If you haven’t already received a call from a ‘Microsoft Windows Center’ insisting on helping you get rid of ‘lots of hacking file in your computer’, chances are that you will, and soon.

This unfolds according to a pattern that has been in use for the past few years and begins with a long distance ring. Sometimes it’s from 19999100103, other times it’s from 02033183026 or any number of other fake Caller IDs. It’s almost always an informational message from a somewhat assertive caller indicating that your computer is spewing malware and it needs to stop.

Helpfully, they offer to work with you to clean it up, and if you’re lucky enough for the supervisor to be available, that individual will take you through the steps of liberating you of some cash in exchange for the support call, or remotely accessing your computer for further diagnosis. Either way, don’t feel too special as they account for up to 80% of all reported fraud. 

They’re likely to be:

  • telling you they’re calling from a Microsoft Call Centre or from a specific nearby location
  • running eventvwr to support their claim that there are events taking place in your computer,
  • “verifying” your Windows CLSID (perhaps by running ‘assoc’ from the command line (after explaining that you need to press Winkey-R) to make sure they have “the right person”.

You’ll then be invited to go to a site (such as www.support.me or www.irssupport.net but really, it could be anything as they’re created and dismantled all the time) to set up an incoming remote access connection (usually through LogMeIn or Teamviewer).

  1.   Don’t stress. There’s not much you can do about it, so either have fun with them, or simply hang up.
  2.   Report it to Phonebusters at http://www.antifraudcentre-centreantifraude.ca. They build statistics that track the scam and post advisories, but that’s about all they can do. This is a global scam that’s easy to pull off.
  3.   Don’t panic. Although they want you to believe they can ‘see’ your computer, all they have is your name and sometimes your address, likely from a stolen database. The aforementioned CLSID is not a unique number, but a code common to different versions of Microsoft Windows.
  4.   Don’t get angry. They’re only lying to you. It isn’t the first time it’s happened and it certainly won’t be the last. You’re likely talking to a hungry minion working in a call centre. The big shots are probably busy trying to extract profits from the credit cards and computer access entrusted to them by uninformed victims.
  5.   Don’t bother asking for their information so you can “call them back”. They’re obviously going to give you a fake number or site (such as TurnerProtect.com).
  6.   Understand the process. It’s simple and systematic. If this is your first exposure to social engineering, it’s a good opportunity to observe the mix of urgency, legitimacy, discipline, persistence and insistence that accompany the human connection. If the whole thing didn’t set off so many alarm bells, it would be comical.

Unfortunately more and more people are falling for it, according to recent information released by the Canadian Anti-Fraud Centre.

Ultimately, as long as you avoid doing 2 things, you will be safe:

  1.   don’t visit sites, don’t run software, don’t open emails and don’t allow remote access
  2.   don’t provide any real information, no credit card numbers, no accounts, no tidbits of information.

Enjoy the holidays and if you’re still shopping online, stay on the beaten path.

Claudiu Popa – CEO, Informatica Group

Claudiu Popa is a public speaker, cybersecurity expert, and passionate defender of privacy rights who engages audiences through storytelling and weaponizes academic courses, radio, television, podcasts, social media, and the written word to fight for the vulnerable in society and catalyze positive social change in Canada.

Similar Posts