Had another call today from a firm telling me that my computer was generating errors caused by malware, which was caused because my security warranty was out of date. I had a similar call the other day, and knowing it to be a scam I asked them which computer was causing a problem, and said that there were over 300 computers in my office and they could not all be faulty. The man that called hung up.
Update 26 November 2010 – Many Companies Doing This Scam
Just want to interject here, as I have had another call today from a company doing the same scam, i.e. telling me my computer is sending them errors. This time I said that it was OK and that my computer was working fine, thanks. They asked if I have an antivirus, and I said that I did. They then said that the antivirus was not able to detect this type of error. The news company is called 360 E Tech Support. I asked for their website details and they reluctantly gave them to me, and then said “ok,. so you will call the support number, thank you” and hung up. Lovely people.
So the companies I have dealt with so far are:
- 360 E Tech Support – 360etechsupport.com
- PC Support Care Today – pcsupportcaretoday.com
- Windows PC care – The company mentioned in The Guardian’s news item
- Microsoft Tech Support
In July 2010 London’s Met Police closed down 19 websites that were performing this scam. More are popping up though.
Microsoft have addressed this as well and stated clearly that “Microsoft does not make unsolicited phone calls to help you fix your computer” on Microsoft’s website.
Hopefully you are reading this because you had a similar call and were concerned and Googled it. This is why I am posting as much as possible. If another company has called you with the same tactics leave a comment below and I will list them too.
Today a nice lady from the Indian subcontinent called me. This is more or less how the conversation went – I wrote most of it down as I knew it would make a good blog post for Webologist. These people are basically trying to do one of two things, I am not sure what, probably actually both:
- Just get you to “buy” a product to protect your computer, but really they just want your credit card details.
- Install illegal software to take control of your computer, install spyware, malware and hijack your emails, and send viruses out to other people.
In short, these people are probably scoundrels that try to con people into handing over their bank/credit card details and then infecting their computers with viruses. They tell you that they are calling from a “PC Support company”, explain that they have Microsoft Certified Engineers (they surely do, as running such a scam is hard without some good Microsoft know-how – but anyone can become a Microsfoft certified engineer, not just Microsoft employees!).
They started asking me what operating system I was using. I pretended not to know, so they told me where to go to find out. ALERT: If they really had received reports that there were errors on my computer, they would know the operating system already.
After finding out what OS I am using (asking me to left click start and then asking if I had “My Computer” or “Computer” listed – i.e. XP of Vista) they then went on to tell me more about the problem. I put in quotes what they said from now on (although it may not be entirely accurate):
“Your system is corrupt because your warranty has run out. As a result malware is getting on to your computer from unsecured websites. This is slowing down your computer and will eventually cause the operating system to fail”.
She went on to ask if my computer was slow to respond ever. As Windows computers age they do tend to get slower. The world gets faster, the harddrive gets filled, they slow down relatively and physically. This is normal. She also asked if I was the only computer user or if others used it (I guess trying to determine which product I should order so that they can control all users?).
The Computer Error Scam
She then directed me to Computer > Manage > Computer Management > System Tools > Event View > Windows Logs. It showed a list of events, with errors and warnings. She asked me how many errors there were. I said about 20. This is not really important.
She told me that these errors were serious and caused by the malware. On looking, one error was when I typed my password in wrong. Another was a video driver that does not work in Vista (ATI thing) that always gives an error when I boot up. Nothing serious there at all.
“There are malware files on your computer. These are creating the errors I mentioned earlier that are being reported to us. You need to remove these malware files. You cannot just delete them, you have to disable the link to the file.”
She told me that “users have been accessing unsecured websites …. downloaded malware …. corrupting files”.
She next led me to the temporary folder on my pc by doing:
Windows Buttom + R (to open a Run command box) then typing “temp malware” which just opens a Windows temp directory. Inside mine there was just about 6 items, adding up to 970kb. A tiny amount. This did not deter her, she told me that if this continues my pc will fill up and die. She did not ask me what was in there (there was Google Chrome, Avast antivirus and a few other things). She then did a silly calculation based on the “total size” and “size” and told me that the drive was already 90% full! I said “it is less than 1 megabyte, that is not much”. She persisted (obviously reading a script).
“We have to now share the operating system ID so that we are sure that we are speaking to the right person and the right computer.”
Here comes their most cunning trick to make you think that they are genuine Windows support.
CMD ASSOC ZFSENDTOTARGET CLSID
They ask you to open a command prompt, “Windows + R” again, then type CMD, then in the command prompt type ASSOC. This lists a load of programs and stuff, and at the bottom there will be something that looks like this:
They will then read out to you the CLSID, which will match, and this is the verification that they have the right person. THEY TRY TO MAKE YOU THINK THAT THEY HAVE TO VERIFY YOU! Classic scammers trick, really it is you that should be verifying them.
This number is not unique. It will be on most computers, maybe unique to Vista, but they have already confirmed that you are running Vista. So if they spell out 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 to you, do not be surprised, as lots of people, if not all Vista users, have a CLSID of 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. So another lie! Another SCAM!
“Does it match? Great, we can carry on safely now. We have Microsoft Certified Technicians that have confirmed that your warranty has expired which his why you are getting these errors. There are two types of warranty, a hardware warranty and a software warranty. Your software warranty covered your operating system, but has now expired and your computer is at risk from more malware.”
She told me all sorts of other scare stories;
“Malware has bypassed the Windows firewall”
I do not even use Windows firewall, I have a 3rd party one instead. I was then told that I had to add some software to extend the warranty. I said (in my most innocent voice) that I was under the impression that as Windows update was on I was getting all the latest updates. She said that these updates were not actually installing because my warranty had expired.
So, to remove the problems and protect my PC I just need to make a one time payment. Oh lucky me! I asked at this point how much it was, but she could not answer (was not on the script in front of her).
She continued to explain, again, how I needed to update my Microsoft Windows warranty to get the latest protection. I asked if it was just spyware protection, and she replied:
“Once the warranty is running you will not need any new spyware.”
A strange answer, a Freudian slip maybe? I guess she meant either “you will not get any new spyware” or “you will not need any new anti-spyware”, or “you will not need any new spyware protection“. The way she said it seemed to suggest that I was going to get some new spyware…. hmmm….
I pretended to be very worried, concerned, scared even, and asked how I get a new warranty. She said that I just need to visit their website and click “subscribe” (sounds so nice doesn’t it, subscribe, not like buy, or give away credit card details on an unsecrured site). So she next gave me the web address.
“You will have to type this into the address bar, not into the search box.”
Oooh, I wonder why…. maybe the site is not listed in Google? Maybe there is a spam warning? I obviously Googled it. They are actually listed in Google.
“Just type in pcsupportcaretoday.com“
Now, a search does bring up a result:
I first used the handy Google preview tool to see the site. I quickly checked the “police crack down on computer support scam” from The Guardian. That report gives a different name (same scheme though).
So I then went to the site and acted all lost and confused while taking a look.
First thing, the home page looks different already. Second, in the footer it says “Copyright 2010, pcsupportcare.com. All Rights reserved.” Now that is interesting, as it suggests that they recently moved from pcsupportcare.com to a new website, with “today” tacked on the end. WHY WOULD THEY CHANGE THEIR ADDRESS?
pcsupportcare.com gives a 403 Error – forbidden. The site is offline, permanently. Not even redirected. Highly suspicious. What does Google say about the old domain? Strangely, not much. This is a pretty good sign that they keep changing their web address to keep bloggers and Google off their trial. Any repsectable business would be mentioned all over the Internet.
They also link to a Facebook profile and a Twitter page. The Facebook profile has 1 person liking it (an Indian chap who also runs a web design business) and the Twitter page has nothing – no tweets, no followers, not following anyone. Highly suspicious.
The Many Warranty Options
Like all good salesmen they give the victim many options to chose from, trying to make you feel like you are in control. So on their “subscription” page, you can elect to purchase any one of several items.
Now, I asked the kind lady how the product would be installed once I have bought it. Do I download it from their site, is a CD sent to me? No.
“One the warranty is running your computer will be updated automatically each month.”
So I do not need to do anything! Wow! Once clicking that “subscribe” button (buy/hand over personal data) they can then upload new applications to your computer remotely without your permission! Great.
Actually, earlier on in our conversation I was asked to check something and I got the Windows security alert come up, you know, the “do you want to run this / change setting / trust etc” I forget exactly what it said, but I asked her, “is this safe? Windows is saying I need to give permission to change settings”.
“Oh yes, that is safe, this is to ensure that your warranty is working properly.”
Phew! For a moment I thought they were trying to see if I could give them access to my pc!
Anyway, after being asked 10 times which warranty level I wanted to buy, I said that I was unable to to order at the moment as I did not have my wallet on me. She said that she could wait while I go and get it, and insisted. I said, “no, I will do this after lunch, I can pick up my wallet on the way back from lunch”. I asked if I could call her direct incase of problems, after a long pause she gave me a telephone number (checking with the boss no doubt) and gave me 0151 4402 7854. She said her name was Monica, although she did not sound much like a Monica.
0151 4402 7854 does not come up in Google, but 0151 4402 does: phonespamfilter.co.uk/phones.php/01514402
So there you go. In case that page is inactive when you are reading it, is basically lists a bunch of telephone numbers that have been flagged as nuisance / cold callers.
What Is All This About?
In short, a company calls you out of the blue pretending to know about your computer, and tells you that they are getting reports of errors from your computer. They essentially pretend to by Microsoft, although are actually careful not to say “we are Microsoft”.
They trick you into thinking that you have a problem – even when you probably do not.
They then convince you that your Microsoft Windows Warranty has expired. There has never been such a thing. If you have Windows, whether it be XP, Vista or Windows 7, you have already paid for the operating system and can download (ideally you have set it top automatic) the latest updates to the operating system.
You can, and should, use better Anti-virus, anti-spyware and firewalls than those which are bundled with Windows. Why? Well, for the largest, richest and most powerful Operating System, Windows for some reason never seem to bother much with security. Instead you need to use third party software. OK, for average use, Windows firewall and Defender may be OK, but there are so many sneaky virus writers out there now that you can land on a website with a trojan/virus on it from a Google search. So no site is really safe.
If you Google “ZFSENDTOTARGET CLSID ~scam” you will find many other references to this trick.
There are many very good FREE products that you can use. Here are the ones I have been pleased with over the years:
Free Anti-Virus
Free Anti-spyware
Free Firewall
All of these free tools have premium versions too. That is how they make their money – provide good free tools so people like me mention them, and then also provide premium versions. Really, you should be mostly safe with the free tools.
Windows Security Tips
- OK, Microsoft will never call you to say you need update your computer – so if you get a call, its a scam.
- Set Windows to automatically update
- Never do anything on your computer that you do not understand, especially if someone phones you and tells you to!
- Never install software if you do not know what it is or why you are installing it. Most of this scam is designed to make you think that you know what your are doing and why. That is how scams work!
- Install some 3rd party anti-virus, anti-spam and a firewall, and keep them up to date.
- Never click on links in emails that you do not know to be OK.
- If you land on a website and you see some sort of “scanning for viruses” come up – close your browser immediately. Close all apps. Disconnect the internet. Run a system clean up (like CCleaner – http://piriform.com/ ) run anti-virus, reboot, run again. This is belt and breeches, but be careful! Some scam sites pretend to be an anti-virus site but are in fact just a website tricking you into giving them your credit card details. Often after “buying” the product that they recommend you get nothing, just a virus and an expensive credit card bill a month later.
So there you go. Be careful, be vigilant, stay safe. Microsoft will never call you. If you get a call from anyone claiming to be a PC Support / Windows Support or anything like that, they are probably our to steal your hard earned cash or worse, take control of your computer and turn your PC into a zombie spambot.
