Dealing with the ‘Your computer has malware’ call from ‘Microsoft’

image

 

 

I had an interesting phone call today from someone who told me that I had issues with my machine – ‘Right now’.  I was curious to find out the technique that they used to scam people so I acted dumb and asked him why he knew. 

 

The caller – and the delay on the line  – sounded like I was talking to someone from India.  He said his name was Michael and he was calling from the Windows Service Centre and worked on behalf of Microsoft.  Pah!!

He assured me that this was a British company with offices in Manchester.  He gave me the phone number too: 0161 4085 067.  Hmmm…

 

He stated several times that if I called the company, then it would prove he was legitimate.  He then asked me if I was sitting in front of the computer and asked me to do a few things for him…

 

 

He asked me to access the Start button and type in Run, then cmd

He then told me to type ‘assoc’ and hit enter, told me not to worry about all of the text scrolling down on my screen, but as proof that my computer had sent him a message, he read out the line at the bottom of the screen

image

He quickly read out: CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} – whilst I tried to slow him down, pretending to write everything down… He said that the number proved that he knew it was my machine (actually this number exists on EVERY Windows machine!)

Then he asked me to type EVENTVWR and asked me what appeared Smile

He took me into the Application log in Event Viewer and told me that all of the application information messages were being sent to him so he knew that there was malware on my machine, quoting the errors and warnings on the screen. He asked me how many entries I had, and I told him 763!  He said.  That’s how many times your computer has been messaging us with this information.

Unfortunately, my dumb act must have made him a little bit suspicious. I asked him if he worked for Microsoft, which division, and how he knew it was my machine ‘sending him messages’.  I spent a little bit too long grilling him on how this relationship with Microsoft worked.  I was rumbled,  so I never got to the URL part of the script. 

Of course this is a telemarketing scam, which has been reported on several times,  where the scammer tries to gain access to your machine to run a script and gain access to your machine.  But so often, people fall victim to the scam.

Microsoft have a page dedicated to common scams stating that they NEVER call anyone to help them fix their computer (they’re busy enough on the forums and dedicated support lines)

image

I kept him chatting for as long as he could – my reasoning is that the longer I kept him talking, the less calls he’d be able to make that day, but I think I was rumbled.  Unfortunately, a search of the web shows that too many people fall for this type of scam…

Sure, he asked me if I had a PC, and if it was a Windows machine.

But he didn’t ask me if I was actually connected to the Internet… Oh Drat… Hopefully I’ll be able to get the punch line out next time..  Smile