by Bob Lewis
Planet Rockwall recently received an interesting phone call from a heavily-accented gentleman identifying himself as “Andrew” from “Windows Help & Support.” It seems our computer generated a report on their routers indicating that we had downloaded some malicious code. They needed us to allow them into our system so they could scan it and repair any damage this software might have done.
We were naturally alarmed, because the corporate computer system contains many files of a sensitive nature like photos of Bigfoot, giant skulls, and rocks. We sure didnt want some rogue virus infecting those. But, we were still a little leery after waiting so long for that Nigerian prince to send us the money he promised, so we asked a few questions.
What exactly, we asked, was this software we had downloaded? “We dont know yet,” said Andrew, “All the report said was that your computer downloaded something dangerous, and we have to scan to find out what it is.”
How do we know youre legit, we pressed. “Sir, if you will follow along with me, I will prove to you that we have correctly identified your machine.” Andrew then had us go to the command prompt and enter the command “assoc”. There would appear a long series of files, the next to last of which contains a code called a CLSID. He asked us if we saw the number “888dca60-fc0a-11cf-8f0f-00c04fd7d062.” This, he explained, is a unique code identifying our machine, and that if he werent legitimate, how else would he know that number? We followed his instructions, and sure enough, the numbers matched.
Still not completely convinced, we asked for a phone number we could call back and confirm his claim. “Yes sir,” the ever-helpful Andrew replied, “The number is 214-705-2344.” Cool, we thought, a local number. Smelling a scam we called and got a similarly-accented voice which assured us that they were indeed “Windows Help and Support,” and could we tell him who had called us. We did, and the voice told us that Andrew was right here and he would transfer us to him so he could continue helping us.
Our conversation with Andrew:
Finally tiring of this game, we hung up. A Google search of the term “888dca60-fc0a-11cf-8f0f-00c04fd7d062” turns up the fact that this code appears on every computer in the world running the Windows operating system. Local telephone numbers are easy and cheap to set up to forward anywhere in the world.
How the scam works: Allowing this charade to progress further would have resulted in our downloading a program granting access to our computer. Andrew would then send us a text file showing that a scan was in progress. After a few minutes, a box would appear showing that a particularly nasty virus was present, and that normal anti-virus software cant touch it. But, youre in luck. For the low price of $250 (credit cards conveniently accepted), they can fix your problem remotely. Your computer is now safe from a virus that was never there to begin with, and your credit card is compromised. Further research indicates this scam has been running in various cities for over a year.
This is a sophisticated variant of a so-called “phishing” scam. The “phisher” relies on the victim to voluntarily provide private information they can use to extort money, discover passwords or gain control of their computer. Rather than having to spend time and effort hacking into your system, they trick or scare the user into voluntarily surrendering the information they want. The ‘unique’ ID they get you to look up is not unique to you and your computer is not reporting any problems – and they are not working for Microsoft.
Computer security experts offer this advice to those receiving calls like this. Hang up. You can also report it to http://www.ftc.gov/bcp/edu/microsites/phonefraud/report.shtml. The more reports they get, the more likely it is that they will investigate them. Better yet, put the scammers on hold and leave them there. While theyre waiting for you to come back, thats less time they have to pester someone else.