For months now, friends have been telling me about a telephone scam in which supposed Microsoft people call to help them fix their computers. Not until last week, did I get the call. I played along, and actually found some of what they said mildly believable, so I decided to warn you of what they say, what they want, and provide some information on how you can stop them from scamming you and others too.
My telephone rang and the caller ID didn’t display a number and said “out of area.” I picked up and heard a man with an East-Indian accent telling me that he was a Windows service provider, and that his company had received reports that my computer is slow and sluggish because I had downloaded a malicious file from the Internet.
In the background, I could hear others talking in a call-centre setting — this was not a small operation.
He tells me that these infectious files would badly affect my hard drive and motherboard. (He still had me at hard drive, but I have yet to hear of a virus that could affect the actual motherboard.)
He asked me if he could prove to me that he was from an authorized Windows support provider, so I was curious how he might do that, knowing that this was a scam, and kept listening.
“Brad Smith” then asked me to type in a couple of commands: “cmd” (opens a DOS prompt in a black window), and “assoc” (lists a string of all of the file associations on your PC, ending with a CLSID right near the bottom). He said he would read me the number of my unique computer to prove to me that he was legitimate, and he read me a long number.
While he was reading it, I was busy Googling, and I quickly found out that every Windows 7 computer would have the following CLSID, and that was indeed the string of alphanumeric digits that he was reading to me: 888DCA60-FC0A-11CF-8F0F-00C04FD7D062.
He asked me if that number was correct, so to see his reaction I said “no.” I asked him if I could call him back, assuming he would hang up on me, but instead he gave me a 1-800 number. Googling that number showed that it appeared to be related to a scam being run across North America. I called the number to ask for their company name — and was given one — along with a website.
Like his colleague “Brad,” the man had a similar accent and was convincing sounding, and the website he gave me looked legitimate. Back to Google, that website was, not surprisingly, linked with scam reports.
I found slight variations of this scam also running in the United States, the United Kingdom and Ireland. They had different telephone numbers and different company names — which is to be expected, because as they get shut down by law enforcement, they start up again under a different guise.
What’s common to all of these criminal activities is that they are all trying to get you to give them your credit card number to buy a “fix” to remove the malicious files, or they are trying to gain access to your computer remotely to steal passwords, and your identity.
The man on the telephone got pushy, (I was spending too much time Googling and not listening to him I suppose) and I had the information I needed, so I politely asked him to take me off their list before I hung up. I filed away their “business” name, URL, and telephone number to report them to the appropriate authorities.
Then I started to wonder who to report them to.
I contacted the Better Business Bureau, city police, and Microsoft, but still the question lingered in my mind: if this telephone number and website was associated with this scam many months ago, why was it in operation? Whose job was it to protect Canadians from unethical cold callers going through relatively convincing scripts to harvest information/identities/money from the unaware?
In my next column I’ll tell you more about what I was told by these different agencies, but for now, be quite clear that Microsoft will never call you to offer technical support — this is a SCAM — hang up and warn your friends. (You can forward them this column if you like.)