We’ve had a number of calls in the last week (probably 4, would swear it is the same woman even). After yelling at her a few times and/or being outright mean and cruel (she doesn’t get sympathy…), tonight I thought I’d play along and record it. I missed the beginning as I was on the phone but Wendy brought the camera over in time to catch much of it.
Here’s how this particular scam works
- They call you from a phony number (call display was modded to say 23456789)
- They tell you they are from the computer department
- They get you to open EventVwr (Event Viewer) and look at your application log. They know they will find some reds and yellows in there (in my case, I hadn’t addressed a goofy CAPI issue regarding trusted root certs, don’t worry, its resolved now, I can thank them for putting my on the case ) and they get you to read out the count of items in there (in my case 42000+, this is normal, it writes until the threshold to overwrite is reached…)
- Then they get you to open a Command Prompt and type ASSOC which lists file associations. She gets you to find the association for Windows ‘Send To’ target, which will be the same on all Windows machines (.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}) and pretends that by reading this number back to you, it is the ‘unique serial number’ of your machine and therefore this should serve as proof and authentication that what they are saying is true and you should trust them
- Finally, they want you to go to a website, http://www.ammyy.com, where I assume they then want to take control of your PC and either install a keylogger, trojan or otherwise. I stopped at that point and cut her loose.
Enjoy the Video
[youtube http://www.youtube.com/watch?v=tLw4ZijmLlY&hl=en&hd=1]
Recording of Indian Computer Department Phone Scam
http://www.youtube.com/watch?feature=player_profilepage&v=tLw4ZijmLlY
Today I received a call from a guy who claimed himself to be from ‘Windows Service Centre’ and stated that I have problems in my computer. To be honest yes I have been facing troubles with my computer and thus I believed in what he was saying! He said my computer is affected by virus and my PC is going to crash!!! I became worried and asked him what i could do to prevent this, to save my computer from the loss. He asked me to go to a website http://www.ammyy.com and took access of my computer and showed me the so called ‘virus’, ‘junk files’ etc.
When I asked how would I clean these up, he asked me to purchase a package of $150, and I did!!!! Silly me! I purchased the package from my paypal account and they downloaded another website something called Team Viewer. And said the technician would work on my PC so I should leave it.
Yes, my PC was cleaned up and I am suspicious I have nothing left now!!! They have accessed all my files, folders and God knows what else!! They have got all my credit card details too!! Ah!
I have filed a case from my paypal account i.e. charge back and I will not be convinced anyway. I would request you not to be fooled like the way I was being fooled by this company! I wonder if they are calling me from Microsoft then why their domain names are different? Why not @Microsoft.com or something similar? Did you ever look at the paypal mail? I am going to read the mail once again with the details of my purchase, that one includes their original mail ID and I will post it here shortly after I get all the reuired details.
It’s like giving car keys to a total stranger who is sure they can fix the problem, if they are simply allowed to take the car around the block.
Thanks for sharing this Sean! You’re worried facial expression was priceless.