- Are You A Victim? Contact Action Fraud
- Many Companies Doing This Scam
- Trusted Anti Virus Software
- The First Scam Call I Received
- The Computer Error Scam
- CMD ASSOC ZFSENDTOTARGET CLSID
- Logmein - Get the Code!
- Online PC Care Helpdesk
- The Many Warranty Options
- The Prefetch Malware and Inf Virus Filwr Scam
- What Is All This About?
- Professional Services
- Free Anti-Virus
- Free Anti-spyware
- Free Firewall
- Windows Security Tips
Had another call today from a firm telling me that my computer was generating errors caused by malware, which was caused because my security warranty was out of date. I had a similar call the other day, and knowing it to be a scam I got rid of them pretty quickly. Today I decided to find out what exactly they are doing, so I played dumb, sounded very concerned at all times, and went along with the whole process while taking notes, just so I could raise awareness here.
Are You A Victim? Contact Action Fraud
In the UK you can report problems to http://www.actionfraud.org.uk - they may be able to assist, but most importantly if you get the name of the company, website details and telephone number, reporting them may actually lead to some action being taken against them – hopefully!
Many Companies Doing This Scam
I have had another call today from a company doing the same scam, i.e. telling me my computer is sending them errors. This time I said that it was OK and that my computer was working fine, thanks. They asked if I have an antivirus, and I said that I did. They then said that the antivirus was not able to detect this type of error. The new company is called 360 E Tech Support. I asked for their website details and they reluctantly gave them to me, and then said “ok,. so you will call the support number, thank you” and hung up. Lovely people.
So the companies I have dealt with so far have called themselves*:
- 360 E Tech Support – www.360etechsupport.com
- PC Support Care Today – www.pcsupportcaretoday.com
- Windows PC care – The company mentioned in The Guardian’s news item
- Microsoft Tech Support
- Windows Security
- Windows Service Center
- Computer Systems Worldwide
- Windows care
- Windows Technical Support
*Important Note – some of these names may be perfectly legal and trustworthy companies. One new trend that we are seeing is that the scammers use a known company name first and then direct you to a different website in the final stage.
In July 2010 London’s Met Police closed down 19 websites that were performing this scam. More are popping up though.
Microsoft have addressed this as well and stated clearly that “Microsoft does not make unsolicited phone calls to help you fix your computer” on Microsoft’s website.
Hopefully you are reading this because you had a similar call and were concerned and Googled it. This is why I am posting as much as possible. If another company has called you with the same tactics leave a comment below and I will list them too.
Trusted Anti Virus Software
I trust these services. I also receive commission from any sales.
- AVG Anti-Virus 2012 Professional 1 PC 1 Year
- Kaspersky Anti-Virus Products – protect your PC against security threats with industry leading software!
- McAfee Total Protection- 1-year subscription
The First Scam Call I Received
It started when a nice lady from the Indian subcontinent called me. This is more or less how the conversation went – I wrote most of it down as I knew it would make a good blog post for Webologist. These people are basically trying to do one of two things, I am not sure what, probably actually both:
- Just get you to “buy” a product to protect your computer, but really they just want your credit card details.
- Install illegal software to take control of your computer, install spyware, malware and hijack your emails, and send viruses out to other people.
In short, these people are probably scoundrels that try to con people into handing over their bank/credit card details and then infecting their computers with viruses. They tell you that they are calling from a “PC Support company”, explain that they have Microsoft Certified Engineers (they surely do, as running such a scam is hard without some good Microsoft know-how – but anyone can become a Microsfoft certified engineer, not just Microsoft employees!).
They started asking me what operating system I was using. I pretended not to know, so they told me where to go to find out. ALERT: If they really had received reports that there were errors on my computer, they would know the operating system already.
After finding out what OS I am using (asking me to left click start and then asking if I had “My Computer” or “Computer” listed – i.e. XP of Vista) they then went on to tell me more about the problem. I put in quotes what they said from now on (although it may not be entirely accurate):
“Your system is corrupt because your warranty has run out. As a result malware is getting on to your computer from unsecured websites. This is slowing down your computer and will eventually cause the operating system to fail”.
She went on to ask if my computer was slow to respond ever. As Windows computers age they do tend to get slower. The world gets faster, the harddrive gets filled, they slow down relatively and physically. This is normal. She also asked if I was the only computer user or if others used it (I guess trying to determine which product I should order so that they can control all users?).
The Computer Error Scam
She then directed me to Computer > Manage > Computer Management > System Tools > Event View > Windows Logs. It showed a list of events, with errors and warnings. She asked me how many errors there were. I said about 20. This is not really important.
She told me that these errors were serious and caused by the malware. On looking, one error was when I typed my password in wrong. Another was a video driver that does not work in Vista (ATI thing) that always gives an error when I boot up. Nothing serious there at all.
“There are malware files on your computer. These are creating the errors I mentioned earlier that are being reported to us. You need to remove these malware files. You cannot just delete them, you have to disable the link to the file.”
She told me that “users have been accessing unsecured websites …. downloaded malware …. corrupting files”.
She next led me to the temporary folder on my pc by doing:
Windows Buttom + R (to open a Run command box) then typing “temp malware” which just opens a Windows temp directory. Inside mine there was just about 6 items, adding up to 970kb. A tiny amount. This did not deter her, she told me that if this continues my pc will fill up and die. She did not ask me what was in there (there was Google Chrome, Avast antivirus and a few other things). She then did a silly calculation based on the “total size” and “size” and told me that the drive was already 90% full! I said “it is less than 1 megabyte, that is not much”. She persisted (obviously reading a script).
“We have to now share the operating system ID so that we are sure that we are speaking to the right person and the right computer.”
Here comes their most cunning trick to make you think that they are genuine Windows support.
CMD ASSOC ZFSENDTOTARGET CLSID
They ask you to open a command prompt, “Windows + R” again, then type CMD, then in the command prompt type ASSOC. This lists a load of programs and stuff, and at the bottom there will be something that looks like this:
They will then read out to you the CLSID, which will match, and this is the verification that they have the right person. THEY TRY TO MAKE YOU THINK THAT THEY HAVE TO VERIFY YOU! Classic scammers trick, really it is you that should be verifying them.
This number is not unique. It will be on most computers, maybe unique to Vista, but they have already confirmed that you are running Vista. So if they spell out 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 to you, do not be surprised, as lots of people, if not all Vista users, have a CLSID of 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. So another lie! Another SCAM!
“Does it match? Great, we can carry on safely now. We have Microsoft Certified Technicians that have confirmed that your warranty has expired which his why you are getting these errors. There are two types of warranty, a hardware warranty and a software warranty. Your software warranty covered your operating system, but has now expired and your computer is at risk from more malware.”
She told me all sorts of other scare stories;
“Malware has bypassed the Windows firewall”
I do not even use Windows firewall, I have a 3rd party one instead. I was then told that I had to add some software to extend the warranty. I said (in my most innocent voice) that I was under the impression that as Windows update was on I was getting all the latest updates. She said that these updates were not actually installing because my warranty had expired.
So, to remove the problems and protect my PC I just need to make a one time payment. Oh lucky me! I asked at this point how much it was, but she could not answer (was not on the script in front of her).
She continued to explain, again, how I needed to update my Microsoft Windows warranty to get the latest protection. I asked if it was just spyware protection, and she replied:
“Once the warranty is running you will not need any new spyware.”
A strange answer, a Freudian slip maybe? I guess she meant either “you will not get any new spyware” or “you will not need any new anti-spyware”, or “you will not need any new spyware protection“. The way she said it seemed to suggest that I was going to get some new spyware…. hmmm….
I pretended to be very worried, concerned, scared even, and asked how I get a new warranty. She said that I just need to visit their website and click “subscribe” (sounds so nice doesn’t it, subscribe, not like buy, or give away credit card details on an unsecrured site). So she next gave me the web address.
“You will have to type this into the address bar, not into the search box.”
Oooh, I wonder why…. maybe the site is not listed in Google? Maybe there is a spam warning? I obviously Googled it. They are actually listed in Google.
“Just type in www.pcsupportcaretoday.com“
Now, a search does bring up a result:
I first used the handy Google preview tool to see the site. I quickly checked the “police crack down on computer support scam” from The Guardian. That report gives a different name (same scheme though).
So I then went to the site and acted all lost and confused while taking a look.
First thing, the home page looks different already. Second, in the footer it says “Copyright 2010, pcsupportcare.com. All Rights reserved.” Now that is interesting, as it suggests that they recently moved from pcsupportcare.com to a new website, with “today” tacked on the end. WHY WOULD THEY CHANGE THEIR ADDRESS?
www.pcsupportcare.com gives a 403 Error – forbidden. The site is offline, permanently. Not even redirected. Highly suspicious. What does Google say about the old domain? Strangely, not much. This is a pretty good sign that they keep changing their web address to keep bloggers and Google off their trial. Any repsectable business would be mentioned all over the Internet.
They also link to a Facebook profile and a Twitter page. The Facebook profile has 1 person liking it (an Indian chap who also runs a web design business) and the Twitter page has nothing – no tweets, no followers, not following anyone. Highly suspicious.
Logmein – Get the Code!
Theo Gray suggests (see comment below) that if the scammers send you to LogMeIn take a note of their LogMeIn Rescue technician code. This can be used by LogMeIn to help track and block them. From their website:
“Any violation shall be sent to LogMeIn via https://secure.logmein.com/support/submitaticket/.”
So pass them the details and they will hopefully ban the companies who are using the service to distribute viruses etc.
Online PC Care Helpdesk
After watching the Youtube video of the conversation with Online PC Care (after they called me) I decided to ask them about it. No reply yet.
I simple ask:
Still no reply from them …. been an hour now.
The Many Warranty Options
Like all good salesmen they give the victim many options to chose from, trying to make you feel like you are in control. So on their “subscription” page, you can elect to purchase any one of several items.
Now, I asked the kind lady how the product would be installed once I have bought it. Do I download it from their site, is a CD sent to me? No.
“One the warranty is running your computer will be updated automatically each month.”
So I do not need to do anything! Wow! Once clicking that “subscribe” button (buy/hand over personal data) they can then upload new applications to your computer remotely without your permission! Great.
Actually, earlier on in our conversation I was asked to check something and I got the Windows security alert come up, you know, the “do you want to run this / change setting / trust etc” I forget exactly what it said, but I asked her, “is this safe? Windows is saying I need to give permission to change settings”.
“Oh yes, that is safe, this is to ensure that your warranty is working properly.”
Phew! For a moment I thought they were trying to see if I could give them access to my pc!
Anyway, after being asked 10 times which warranty level I wanted to buy, I said that I was unable to to order at the moment as I did not have my wallet on me. She said that she could wait while I go and get it, and insisted. I said, “no, I will do this after lunch, I can pick up my wallet on the way back from lunch”. I asked if I could call her direct incase of problems, after a long pause she gave me a telephone number (checking with the boss no doubt) and gave me 0151 4402 7854. She said her name was Monica, although she did not sound much like a Monica.
0151 4402 7854 does not come up in Google, but 0151 4402 does: www.phonespamfilter.co.uk/phones.php/01514402
So there you go. In case that page is inactive when you are reading it, is basically lists a bunch of telephone numbers that have been flagged as nuisance / cold callers.
The Prefetch Malware and Inf Virus Filwr Scam
Today (10th August 2011) I had a call which used a slight different method to try to dupe me. They showed me a new list of harmless files and then told me that they were going to cause my computer to die. Chap even said “oh my god, 900 files, that is terrible”. I actually spoke with 3 people in the end. They called themselves the “Windows Technical Support” again.
Anyway, this time they tried to encourage me to press a button on www.ammyy.com which said “Start Working with Ammyy Admin (it’s free)”. I think that this will install a program to allow them to then take control of the PC. The button links to an excecutable file – AMMYY_Admin.exe
I asked what this was going to do and they refused to answer. After a while I got transferred to another person. Amusingly the phone call ended with loud beeps. They called back to ask me why I hung up, quite rudely, and I explained they they hung up on me.
Anyway, I asked why the connection was not going through Microsoft.com and that I did not trust the site. Chap then said “oh, Ammyy.com is not out site, it is just a secure site we use to connect to your computer”. So I asked what his website was, and he told me it is blazesoftwares.com. I asked how long they had been in business for, and he said 10 years. The domain blazesoftwares.com was registered on 4th June 2011.
The website blazesoftwares.com just seems to sell McAfee software. The chap said that their site was built by McAfee, which is why it is new. I shall ask McAfee if this is true (I strongly doubt it!). There website about page does state: “www.blazesoftwares.com is a part of “United Software Solution” located in India“. They quote 3 telephone numbers but these all direct to their Indian office: 020 3287 6725 (UK), 61 3 9010 6138 (AUS), 12134389746 (USA).
What Is All This About?
In short, a company calls you out of the blue pretending to know about your computer, and tells you that they are getting reports of errors from your computer. They essentially pretend to be Microsoft, although are actually careful not to say “we are Microsoft”.
They trick you into thinking that you have a problem – even when you probably do not.
They then convince you that your Microsoft Windows Warranty has expired. There has never been such a thing. If you have Windows, whether it be XP, Vista or Windows 7, you have already paid for the operating system and can download (ideally you have set it top automatic) the latest updates to the operating system.
You can, and should, use better Anti-virus, anti-spyware and firewalls than those which are bundled with Windows. Why? Well, for the largest, richest and most powerful Operating System, Windows for some reason never seem to bother much with security. Instead you need to use third party software. OK, for average use, Windows firewall and Defender may be OK, but there are so many sneaky virus writers out there now that you can land on a website with a trojan/virus on it from a Google search. So no site is really safe.
If you Google “ZFSENDTOTARGET CLSID ~scam” you will find many other references to this trick.
There are many very good free products that you can use. Here are the ones I have been pleased with over the years:
- AVG Anti-Virus 2012 Professional 1 PC 1 Year
- Kaspersky Anti-Virus Products - protect your PC against security threats with industry leading software!
- McAfee Total Protection- 1-year subscription
All of these free tools have premium versions too. That is how they make their money – provide good free tools so people like me mention them, and then also provide premium versions. Really, you should be mostly safe with the free tools.
Windows Security Tips
- OK, Microsoft will never call you to say you need update your computer – so if you get a call, its a scam.
- Set Windows to automatically update
- Never do anything on your computer that you do not understand, especially if someone phones you and tells you to!
- Never install software if you do not know what it is or why you are installing it. Most of this scam is designed to make you think that you know what your are doing and why. That is how scams work!
- Install some 3rd party anti-virus, anti-spam and a firewall, and keep them up to date.
- Never click on links in emails that you do not know to be OK.
- If you land on a website and you see some sort of “scanning for viruses” come up – close your browser immediately. Close all apps. Disconnect the internet. Run a system clean up (like CCleaner – http://www.piriform.com/ ) run anti-virus, reboot, run again. This is belt and breeches, but be careful! Some scam sites pretend to be an anti-virus site but are in fact just a website tricking you into giving them your credit card details. Often after “buying” the product that they recommend you get nothing, just a virus and an expensive credit card bill a month later.
So there you go. Be careful, be vigilant, stay safe. Microsoft will never call you. If you get a call from anyone claiming to be a PC Support / Windows Support or anything like that, they are probably out to steal your hard earned cash or worse, take control of your computer and turn your PC into a zombie spambot.