Saturday, June 27, 2015

Trying to unmask the fake Microsoft support scammers!

I am a member of a wonderful blog called Ugly Hedgehog® - Photography Forum.

This blog has thousands of members mostly interested in issues related to photography, but many other discussions covering all kinds of technical issues, are also published every day.

If you want to learn anything, and I mean anything related to photography, this is the place to be.

I receive an email on a daily basis showing the blog and all new activities, messages, questions, comments etc. from members across the spectrum. It really is extremely interesting and I know that most of my readers will enjoy visiting the blog and become members if so desire. Membership is free.

The link to this blog is:

Today, one member had a message concerning scammers who pose as official Microsoft Support agents in order to still information from you, take over your computer and squeeze money from those who fall for it.

Here is an excerpt of a message posted by one of our members, that tells it all:

"I just received a strange phone call from (Supposedly) a Microsoft rep/agent.
A gentleman with a distinct Indian accent called a little while ago. He told me that my computer was infected with malware and/or viruses and he was calling from MS to help me. He told me to press the Windows key and type something like eventxxx at the prompt. I told him that I was very leery about typing anything in and running any program at someone who purportedly represents Microsoft.
He then told me that he knew my unique ID number and told me to write it down. He the told me to run MSCONFIG from the prompt and type in ASSOC which would match the number he gave me beforehand and prove he was legit. While he was talking to me I looked at the reports from Malwarebytes and Norton and they showed nothing.
I then told him that I very reluctant to do anything he suggested via a "phone call from Microsoft."
I said that unless I received an official email from MS, I wasn't going to run any programs from someone who made a personal call to me.
He said goodbye and hung up.
I then decided to back check the number he called me from and the app said it was an invalid number.
Has anything similar happened to any of you?
What are your thoughts?"

Another member posted the following answer:

"hi i'm from microsoft, honest
now if you just type windows and r and type cmd we can just verify your consumer licence id

if you type assoc your licence number should be
CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 is that correct , good its the right system.

now just type verify what does it say? Verify is off thats bad very bad you can't install any security updates at all...

Now small confession i'm not from microsoft and 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 is not unique to your computer either.

Sounds good doesn't it. Microsoft don't particularly care if your computers infected or not and they certainly don't ring up individuals to tell them they are infected!

That little script was based on this page

So when you get a call ignore it , hangup and do not follow any instructions they give you.

Hope this helps, be safe"

The link above will take you to a site called SECURELIST authored by , which explains in detail how these scammers operate, and how to catch them in the act. The post is dated August 4, 2012, which tells us, how long these scammers have been pestering a large number of computer users around the world.

I hope this will be of help to you all.



PC said...

it's good to know

Anonymous said...

Hello George,
I've found your blog to be very helpful, and it's always great to find such tech enthusiasts sharing their interest.
I'm not sure if you have addressed this on one of your previous post, but I've found that using ad-block/privacy browser plugins significantly reduces the risk of getting a bug from malicious website code. My favorites are Ghostery (tracking/privacy/adblock) , AdblockPlus (ad-blocking: prevents video ads/popups and ads disguised as content) and Disconnect (for tracking code block), but there are many more.
I have been using those plugins in chrome and firefox with great results. You always have the option to disable the plugins for your favorite/safe websites, or temporarily.
Hope I'm being helpful.