors" when I started asking questions. Got all the way to CSLID and realised they were talking rubbish and said I would call them back once I had verified they were who they said they are. Just a quick search on the internet found this site – thanks
October 12th, 2011 at 10:02 pm
Sydney Australia Same thing just happened to me. Indian sounding lady asked to do CMD the assoc to check CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 .
I googled it while I was on the phone and then asked her to E-Mail me their details and I would deal with it then.. Thanks
October 13th, 2011 at 5:10 am
Hi, I'm based in the UK but have just had exactly the same experience as Phil. The woman on the other end was very persistent and I went along with her and typed in the CMD assoc. She then wanted me to identify the file CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. She then wanted me to let her sort the 'problem' out but I was already suspicious and kept asking her different questions. She eventually hung up.
I looked on google and found your site. Clearly these people are scammers and people need to be on their guard.
October 13th, 2011 at 11:31 pm
Just got hit in the Vancouver area from scammers pushing "assistmypconline.com" and "showmypc.com". Took the bait and let them in and am now changing passwords and running a/v scans. Don't be a dumbass like me.
October 14th, 2011 at 2:56 pm
Got a call this evening from an Indian sounding gentleman using the telephone number 09999100250 and claiming to be from "Microsoft Windows Support". He said that my computer had been accumulating viruses and that hard drive on my machine would totally fail soon. I told him I thought he was a liar and hung up. He immediately rang me back from a "Number withheld" line and insisted he wasn't a liar. He said he would prove he was from Microsoft, correctly quoted my name, address, phone number and got me to go through a routine that would reveal the CLSID - he said this was my computer's "unique identification number". He quoted the number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Being unfamiliar with CLSIDs I was a bit shaken to find that my computer indeed had this number. I asked him to ring me back, then did a Google search. I discovered that the number quoted is NOT my computer's unique ID – this number appears in MILLIONS of computers running Windows! These scummy people want your credit card details so that they can get your money. Don't give it to them!
October 17th, 2011 at 4:33 pm
I am from Melbourne, Australia. Got a call from "Windows Explorer Support" "we're the people you call when your computer has a problem with windows" "we've been getting information about your computer that there are security issues". I called him a scammer and that if he got access to my computer he would load a virus or phishing software. Of course he denied it and persisted. Choice Aussie vernacular was used and the conversation ended shortly thereafter.
October 25th, 2011 at 5:53 am
Just had the same phone call and went right throughto see the CLSID. Didn't tell the caller I was looking at two computers at the time. Got cut off after giving the runaround. There must be a way of stopping these people. For the many older generation of computer users who have been convinced to get a computer but are not aware of these people it is a severe risk. Surely there is a way of allowing them access but tracing where they are coming from and giving nothing away….? Maybe one of our antivirus/internet protection companies can come up with a way of fighting back or would that put them out of business…..
October 26th, 2011 at 2:02 pm
John, I promise you that the security industry would be very happy to fight back more effectively, but the technological options for doing that are very, very limited.
November 2nd, 2011 at 11:58 pm
Just had the same CLSID followed by eventvwr from CMD line prompt crack call. I was called from this number – 00016076259911. I am in New Zealand.
November 3rd, 2011 at 5:05 am
London, UK here.
Just had the same phone call as all of you! Unfortunately, my mother had recently been caught out by this scam and I have been dying for them to call me! Today was my lucky day. Fortunately, I'd just made a coffee and was settled in to completely waste these scammer's time.
It is unforgivable that they prey on unsuspecting people with little or no computer knowledge. Has anyone ever notified Microsoft of these people? The company that called me were Nexus PC Solutions.
I thoroughly enjoyed wasting 71 minutes of their time before I told him that I was well aware of the CLSID scam. He replied that I was "talking like an illiterate child"!!! I laughed!!
I said I was also registered with the Telephone Privacy Service and that I would be reporting his company to them as well as notifying Microsoft.
Is there a website that names and shames these scammers. If not, there should be! – Just simply for people to type in the name of the company calling and see if they are listed.
All the best to all of you.
November 3rd, 2011 at 6:33 am
Thanks for the info. Unfortunately, “do not call lists” like the TPS don’t offer any protection, as most of these calls originate in India: as one of them said to me, they simply don’t care. Microsoft is aware of the scam in general, but by all means notify them of this individual call/company: they’re much better resourced for trying to take down malicious sites than most AV companies, apart from the fact that they usually claim MS certification. I’d love to see a site that names the culprits, but verifying the malicious sites and keeping the list up-to-date would be a significant challenge. We’ve listed many of them in the past in the blog, but they change regularly. One site I’m looking at right now has at least half a dozen known backup URLs…
November 16th, 2011 at 3:39 am
lol. I just finished a call few minutes back. I really wanted to go down the road and see how will they move forward pretending I don’t anything about stuffs. Unfortunately i’m late for work thus asked the guy to give me a call tom instead. he pretended to be from an outsourced agency by Microsoft. I asked for his name, but didn’t bother to remember it. He called from +2538020308
November 18th, 2011 at 11:25 pm
Guy phoned and tried to pull this scam but wanted me to install Ammyy (remote access software)
Ammyy scam returns a lot about these guys.
They are using voip I got called 6 times already in a year.
November 19th, 2011 at 12:24 am
Yes, they tend to use either Ammyy or Logmein for remote access.
November 21st, 2011 at 2:19 pm
Sydney Australia. Yes I too received a phone call last night. I was put through to the supervisor, who was in "Brisbane" , when I asked for a phone number so that I could call back, the line went dead! As soo as the call started I turned off my Wifi, just in case I did something silly, but I played along with the game. The call came in on a landline, but next time I'm going to have a boat air horn ready. The ones that run on compressed air and are $20 at Whitworths, or the Boating warehouse. The really scary thing is that my phone number is only been connected to me for 3 months. It is a non listed number. So someone in TELSTRA is giving the information to the scammers.
November 28th, 2011 at 4:41 pm
Montreal, Canada. Just received this call (assoc, Event Viever, CLSID). The guy said that he is from Microsoft Support and they were reciving reports lately from my computer and that it looks that it has some malicios software and they will help me to remove it. The thing is… my computer lately DID HAD some serious problems!!! That's why I did believe him at the begining! But after some time I started to suspect something (they knew my name but the address was wrong, he thought that I was running Windows 7, but I have Windows Vista) and when he asked me to type in the Run I was sure that's something is wrong and googeled it. I told him that it looks like scam and hang-up. They called me back thre times right away after that each time from different phone number. I don't think that they get your contact details from phone book because they knew my first name which is NOT in phone book (only initial), but they had wrong address and postal code which is IN the phone book.
November 29th, 2011 at 8:11 am
An addition to my previous post: what they wanted me to type in the Run window was triple W dot SUPPORT dot ME (this forums software automatically discarded the web address from my first post…)
November 29th, 2011 at 9:40 am
Yes, I’m afraid it does that. It’s as an antispam measure, but as we moderate anyway it may be a little over the top. Anyway, thanks for the information: I’ll take a look at that.
November 29th, 2011 at 10:00 am
Ah. That seems to be a way into logmein.com, who make a legitimate remote access tool that the scammers are fond of using to get access to a victim’s machine. ammyy.com is also a favourite.
November 30th, 2011 at 4:40 am
YES IT HAS MADE IT THE UNITED KINGDOM
I had the exact phone call today and from an Indian guy, I almost fell for it but as soon as i saw the free software from ammyy.com I gave him the hard line and told him where he can stick his cold call. I live in the south of the UK, and after I was searching to find out what the cls id was because I worked out it was a scam because they could use updates or windows defender to fix my computer, and I found you its exactly the same scam and same people it was quite uncanny. I was'nt stupid enough to fall for it but almost, lucky I no internet security and I am doing a HNC in IT which is like a first year of a british degree. Thanks for the info Ben
November 30th, 2011 at 4:45 am
Thanks, Ben. Yes, it’s very, very common in the UK, and a lot of my blogs on the topic have actually included content from my own exchanges with support scammers…
December 2nd, 2011 at 2:24 am
Same deal eventvwr CLSID#. i am in New Zealand
Played along to see if I could learn something.
When they hit me with the CLSID I panicked & shut my computor down and told them to +#$% off.
A quick check allayed my fears about the number not being unique. But not being familar
with that file gives one a bit of a hot flush.
They knew a lot of personal info, kinda scary. But I guess we are pretty active on the net.
If you pretend to go along but require verfication of their company ID they have quite a patter
to try and make you a believer. The foreign accent, noisey voip, and a kind of bazaar like persistence
is a dead bust from outset.
I can see how they could persuade new net users into logmein or though.
December 2nd, 2011 at 2:33 am
Thanks for that, Roly. Good point about internet activity, though some of the calls I receive seem to suggest random calls rather than good intel. But that may be because I’m more paranoid than most about my personal data.
December 2nd, 2011 at 2:40 pm
Just had another one, sigh. They phone at least once a month. I jollied the chap along for 15 minutes until I got bored and asked him what he told his mother he did for a living and if she was proud of him. I explained how goofy the whole evntvwr, CLSID schtick was. He got quite prophane with me (I was being polite) and then hung up. People must be falling for this with enough frequency to make this worth the scammers effort. Nothing clever, just social engineering.
December 22nd, 2011 at 9:30 pm
I'm having so much fun with this. Received two calls in two weeks. This time, I was able to keep them on the phone for 43 minutes before they got fed up with me. I make them repeat at least 4 times and I'm playing the dumb in front of my computer. But of course, I never grant them remote access to my pc
. Can anyone beat 43min?
December 23rd, 2011 at 1:03 pm
I am so tired of these guys man. I have been getting phone calls from them over the past 5 years I worked in call centres I've done internet tech support I build computers from parts and install windows and make them work. To then say they got my clsid ip or w/e. I'm am the most knowledgable guy in the house on computers and I always get these calls. I yell at them and there is nothing I can do. Hes saying hes calling from mainmtence department of pc tech and there are errors from my computer. He wanted me to confirm the CLSID number but I had family beep in so I put the guy on hold and when I went back he had hung up already. I asked for a supervisor and hes stated he was the supervisor there has to be something that can be done cause these guys drive me batty and I'm already batty to start with lol.!!
December 28th, 2011 at 1:45 pm
Same here in London Ontario Canada. Came from 1-999-910-0103. Looking for the CLSID code.
December 29th, 2011 at 12:23 am
South Africa. Just been thoroughly fooled by these guys!
Had a message on TrustPort anti-virus status icon a week ago that the malware protection part had expired. (TP software was sold me by similar guys about a year ago after my free AV apparently expired for about a month – believed them my PC was full of viruses in the gap; let them in to clean up) Hence, when these similar guys phoned last evening I was softened up to think something may be wrong wrt malware! Coincidences!? I was foolish enough to let them in on ammyy and they showed me all the stuff you mention in your article above. I paid for Seal, P2P, and Web shield whatever this means. Am busy trying to reverse credit card transaction under non supply of goods (software) and fraudulent transaction.
They now have a lot of personal information which is my problem but having let them in probably twice, is my computer compromised to the extent they can get in when they want in future? I fear if I get a bank charge reversal they will do something evil to my PC. They were from Eprotectionz.
December 29th, 2011 at 9:09 am
Not me. I usually get mad before they do…
December 29th, 2011 at 10:17 am
Thanks, Gavin. Unfortunately, there’s no way I can tell you to what extent your PC has been compromised. There’s obviously the potential to install a keylogger, for instance, but that doesn’t mean that’s what they’ve done. I don’t know what Seal is, though there is an encryption algorithm (not a product) of that name. In this business, we tend to come across P2P with reference to Peer-to-Peer distributed software, but that could mean anything. And Web Shield may refer to a product by Avast!, but it could just as easily refer to fake AV of some sort. Eprotectionz is definitely whiffy, though. Since this is an AV site, you’d no doubt expect me to recommend using a for-fee antivirus product anyway, but in this case I think it’s worth your investing in a good general purpose security product, rather than a freebie. That won’t _guarantee_ that you’ll find any malware left on your system, but it will increase your security.
January 6th, 2012 at 4:58 am
Thanks David for this useful post. I always thought the CLSID is almost unique to each computer but it is not. I just got such a phone call from the 004259981533 asking me to grant them access to my PC throught , which I DID NOT of course! They also assured me that they identified me with my CLSID as you mentionned. Scammer are getting more and more ingenious and I understand people can get abused.
Thanks again
January 7th, 2012 at 8:06 am
Thanks David for your comments re my earlier posting (29th Dec).
The good news is Eprotectionz (with South African local number) has refunded my credit card (although ETprotections were the "suppliers" or contact email.) So to all those who are taken in to the extent of payment, immediately request a refund (within 48 hours). These companies have websites and appear legitimate. The fraudulent part is accessing individuals by phone and then convincing them there is something wrong when there isn't. What I was sold is similar to the extended warranty they try to sell you when you buy a new car – they guarantee to sort out problems for 4 years in the option I chose. If I have a problem I call in my local IT man, so I do not need this kind of suspect assurance. After "cleaning" my PC they left behind ATF-cleaner and WinUtilities Pro which are free downloads I see. My question now is are these extras really useful and does not Windows System Tools do the same things?
January 10th, 2012 at 4:54 am
Ho. Just got yet another of these calls here in Jerdsey, Channel Islands. I know many others have had the same call here. On one recent occasion when I led the Indian-sounding woman caller up the garden path and let her think I was accessing my computer, then asked as an aside "do you do these scams often?" She shouted at me "You b….y shut up" and slammed the phone down! Despite that I have had 3 subsequent calls, although when they hear my voice they can obviously check their screens as they do not proceed with the call, although they ask for me by name. I am now reporting it aain to our local tepephone company with the number which seems to be from the Bristol area of the UK. The names and phone numbers are not readily available outside this Island and must have been from a list from a website, as one of the recipients of the call does not have a computer herself, never has access to one, and can only have given her name and address when booking flights, as she has no outside hobbies or clubs who might have this information. Also she is listed in our Island phone book under initial only, but was asked for by Christian name, which is an unique one as it happens. The most likely airline is therefore either Flybe or BMIbaby as these are the two she has used last year, as have I. Will keep you all posted on any developments. BTW they indicated they were calling on behalf of Microsoft Customer Support.
January 10th, 2012 at 10:17 am
Interesting. Thanks, Gill.
January 11th, 2012 at 11:43 am
Just got a call from these guys today. Said he was from Windows (spoke very bad english (Indian/African/Asian)) and that I had a problem with my computer. He wanted me to turn on my computer so that he could show me. I said no and hung up. He called again but I did not answer. The number calling was 004259981533.
January 16th, 2012 at 3:37 pm
Just got the same call in Singapore 12 hours back, CLSID was same as one quoted above .. 00C04FD7D062
January 17th, 2012 at 2:28 am
Here in Sydney, Australia, I had two successive calls trying this scam on, about 30 hours ago – on Sunday afternoon our time.
I have been in computing toooo long. OTOH I am much more clueless about Microsoft than a lot of other things. So, when he told me that there had been a security breach on my computer, I asked for the IP address that he was receiving the info about. (Then I checked my current external IP address.) He hemmed and hawed and gave me nothing.
It turned out that my wife was also online at the same time, using the same external IP address but a different port. (We are both using private addresses locally.)
I eventually hung up but he called back.
So when he went through the schtick about running assoc from the command line, I got my wife to do the same. As he read out the the string I was able to see that the 'unique' string on my computer was the same as on hers.
Soon after that I told him that waht he was sayhing was ridiculous, and hung up. He hasn't called back (yet?).
January 23rd, 2012 at 5:02 pm
Philippe Lagace Says:
December 22nd, 2011 at 9:30 pmI'm having so much fun with this. Received two calls in two weeks. This time, I was able to keep them on the phone for 43 minutes before they got fed up with me. Can anyone beat 43min?
jamie says:
wow, 43 minutes! i got bored after about 13minutes going through the motions. My caller got so excited once i took the initiatl bait and went to the command prompt. even after me telling him i knew the number wasn't unique he persisted going on about viruses and other issues. Even me explaining to him that i knew he was trying to scam me didn't stop him, immediately. he finally said he would stop wasting both of our time and hung up.
January 24th, 2012 at 1:15 am
Chris in Canberra here,
got a call this evening. First time they have asked me to go down this path. Led them on of course, I wasnt even at my PC, and told them them the CLSID was different to the one the gave me. The woman was so suprised she asked me to check.
I then asked her which PC in particular was a problem, as I have 5 wirtual machines all hooked up behind ISA Server and a router with SPI. once she figured I wasnt the numpty she hung up, after I told her in no uncertain terms to go away and never call me back
W
January 24th, 2012 at 10:40 pm
Rob in Adelaide here,
Just got the same call 5 mins ago and Googled CLSID scam and got to this web-site and so was able to relax and have some fun with this guy. I've had a lot of scam calls in the last 6 months so I've developed a technique that turns the experience into an enjoyable one. I start by asking if they are religious and without waiting for a reply ask them if their God would be happy with them lying and stealing. I then launch into a tirade about how they are a thief and a sinner in the eyes of God and will surely burn in hell for eternity etc. If they are still on the line, I tell them that I am a family man that works hard to support my family and how would he feel if some-one was trying to steal from him and his family and that he is a criminal and a thief and that he should get a real job etc. The key is to keep asking rhetorical questions and don't give them a chance to respond. It is really satisfying that in the end they hang up on you. Give it a try, its lots of fun.
January 25th, 2012 at 1:21 am
Interesting approach, Rob, but not one I’d be too comfortable with myself…
January 27th, 2012 at 10:28 am
Hi guys i just got scammed yesterday! didnt think of googling yesterday. I have told them to call me back today. DAMN IT, i got them to remote to my PC from ammy.com. What should i do now?
January 27th, 2012 at 10:30 am
Just to add to my note above, the number was from an unknown Name and no number was displayed,
January 27th, 2012 at 10:52 am
We can’t really give you direct support on this: better if you can find someone IT proficient to help you, even if you have to pay for it. I haven’t actually been through the process of cleaning a system compromised in this way, and a step-by-step isn’t practical.
If I were you, I’d tell the guy when he calls back that you now know you’ve been scammed and demand your money back. From time to time, that actually works, apparently. More probably, they’ll argue and bully: if so, just drop the call. Shut down your system while you’re talking to them, or disconnect from the internet.
You probably need to get the AMMY software off your system. It’s probably not infected as such (it’s a legitimate utility) but I’m not sure how easy it is for these guys to use it without your knowledge. You should be able to do that from the install/uninstall control panel. If you can’t, get help from someone local.
If you don’t have AV (or have something they’ve installed for you) try one or two online scans: if they come up clean, the chances are that there’s nothing actually malicious on there. (In general, these guys take your money for doing nothing much, rather than introducing deliberate infection.) We have a free online scanner (www.eset.com/home/products/online-scanner/) as do other companies but you should install a proper PC-hosted scanner as well (do that afterwards). Perhaps a full internet security suite rather than just AV. It doesn’t have to be ours, of course, but we happen to think it’s pretty good.
I can’t guarantee this will fix it, but those are approximately the steps that a real support tech should take.
January 28th, 2012 at 11:43 am
The scammer woke me early on a Saturday morning, but his South Aisan accent was so strong that, after several "I beg your pardon, can you repeat yourself?" all I could make out was "Microsoft" and "CLSID". I must say, I did walk to my computer before it occurred to me this probably was a scam. I asked for his phone number and he hung up. So I googled "CLSID" and clicked on this website. Does everyone experience a strong South Aisan accent or are there scammers who call but have another accent or no accent (if I may indulge in the Pacific Northwest conceit)?
January 28th, 2012 at 3:43 pm
Edmonton AB Canada here…
I get these calls all the time, almost like clockwork, in the afternoon, in the evening, first thing in the morning… always somebody with almost unintelligible English (why they don't find someone who can speak clearly, I have NO idea - it would increase chances of a successful outcome for them in the western world). I've responded many ways: anger, threats, politely, compliantly, dumbly, knowledgeably… it doesn't matter, the calls keep coming. I got one yesterday afternoon, and another at 8:45AM this morning that got me up after a late night in my observatory.
Anyone who has allowed these scammers access to their computer should take the threat very seriously. If all they did was install a keylogger, everything you type on your keyboard may as well be emailed directly to them – they'll see every keystroke, every password, every detail you enter into your financial tracking or chequebook software. Even worse, you may have given them personal info about your friends and family if you have a "busy" Address Book or Contacts list.
I know its not a popular option, but if I were you, I'd backup all the data files you want to keep - BUT NOT PROGRAMS - onto a flash drive, then reformat the computer hard drive (better yet, spend $70 and buy a new hard drive to ensure you're not dealing with a serious rootkit problem), reinstall a fresh version of Windows, change ALL your passwords to your computer and websites you access (FaceBook, Twitter, your online bank, etc), and reinstall whatever programs you need direct from website downloads, or from your backup CDs/DVDs. In other words, erase your previous system entirely and start over. Then talk to your bank about what's happened, ask them to watch for transactions above your usual amounts (if your typical credit card charges are around $100, ask the bank to contact you about any charges above $200 before putting them through), or worst case, ask for a new credit card and cancel the old one.
Yeah, all that's pretty extreme, and a LOT of inconvenience. But you're dealing with people who DO NOT CARE ABOUT YOU, OR YOUR WELL BEING, and are only too happy to send you a monthly bill for bogus services or products until Eternity, destroy your credit rating, sell your credit info to their pals, and steal your identity to resell to god-knows-who. To these people, you are just a walking ATM machine.
Once you've let them access your info and your computer, you HAVE TO ASSUME that everything you gave them will be emailed to thousands of internet criminals as soon as you hang up. If you're lucky, nothing may happen… but the news is full of people every day who are not this lucky, who's credit rating is destroyed or their bank accts emptied by these criminals. Its the ugly side of mass internet use.
MICROSOFT WILL NEVER, EVER, EVER CONTACT (PHONE OR EMAIL) ANY CUSTOMER ABOUT A VIRUS OR MALWARE OR ANY KIND OF PROBLEM. NEVER EVER EVER. NEVER. Anyone calling you claiming to be from Microsoft, or from a Microsoft tech group, or a Windows service agency is NOT your friend, or trying to be "helpful". Unless you enjoy wasting your time by playing with them, just hang up. Put their caller ID on your call-screening list (sometimes that works, but not always), and just don't play their game. If you don't play, you can't lose.
Good luck out there – and be careful !
January 29th, 2012 at 4:00 am
All the scams I’ve seen seem to have originated around Kolkata or New Delhi, and most of the reports I’ve received have mentioned the caller’s “Indian” accent. This isn’t unusual in cold-calling generally, and not all cold calls are fraudulent, though most of them are annoying. In fact, I suspect that some legitimate businesses farm are offshoring marketing calls to sidestep local “do not call” lists and legislation. And I’ve an idea that some of the callers are unaware that the scripts they’re following are actually fraudulent: in general, the callers I’ve talked to haven’t shown any indication of real IT proficiency. None of which makes it less irritating, not to say pernicious.
I have seen come across just one report that mentioned the caller’s _English_ accent.
January 29th, 2012 at 5:20 am
The fact that most of the callers sound Indian has a geographical basis: every instance of this scam that I’ve seen seems to have originated in India.
I agree that once you give a scammer access to your PC (not to mention your credit card) you’re open to all sorts of abuse, but I’ve seen no proof to date of complicity between these scammers and those responsible for spreading rootkits and the kind of major financial fraud we associate with some botnets. The software most likely to be installed (apart from the remote access software, is usually a free version of something legit) is an evaluation copy of some security software. That doesn’t, of course, mean that they never install something frankly malicious, and it certainly doesn’t mean there’s no way they ever will, but I’m not seeing reports that indicate that it’s happening at the moment. So a complete reinstall and replacing hardware is a bit over the top, perhaps. There have been instances where a system has had to be rebuilt, but as far as I know, that’s tended to be because of inexpert modifications by the scammer, or because the victim called in a tech who may have overengineered the fix.
It’s actually not quite true that you’ll _never_ be contacted about potential problems with your system: there are, in fact, circumstances in which an ISP, for instance, might be contractually allowed contact a user (directly or through a 3rd party) because of malware transmitted from his IP address. At present, that’s a very rare scenario, but when/if more ISPs favour the “walled garden” approach where your access to the internet is dependent on your having a clean machine, it’s going to add an extra layer of complexity to the problem.
January 31st, 2012 at 4:32 am
I've had a couple of these calls. I was having a cup of coffee and stroking the cat at the time so I decided I had a few minutes to play with them. Firstly I pretended to mis understand al most everything they Indian gentleman said, i.e. "press the key, windows, R for Romeo", I don't have a "Romeo" key, I have ctrl, shift, esc, etc etc
Then when I led him to believe I had Linux running on my windows PC, by mentioning "Gnome" comes up when I press windows and r (I don't, I have a Max with OS-X lol) he gave up.
These guys must con a lot of vulnerable people though!
February 2nd, 2012 at 9:56 pm
Brisbane Australia, had an indian woman claim she was calling from PC Solutions, and also claimed she was in Brisbane despite the deafening delay in our telephone transfer. I got past the CMD part where she feigned that my computer was doomed and she was going to transfer me to her manager who knew how to deal with these types of these things. She kept reiterating all the issues when I said I didn't have time and i'd work it out via google, which brought me here.
February 6th, 2012 at 12:21 pm
yes i have had a lot of calls from indian speaking person who claimed he was from microsoft and my computer had lots of problems ,viruses etc and that 12 digit number on the send to target was my identiy for mirosoft .i acted a bit dumb and kept him on the phone for a long time,but i thing he lost his rag in the end,asking me if i could speak english.i hung up on him then
February 6th, 2012 at 1:55 pm
Just got a call from them, I'm an A+ cert tech. I had alot of fun with these guys. The guy on the phone had an Indian accent, I asked his name, he gave me Martin Smith… Really? HA!
I also got the phone number 1-315-285-4200 which I called and got someone who answered the phone as "IPC Support" in NY City. Same as the caller.
And by the way, I run Ubuntu Linux. I asked him to tell me what version of Windows I was running, he asked "7?"
I will try to report them to whatever authority handles these things. Maybe getting a story done on the news would be more effective?
February 6th, 2012 at 2:02 pm
There has been a trickle of stories in the UK press in the last couple of years, very little elsewhere. Unfortunately, guaranteed pickup of a security story by the mainstream press is a bit out of my skillset.
February 8th, 2012 at 6:58 am
Wow It's reached South Africa, really guys? Just got a call from an Indian guy saying that my PC has had some errors and that he can fix them. He assured me he was legit. But Imediatly it didn't make sense to me, I studied computing and have no problem fixing my own pc and I also know that the number he provided is easy to obtian so I told the guy to stuff it. Being intrigued afterward if anyone else has had a call like this I checked Google (google is your friend) and now i'm here… Still pretty hilarious that it's come all the way to us though.
February 8th, 2012 at 12:22 pm
Cartwright MB Got a bunch of calls from these guys. These are the caller ID numbers they used all within 10 minutes.510-943-3040 + 999-910-0119 + 123-456-7890. They said they were calling from 24/7 PC Help or maybe Health. Desperate that my computor had a virus & they were going to fix it. I said thanks I would call Inetlink my service provider & have them call 24/7 PC help back can you give me your number. NO, NO sir you do not understand, We are your General Service Provider, Inetlink is only your local company only we can fix this problem can you please go to your computor and we will HELP you through the process. umm well tell you what guys no thanks but ill call the guy who sells me my computers and have him check this out or call you back. Then they hit on a really good punch line. Oh NO sir Only YOU can make changes to your sevice account no one else can make these changes for you. DO not let anyone else take control of your account. uh huh bye & i hung up & called my sales/repair man who sent me straight here thanks alot.
February 8th, 2012 at 12:29 pm
Addition to above. Yes they were on this CLSID code all the time said only they carried this code only they could help me. Then when i hung up they called me back 5-7 times. What kinda riled me up was that after i hung up on them & waited 5 seconds like usual i tried to make a call & they somehow still had my line open they were right there ready to go again. i hung up again & waited 20 second, they were Still somehow holding the line open. I do not have VOip or anything wireless how were they doing that. Then they called back 5-7 time one time it went to voice mail so i could here a little bit of noise then they hung up but when i picked up the phone again to dial here they were somehow still on the line. THANK-YOU
February 8th, 2012 at 12:39 pm
Got the call 3 times this month. I asked for the phone number and they gave me 1-866-948-2934. Having been through this before i called him on it and all of a sudden he couldnt understand english or speak it. Then the so called supervisor called me back, claiming that he is calling to say everything is ligitamate he called from 1-132-354-2152. Im from toronto, ontario. my phone number must be on some kind of india call list as they call daily to see if i need my ducts clead too. so annoying.
February 11th, 2012 at 3:23 pm
Yes I got a call from One Stop PC Solutions saying that I have lot of error messages in my windows PC and sending these errors to Microsoft and we are the one chosen by Microsoft to support the windows users for any malicious progrmas installed for clenup. We have report saying you have lots of erros reporting if you don't clean up immediately these malicious programs may crash your pc.Microsfot gave your personal information to call you and support the erros you have in your pc. Such as rundll32.exe is the process information.
The person called Robin White from One Stop PC Solutions and I asked him his phone number and company he gave this information Phone number 1-201-338-6142.
If you come across this kind of ananymous calls do not answer and accpet whatevr they are saying.
THESE ARE SCMMER CALLS
Good luck
February 15th, 2012 at 11:12 am
I don't answer my land line. The only people I need to hear from, have my cell #.
February 20th, 2012 at 8:27 pm
YES IT HAS MADE IT TO SINGAPORE!
Being Indian myself, the Indian guy holding the name Henry Peterson immediately threw alarm bells. I told him I would wait for Windows to release a Malicious Software Removal Patch and upload that. Thank you and goodbye!
February 21st, 2012 at 1:51 am
I just got a call from a scammer who said she worked for PC Solutions who rang from 02538020308. She said that over the last two weeks they had received information saying that my PC was sending MALICIOUS messages to MicroSoft and she wanted to help me to fix my problem.
I asked if she had a Web Site that I could look at? This threw her for a minute and she said pertly "Do you want to proceed with this call?" We went through the steps exactly as detailed above – Command Prompt – Assoc – CLSID. She read back the CLSID and said it PROVED that she was calling from a reputable company since she could read this number back to me.
As she was talking I was trolling through the internet and suspected that this was a fraudster!
Thanks very much for your comments — spot on!
February 22nd, 2012 at 7:45 am
l got the phone call today.. (UK) l`d never heard if this scam.. He ended up putting the phone down after 5 mins (and l`d been passed to his superviser) LOL… l`ve now emailed this to all my contacts.. Put it on Facebook and notified the police that it`s going on in my area.. The more people aware of this the better.. l`ve been on the net for over 10 years and not heard about and apparently the scam`s a few years old.. So please tell everyone.. Be safe
x
February 22nd, 2012 at 7:50 am
Thanks, Ani. We’re really trying to get the word out.
February 25th, 2012 at 12:06 am
Im in NZ and have had a heap of these, always try keep them on the line as long as possible – just reached 37 minutes. This time had the CLSID stuff for the first time.
February 27th, 2012 at 7:34 am
Hi just hung up from this scam. Somerset UK. I was almost fooled, the Indian person was very persistant. Witheld number. From One Stop PC Solutions.com asked me to click 2nd technician that my computer was sending virus's.
I did download the AMMMY file but did not open cause I was getting concerned.
I hung up but the person phoned back and left an abusive message on my answer phone.
I was looking at onestoppcsolutions as I was talking to him and it almost seemed authentic, if they have a website which they use to interact with you surely they can be traced. I no very little about computers so apologies if what I am saying makes no sense.
They said they were calling on behalf of Microsoft and took me to the foot of the web page to prove authenticity.
Please can you tell me if my computer is going to be ok? More important my private information, credit card, bank details etc
February 27th, 2012 at 10:17 pm
Julie, thank you for that information. Yes, if the website is genuine, the company can be traced, but getting action taken is rather more difficult because it requires cooperation across borders. We’ll pass the info on, though.
If you didn’t open the AMMYY file, the scammer probably wasn’t able to get access to your system to do any actual damage. (In fact, this type of scam generally doesn’t result in deliberate damage anyway.) If you gave him any financial details, you need to contact your credit card provider, bank etc.
March 1st, 2012 at 4:04 am
It has just made it to FRANCE!
same scenario: a call from a woman with an indian accent, CSLID and so on. I got almost fooled by the CSLID trick, but became really suspicious when she asked me to type an internet adress. I decided to check on the internet, and stumbled upon this thread. I read her some of the posts on this blog… no reaction. I eventually hung up.
Anyway… thank you!
March 1st, 2012 at 9:14 am
Thanks for that. As a matter of interest, did she talk to you in French or English? We’re seeing an increasing geographical spread, but so far no reports of using other languages. Of course, I have to wonder whether that’s next.
March 1st, 2012 at 12:49 pm
She talked in English. Actually – I now realize how stupid I was – the fact that she spoke English made me think it was legit. We get a of calls from offshore call centers, but they are always in French (usually based in North Africa, as you can tell from the accent). I thought: why would a call center from India bother to call in France, if it was not for something important? But, yes, an interesting geographical spread indeed.
March 1st, 2012 at 1:01 pm
These scammers now seem to be calling Vancouver, BC area. All the detail is almost exact. The caller was definitely from India with poor command of the language. The CLSID was exactly as mentioned, which really makes you think they can see into your computer. They did the event viewer thing, but when I resisted, he passed me to a supervisor. He said he was from Global ITSolutions, but I somehow doubt it. The name provided was Adam Shaw & his call back number was 1-800-831-0471, which appears to be a bogus number. They then wanted me to pass control to them, by logging into ;
This is all pretty scary. I know my stuff pretty well, but seemed to have knowledge of the fact that I had recently installed a new Win7 machine, that operated on the same LAN as another recently purchased Win7 machine, that shared a common Internet access and that this was at the heart of the problem. Their personal knowledge of these recent events is what ALMOST made this work. I can't imagine how they could know this info. The internet access and the wireless router have been in use for years. Be careful out there.
March 9th, 2012 at 1:52 pm
I had a call earlier today asking me the same thing. She had an Indian or Pakistani voice. I asked who she said was from again, and she said Windows. That they had received error messages from my computer. She asked me to type cmd in the run window and then assoc and to look for the CSLID. She asked it the numbers were the same as mentioned above and asked for my permission to go into my computer. I said no one goes into my computer. She said she understands my concerns but said that this way, they can see which files contain jumk or malicious viruses. I asked her name and she said Denise Smith. I said well I am not letting anyone get into my computer. She said I can cal back later if I want and I said ok and asked her number. I wanted to see what she gave me. She said 323-919-8311. I asked what area code was 323. I had my phone book out and was looking up area codes for the the states. She said California. I said it doesn't show any area code of 323 for California. She said it was a toll free number. I said ok and hung up. I did a reverse number look up and it was a California number but was a cell phone. I have caller ID on my phone and the number showed up as 510011. I googled about CSLID and found this site and read other posts. I am glad I didn't do any more with her. I don't have a credit card, so she wouldn't have got any money from me anyway. I am guessing my computer is safe since I didn't go further with her, other than checking the CSLID number.
March 9th, 2012 at 1:54 pm
I do have 2 desktops. One in my son's room. It is wireless and it has the same CSLID number as this one.
March 10th, 2012 at 9:19 am
Nice, I was not as good as the guy who kept 43 minutes. I could only manage to keep them for 27 minutes on the phone.
A certain Ms Janet called me from Windows Technical Support.
Claimed that my computer had problems and they wanted to fix this.
Funny thing is that my computer is having a lot of BSOD (Black Screen of Deaths as well as Blue Screen of Deaths) due to some harware malfunction / incompatibility.
So I thought, okey - lets see what happens.
Cmd prompt. Taking me to the INF directory of windows, asking me if I recongnise some of the files. As a matter of fact I do as these are Driver files if I'm not incorrect.
She heard me being cautious so she took me to Prefetch Directory asking me to type Prefetch "JUNKS" as to further hit on the issue that I was having problems with "junks file"
Now she wants access… and no, there is no way she will get access. She wants ammyy.com connection and I refuse.
She tries the Cmd prompt. Assoc and clsid number. Telling me how unique this number is.
She claims that it is free?? now but later it will cost money, but "sir, you decide"…
So I tell her that she can give me a Knowledgebase number for this problem that "affects thousands of people". She has none.
I ask her to tell me which departament she calls from. She claims Windows Tech Support. I tell her that I want to get into touch with Microsoft and verify her story. She claims that Microsoft doesn't call people, Windows does. Okey…That's new to me. So what number does Ms Windows have… since she is calling me, obviously she has a phone. I want a number. She has none.
I tell her to share the "findings" with me – so that I can tell my "security people" what is wrong.
She can't. Claims my computer has connected to other computers when doing banking and buying online. And that I now have corrupted files and other computers have access to my computer.
I have to give her 10 points for being persistent. But 0 points for being a dumb-ass.
When I tell her that she is dealing with high security and confidential information on my computer and that I will alert my departament of security to verify her person, where she works, eats, lives, and what her parents have for breakfast, she hangs-up.
I hope someone scams her parents really bad. Takes all their money. Maybe then will this little pathetic creature understand. People like this deserve no mercy. No second chance. No clemency.
I run computers as part of my life. I use encryption on HDD including operative systems. I use all necessary protection with online activities. But nothing will help you if you let them connect to your computer. Funny thing is that my warning lights came on, but since my computer has reported BSODs to tech support, I was very curious in what the heck this is.
NEVER EVER LET ANYONE CONNECT TO YOUR COMPUTER. MICROSOFT (NOT WINDOWS) DOESN'T GIVE TWO HOOTS ABOUT YOUR COMPUTER FAILING OR RUNNING SLOW. THEY WILL NEVER SPEND A DIME ON YOU TRYING TO FIX THINGS. YOU'LL HAVE TO CHASE THEM.
March 13th, 2012 at 4:27 am
Hi there. Had a similar call this morning – previously put the phone down on these calls. Played along with the caller who went through the CLSID process and event log to find errors and then wanted me to permit him into my PC via . I then refused and he tried to reassure me by giving me his name and phone number – 0800 404 6964 and he called himself Techi4you, a windows service provider. No response from the phone number as expected. The original scam call was from an International address and the caller sounded indian. Interesting aside was that the errors on my PC were being reported to the service provider and afret 3 days of errors, they identified my phone number from my PC's error message. Big brother really is watching!!
Never let anyone remote into your computer.
March 13th, 2012 at 6:55 am
Called this morning from techi4u with backup website etc www …. com.au very plausible approach to the unsuspecting.
Only managed about 20 mins talking and he gave up after insisting on an email address where I could contact him.
March 14th, 2012 at 7:02 pm
Hi guys… yup.. Moncton NB Canada.. got one of the calls as mentioned above tonight… only got as far as showing the CLSID..then I asked how he got my number and what my name was….he says from the information provided by microsoft and the ID, he could do a trace and get my number…of course, he called my number but it was not my name, but was not my name listed in the phone book …lol..eventually he tied to accuse me of sounding like a HACKER…hahahaa… right back at ya buddy !!! They then got verbally abusive and hung up. Don't you dare try to fool a 25yr Electronics/Computer Engineer…..dumb-a$$.
March 14th, 2012 at 7:03 pm
oh yeah… I had him on the phone for 44min. !!! lol
March 15th, 2012 at 2:45 pm
From Alberta. Just had this phone call. Was on phone for 25 minutes. Had hard time understanding him and east Indian accent. Stated he was from Microsoft Windows Support and that my computer has been rending him errors. He showed me the CLSID, and everytime he had me look up something ie. eventvwr.. and told him how many events there were he would cheer "oh my God, we need to get this taken care of right away!" …He was trying to lead me to onestoppcsolutions.com but hung up when (luckily for me) I couldn't get my wireless internet connection. I immediately googles it and found this site. YIKES!
March 16th, 2012 at 3:32 am
Hello,
Just got this call! I was passed to manager lol, he tried it on with the CSLID business, as soon as I said it wasn't a unique number he tolf me it f**king and hung up! Unfortunately he was calling from a private number. Scary that this sort of thing goes on though.
Your article came up when I googled "Clsid scams" while talking to him. Thanks for the info
March 16th, 2012 at 9:10 am
Got the call in Ireland! They've been calling me since I got my land line installed. I've missed the calls most times but I had researched the phone number and found out exactly what was going on.I have an excellent knowledge of computers so I wouldn't have fallen for it anyway but it was handy to know what they were going to say, try and get me to do, etc.
Managed to answer once and after a few seconds there was a man on the other line presumably from India also. He told me he was with a company that was working with Microsoft and that i have serious problems on my computer. I responded saying "I know this is a scam, you're never going to get any money from me and take me off the call list because they are only waisting their time" I hung up without giving him time to answer.
Got another call last night from 0119(shorter than any of the other numbers they have called me from).
He told me I had a problem with my windows and mac(i don't have a mac). he then went on to say every windows version was infected and listed out all windows releases since windows ME
Decided to have some fun this time to maybe annoy them into taking me off the list.
Only managed about 7 minutes on the phone leading him up the garden path. Pretended I had difficulty reading, he told me to click the windows icon. this took about two minutes at least. CALLER: "click once" ME: "oh no i've clicked twice, how do i do that, where is it" etc.
got to the event viewer part and pretended to type the commands he wanted. after getting him to explain how to do this about 10 times i told him i clicked ok but now smoke has started coming out of my machine. he knew then i was having fun with him and that's when he started getting really Irate. he started to tell me over and over that "I was a fool" and "we are going to punish you" then hung up.
So my thought is for all of us to waste as much of there time as possible thus stopping them from getting through to someone that actually might believe them.
Also there should be more warnings out there about this type of scam. I think all ISP/telephone providers should send a message with one of the bills they love sending out, to warn people of this kind of attack.
Or credit card providers/banks should send a message to all account holders warning them of every scam that is known to them. and constantly update customers as new scams come online. They spend lots of money trying to make your bank account safe so why cant they just put one small notice in every bill(not likely due to cost), or even a note on the bill itself, put scam info on their websites, or email every address the bank has available to them with warnings.
Maybe give one of the tabloid papers a call claiming to have lost an entire lifetime of savings to this scam. They'd probably run it without checking the source. Then we have raised some awareness. I wouldn't feel bad doing it to the tabloids. Most of the stories are made up anyway.
March 18th, 2012 at 8:40 pm
Brisbane, Australia
This was the second time I've had one of these calls. I looked up this site while I was talking, to try to find what the bottom line was. I eventually asked what they wanted from me, which they thought was a strange question. I was told that I would be offered some security program for $235.
The other thing this scummy lowlife said was that he would "block my computer if I didn't listen". Then he asked if I was married, and I told him it was none of his business. "Why is it none of my business?"… on and on.
Eventually he told me that I "could hang up now".
I tried the Melbourne number they gave me to confirm their business presence in Australia, and the same guy answered. But the original calls came from "Overseas" according to my phone's caller ID. I guess they've got some call redirection machine set up in Melbourne. I'll try ringing Telstra and see if they can do anything.
March 20th, 2012 at 7:13 am
I rang my phone company to see if they would block the numbers but they said they can't do anything about it. these sneaky scumbags use different numbers all the time so it isn't possible to block them because they will just use another number to bother you next time.
they also told me to report it to the police because they have been trying to collect as much information as possible so they can attempt to take it further and stop this from happening.
all of our names and phone numbers are on a list and won't be taken off. I know they didn't get my details from my phone provider because my last name in the phone book is different to what they had on their list. they called me by the english version of my name which I have only used while providing details online.
We all just have to be more protective of our details online. I have even set up a second email account to help with this. any website looking for my email just gets this second address unless i think they are trustworthy enough for my real address.
March 22nd, 2012 at 5:04 am
Devon UK.
Just had one of these calls. Guy was calling for Microsoft outsourced company 24-7 something or other.
He got stuck when I went off piste & asked him to tell me what OS I was using on the 4 computers on my network.
Dont really understand either were he got my number from as it's delisted & private.
He eventually passed my to a tech guy & I told him that my best mate ran WebSphere at IBM with access to some of the best techies in the world. He then passed me on to his supervisor who called me a liar because I told him the CLS ID he quoted me was wrong.
Could have kept it up for hours, but after 30mins of them trying they hung up on me
March 22nd, 2012 at 9:11 pm
Just got this call today here in the U.S. Had a bit of fun with the fellow. He eventually told me, "have fun when your computer crashes!" Lovely!
March 29th, 2012 at 12:40 pm
LOL I received this same call from the number 1-(210)-251-0011 *location San Antonio Texas and the fella on the phone told me he was from Microsoft Windows Support and informed me I was having issues with my computer and that they noticed the problem. I asked them how they accessed my computer and they informed me via my computers ID number and gave me the CLSID (I know what my product ID is and where to locate it and the number htey gave me I KNEW was incorrect) I played along and recorded them. I'm tempted to allow them to access one of my OLDER computers which I plan on formatting anyway and doing what I did today and that was recording them on video and making a total ass out of them… once he strung me along as much as he could I informed him the number he gave me wasn't the product ID for my computer that I had and that he had to be mistaken. I then informed him I was an IT professional which I am and he laughed at me LOL… kind of funny when a scammer gets caught in his own lie. Good thing I'm smart enough to know the difference, for one how the hell would he get past my network? I didn't give their company access to my networked system (people who access my website/network and wifi NEED a password) So I did find it quite amusing to see this idiot tripping over his stupidity. I just hope people learn that this is a scam and need not to fall for it. I plan on blogging about this and putting up the video in my blog
March 30th, 2012 at 7:54 am
Had these calls for over a year now, at least they've stopped pretending to be Microsoft, but they did try the clsid the last time. I just googled as he talked and quoted him what a clsid is, rather than his definition. Funnily enough he hung up – best one was last year when one of them insisted I must have a "My Computer" icon in the top left of my screen….nope, i had renamed mine and moved it elsewhere on my desktop, yet the idiot insisted it had to be top left and couldn't be renamed.
March 31st, 2012 at 9:12 am
Listen to this scammer convo with the BBC’s technology correspondent Rory Cellan-Jones:
March 31st, 2012 at 9:39 am
@Phil, I’m afraid URLs are automatically stripped from comments. I guess the URL you wanted to include was http://news.bbc.co.uk/today/hi/today/newsid_9637000/9637033.stm. I included that in the resources page for the AVIEN blog at http://avien.net/blog/?page_id=790.
April 12th, 2012 at 6:53 pm
Montreal. I had so much fun with the entiry family. We were passing each other the phone and starting from the begining. Fake bathroom brakes and pc reboots… The Indian guy was very patient. But he will get pissed eventualy. After 20min and more.
April 14th, 2012 at 12:43 pm
Just got this call a few minutes ago here in Winnipeg, Canada. The first guy sounds like Indian and sounds stupid. He transferred me to a lady who talks like legal. I'm suspecting so I asked her to tell me my ISP, she diverted the conversation. I asked again to tell me IP address. She told me she will tell me my unique CLSID (now I know it`s not) so she gave the Run-CMD-ASSOC command. At the same time I was googling. Maybe she noticed it's taking me a while so I might be doing something else to get her so she hung up. Next time I`ll get them… Be careful everyone…
April 16th, 2012 at 11:47 am
Calgary here – yup received this call twice in two weeks. I keep telling them I'm not falling for this scam so stop calling, but they haven't yet. Don't fall for it. Microsoft people don't call you at home…they don't tell you to run something on your computer. They don't tell you to type CMD and ASSOC from your Windows tab and Search area. I don't have problems with my computer (other than normal ones). I have a third party virus program that I run as most Canadians do…(Nortan, Symantec, firewalls, etc).
Ask where they're calling from and ask them who they are calling for – "ma'am" or "lady of the house" tells you they really don't know who they're calling…ask how they got your number…ask for their number and that you'll call them back. Hang up. Then do the research because you'll find they're not legit. DO NOT fall for their scams.
April 17th, 2012 at 5:59 pm
HI
I am from Montreal and I just got a call a few minutes ago. The person had an indian accent and was acting like it was an emergency. He indicated that he was from Windows Support and that my computer has been hacked and that it is very important to fix it. He gave me the CLSID number that you mentioned above and wanted me to go on my comupter but I told him that I did not have time right now since I was busy. He kept telling me how urgent it was but I did not go for it and told him to give me his number and I would call him back tomorrow. He said he woud call me again but would not give me his name or number. Glad I read your article on this.Thank you Maria
April 20th, 2012 at 5:21 am
Hi All – I'm from Australia and have had a number of calls over the past 3 days – different people – male and female – a couple of times I just told them to "F off". Tonight they called three times – kept the last guy on the phone for over 30 minutes – he said his name was Ronnie Smith – very suspect for an Indian sounding man. Anway he gave me his phone number of 1800 027 4106 and said he was a supervisor with 24/7 Business Support. The company has offices in Sydney, Canada, UK and US. They are a contractor for Windows technical support. He said he would help fix some system problems that were reported by my PC to Windows. I was suspicious and said I would call him back. Then I got onto google and found you all. How do you stop them from calling – I have previously joined the 'Do not call" register and will now update it.
April 22nd, 2012 at 12:31 am
Yes the convenced me with the same CLSID # and I even gave them brief remote access, but when they finally gave me a dollar amount I discontinued the call and shut off that computer, A week later my computer received came up with the S.M.A.R.T. HDD virus, coult I have gotten that from them,
April 22nd, 2012 at 6:35 am
Paul, it’s possible, but we can’t really say without having been there.
April 23rd, 2012 at 10:25 am
My neighbour got one of these calls, as have I. The CLSID is new on me, I used to ask them the IP address they were refering to. My neighbour has not got a computer!
Keep circulating the updates on them.
April 23rd, 2012 at 6:17 pm
Got a call here in Sweden today, from the scammers, of which I was well aware of allready. This scam has now reached Sweden since many Swedes are fairly literate in english. I guess I was targeted since I have A Scotish surname as well. Their phone numer started with 0044…….something. I lost the number in my phone. (+ 44 is UK prefix). My girlfriend took their call a few days ago and hang up after they started shouting. Now i got the chance to enjoy them for a while.
. I put my computer in sandbox mode for extra safety (with Returnil = a program that has a good freeware sandbox that restores ALL computer changes made until you restart your computer). Then started another PC on the side to google every command they suggested. Now I was ready to play 
She then excused herself and transferd me to some other bloke.
I managed to hold them up for 41 minutes
They ran the full manual with the CLSID followed by "eventvwr" from CMD line prompt where windows always logs minor issues. I more or less continiously asked how they could link my phone number with my computer to some slight pressure on them. I also repeatedly ask for wich Windos licence my suggested PC problem was concerning. Especially after they claimed to have found my name through Microsoft. They bla bla bla of their company was working for Microsoft, only recives a lists from technicians etc. I repeated all my questions now and then. and when the got frustrated I enterd one of their command to give them some new hope.
After the first girl with broken english (possibly african accent, not typical indian accent. Im not native english either) had almost started screaming i wondered why support had such an agressive tone
This bekame a more or less a rerun of the first girl calling me. I stopped puting in command when they wanted me to write in a link to the remote program Ammyy in the dos command promt. The guy finally gave up when I ironicly asked why the CLSID number that was supposed to identify my problem PC was the same in both my running PCs (= 888DCA60-FC0A-11CF-8F0F-00C04FD7D062).
Unfourtunately I don't think they pay a lot for international calls. But I made at least two of them frustrated
SOLUTION suggested:
Next time I will ask them to call me on my mobile since my wireless phone needs charging when they think I will download thei program. Then I give them a number to some pay-number sight (suggestibly to the Red Cross or similar aidnumber with answering machines).
If they continue to call I will get a pay-number of my own
April 25th, 2012 at 7:34 am
Just had another call. The indian lady from Windows support told me all 4 of my computers would crash within the next hour. I asked her if she wanted me to do assoc or eventvwr, she said neither, then tried to talk me into eventvwr. I told her their scam was all over the internet security sites and she passed me onto a supervisor to give me their company website address. He just continued on the eventvwr route – while i tried to tell him that calling me week after week won't make me fall for their scam and that none of my pcs will crash as they had said., and i offered to give him a web link to the details of their scam. He hung up.
Next one I'm gonna play along and keep them there for an hour
April 26th, 2012 at 8:59 am
Here in cornwall the UK, Just had one on the phone for 40mins, he said the usual story and he told me he was calling from new york,
so i asked him if he had been on the golden gate bridge in central park! oh yes he said
so i kept on asking him random questions and then i started laughing, he was well pissed off when i said you have no chance mate. the penny dropped and i he swore and admitted defeat. he knew i had given him the run around and even started laughing and then hung up
April 30th, 2012 at 11:55 am
Just received this call in Toronto , Canada. From a company called IPC Support () which lists itself as an online subscription-based technical support services company (bingo!!)….When he tried to get me to install Ammyy – I sadi no-way and hung up!!
May 2nd, 2012 at 5:08 am
Bunbury, Western Australia
Got a call today, exactly the same. I phoned my service provider IInet and asked them to add a malicious phone call tracking on my line. Now they just have to phone me three times while I record the dates and timesof these calls and I'll have their number. Then just hand it in to the police.
I am a bit dissapointed that they couldn't get the details of the phone call allready. I so want to stop these guys from harming any other people
May 2nd, 2012 at 5:50 am
That may help if they’re the same company and calling from the same number. Bunbury, huh? I had a very pleasant brunch there a few years ago.
May 2nd, 2012 at 11:08 pm
The best thing to do, is tell them you don't have a computer. They don't even say goodbye, they just hang up. Also I have a lot of old retired friends who don't even watch the news and nearly got stung by this exact thing, Make sure you let the oldies know.
May 3rd, 2012 at 3:50 pm
This just happened to me and unfortunately I was pulled in because I know nothing about computers. I figured out about halfway through what was going on and shut my computer down. They have called me at least 20 times each day this week. I told them a couple of times that I do not wnat their service. Finally today I conferenced in my fiancee and when he confronted him, this guy went off on him in the most foul horrible language ever. Telling him what he was going to do to his mom and to me. I was so upset. Fortunately we were able to threaten him a bit and I don't think he will be calling back. I am however keeping the voicemail he left me telling me he is going f**k me.
Hopefully other people read all this article and DON'T fall for this crap.
May 4th, 2012 at 11:18 pm
Just had a call like this last night from an Indian accented femail who was most difficult to understand. I had to ask her to repeat herself a number of time which she seemed to find as equally frustrating as I did her inability to make herself understood. She wanted the system number of my computer and I asked her to tel me what it was if she knew I had a problem. She said it wes 888DCA – ha! When I asked how she'd obtained my phone number she ended the call.
May 7th, 2012 at 12:49 pm
Think I might have fallen for this. I ended the call having asked questions for some sort of verification and got none. I did enter something but I cant recall what. I'm left wondering if I've given them access or not. Very annoying.
May 9th, 2012 at 2:58 pm
Well, isnt this fun? Im in Washington state and received the CMD….assoc……CLSID call today. I held "James" on the line for about 15 minutes playing stupid and asking him the same questions over and over again. When I invented an "emergency that I had to attend to" and asked for a call back number he gave me 626-593-7191. Maybe he will call me again and I can do better than 15 minutes?
May 9th, 2012 at 9:58 pm
LOL – These guys… just tell them the CLSID does not exist and they give up. It has nothing to do with anything and is just a lure to sell you lame ware that you don't want, don't need – I can't belive they make any money.
I feel very sorry for anyone who has been taken victim by these people. Contact your bank immediately, block any transactions to the company, contest any money if it leave your account as it is theft and forgery.
May 14th, 2012 at 6:28 am
Philadelphia, USA. Got a call on this today, 14 May 2012. Called themselves "Data Protection Services for Windows Microsoft" from a guy called Raju. Showed up on caller ID as "Unknown Name 000-053-2212." I was pretty sure it was a scam and pressured him for most of the time for a telephone number to call back, web site, etc. He said they had no web site, and I said what company in 2012 has no web site? He said he could not give me a phone number because their systems would be overloaded if I shared their expertise. After I suggested that he was trying to scam me, he started class ID gag to "validate." When he asked me if I knew what a CLSID was, I said yes, a class ID is a GUID registered to a certain program or com file registered in the OS. He said no sir, it is a Computer License System ID and it was a valid number from Microsoft. Then he asked my Operating System. I said if you have a Computer License System ID valid from Microsoft, you should know what OS I'm running? So he just said OK and skipped past that. Since he was still working from a script I found on this and another site, I said again this is a scam, he assured me no sir it was valid and immediately said he was transferring me to his manager. At this point I simply hung up. 2 minutes later I got a call back from a different unknown number, but didn't answer.
May 14th, 2012 at 6:46 am
Well 3rd time they've called me now usually i just tell them to p**s off at start of conversation then hang up but today i thought id play along. They went the route of running a web address in the run command box something along the lines of or me cant quite remember as spent the whole conversation away from computer.
Obviously they was trying to get software onto my computer but i know enough to know that microsoft technicians aint got time to ring around fixing peoples computers. After making him believe id installed the software entered a 6 digit code an that nothing was happening i got put through to technician superviser for 3rd time at which point he gave me the code again b4 i stopped him to say sorry just wasted 36minuits of ur time(with a laugh oc), he left me with a farewell message of you bas***d no good swine.
Oh how that made me smile.
May 14th, 2012 at 11:46 am
They're hitting the US now. I just got off the phone with them. I played along for about 10 minutes. Damn India people. I finally got bored, ended up telling him that I'm not an idiot and was playing along and told him that he needs to speak better English in order to pull this scam off. He said "this no scam". I finally told him where to go and hung up. He called back immediately cussing up a storm in his "stacatto" way and told me where to go. I told him I was proud of him for using his English dictionary and told him to go eat a cow. He then hung up. No calls since then. Rather hilarious. Please people – don't fall for this crap. Why are so many people out there so gullible when it comes to computers/phone calls/emails?
May 16th, 2012 at 9:29 am
Got semi caught out by this today but did not give them any credit card details. Presumably if they were downloading any dodgy software then I would have witnessed this during the supposed "fix"? They only had access for a short time before I bailed out and nothing appeared to be happening during this time i.e. the cursor wasn't moving around or doing anything.
May 16th, 2012 at 10:12 am
Further to my previous post, at one point, I was asked to run a command and then asked to quote a 6 digit number from the results which I foolishly did. I cannot remember what this piece of data was called or the command but it was actually a 7 digit number but the woman only seemed interested in the last 6 digits. What are the implications of this? Could it possibly be used to gain access to my PC at any time?
May 17th, 2012 at 8:46 pm
Just got off the phone with the scammers….I told them I suspected a scam and wanted a phone number to call to verify their company. I was given this number – (213) 438-9900 which I called and was answered by a person who said they would be calling me back on a recorded line as the number I just called was not recorded. Ummm, since the number I called was answered by a real person, what would happen if everyone who is annoyed by these scammers called and tied up their line??? By the way, I tried calling the number again and got one ring and a hangup…blocked my number did they?
May 18th, 2012 at 5:28 am
Hi Just put the phone down to a very iritating indian whos main word wsa "right", very annoying, I got as far as assoc and started looking for scams on the web, he was getting annoyed after 20 mins cos i kept telling him my pc wsa slow "of course it is he said that's why you need to do what i ask!!!. Does he think I was borne yesterday. I do hope these scammers get their comupence (dont think thats spelt right) cos they really get on my nerves. We have this telephone privacy thing but obviously does not work!!
May 18th, 2012 at 7:31 am
2nd call from these muppets, managed to keep them on the phone for 40 mins while I was taking a lunch break. Took ages for my machine to "boot up" as he asked me to go to the oldest machine I had (it was already running) tried to follow his instructions but he was unhappy when I said this machine was Linux so we had to wait for another machine to boot up (not really
then I went into a total inability to carry out even the simplest instruction on the first (or even fifth attempt) – he was very patient. I even got transferred to his "Manager" at one point. Once sandwiches were finished I turned on the scews asking very specific and technical questions to which he had no answer and eventually he gave up. 10 out of 10 for an entertaining phone call. Waste their time and make their lives as miserable as possible !
May 19th, 2012 at 6:03 am
I am from Toowoomba in Queensland Australia and I got one of these calls from an Indian speaking person who said his name was Jason and he told me that my computer was infected from emails that I had received so I let him go on about it and he said that he could fix it for free and that all I had to do was to look in my computer for errors which there were and that he said my computer would crash and that my windows would be no good to me if that happened.
He then went on to tell me that he could fix the problem for a life time and that I would get support from them when ever I needed it for a one time fee of $419.00 and then when I told him that I didn't want to buy it he became very angry and started to yell at me it wasn't untill he said that he thought that I was thinking that he was a scam that he started to tell me just get your credit card and became very rude so I said that I will report him to the windows people that he finally let me off the phone I was on the phone for about an hour.
One thing that I would like to know is that we have a private number how do they get my number so i will be looking into this to see how they obtained my number.
Thankyou for th chance to let other know about this
Kevin
May 19th, 2012 at 12:42 pm
Just hung up on a rather persistent, nasty Indian-accented man who insisted he was calling from MicroSoft to help me clean up my computer. He started out with stating that my computer was corrupted and was sending various types of failure notices to MicroSoft, and asked if I knew my computer was corrupted. He claimed the corruption was due to malware that I had inadvertently downloaded to my computer. I asked how he knew how to contact me and he claimed it was from my unique CLSID which only I and my "Windows" service provider know. I am not terribly computer literate–I did not know what a CLSID is–but I know enough to understand this was a scam in the making. He claimed only a Windows (or did he say MicroSoft–don't remember) certified technician could fix my problems and that he was going to walk me through the process. I asked him to call back in a half hour, after I had a chance to talk to one of my IT friends from work who is a certified MicroSoft/Windows tech. "No, no", he said. He said I could not wait that long because my computer could crash at any minute. I told him I thought he was trying to scam me because his call came in as "out of area" with no phone number on caller ID. He went on to explain that the number is blocked so that hackers and scammers cannot call MicroSoft back. DUUUUHHH!!! He called poor computer illiterate me to help me, so why would he be afraid that I would be hacking MicroSoft. I should have hung up immediately instead of allowing him to boil my blood some!!!
As soon as I hung up, I checked to see if this is an on-going scam, and thanks to your blog, I find that it is. Thanks for keeping us not so computer literate users informed!!!!
Jean
May 20th, 2012 at 5:37 am
I received the same call yesterday in the UK. A woman with a strong Indian accent identified herself as Anna. She said my computer was corrupted (CLSID) and she needed to help me fix it. The call was disconnected (not by me). So she called straight back. All responses to my questions were quite vague ("I work for the technical department") and she claimed she represented all the service providers. When I asked which company she worked for I didn't hear her first response so she spelled out the name, Starcheck. I've been getting 'silent' calls for several months so I don't know by actual speaking to me and not getting very far will deter them from calling again.
I'd like to know how they got my number as I'm ex-directory and I'm always careful to tick the 'no marketing' boxes when signing up to websites, etc.
If they call again I'll tell them I run only Linux and see where it takes us.
I wonder if the people in these call centres actually know what they are doing – they have my sympathy if they don't.