Monday, March 21, 2016

"Microsoft" attempts to strike again.

With the plethora of information out there (and the number of PSA's that I've made on this subject); I would think this is an unnecessary message.  Unfortunately, people still get fooled into falling for these scams.  Microsoft will never cold call you about a computer problem!

Below I will detail the recent scam calls - how they happened; what they [try to ] do; and why it's bogus.   

I have the fortune (or misfortune, depending on perspective) of one of my numbers being "recycled". Based on certain events over the years, it appears the former owner is a senior citizen.   Seniors end up having their information sold to a lot of legitimate advertising bodies.  These lists also make good targets for criminals.  Why?  Yes, some seniors begin having difficulties with their decision making faculties.   They make easy prey.  With some others, though, they may not be "up" on the current technology, and may be more easily deceived.   Mind you, there are also plenty of Gen-X or Millenials, that are susceptible to the same.

Two recent calls in.   One was "PRIVATE", the other was from 800-439-7794.  Both callers were looking for the former (6 years ago) owner of this number.  So intent they were, that they didn't seem to notice that I told them I was someone else.   Fake names didn't catch, as they kept calling me by the owner's name - one of them even addressing me with the female forename.

The gist of the scam is simple.   Act like they are from Microsoft.  Guide you through very simple Windows commands, and then give you BS as to what you're looking at.  Pretend they will fix this issue, if only you allow them remote access to your computer.  Then enjoy the spoils (your confidential information harvested from the computer, your credit card number, bank account information, etc).

The recent scams deviated a little from the normal.  Sure they gave the normal "I'm [fake name] from Windows Technical Support" bull.  However, instead of hopping straight into the event viewer to tell lies about the logs there, they now want to tell you that your Windows Serial Number was attacked by foreign hackers in your computer, and deactivated"

As a means of "earning your confidence" they "give you the first half of the serial", which will be 888dca60, and then have you open a command prompt ("PressWindows key plus the letter R, now type 'cmd' and press enter").  Once there, they will tell you to type "assoc" and press enter. where they will read off the "rest of the serial" to you, to "match" with the number there.  This will be:

888dca60-fc0a-11cf-8f0f-00c04fd7d062





From there, he'll have you type in "netstat" on your command prompt.   Netstat will generate a list of active connections to your computer.   With regard to "foreign", Netstat refers to "remote", while the scammer used "remote" to mean "beyond the borders of your country".   Every connection that you make has a local and remote point.  If you connect to Facebook, Google, Yahoo Messenger, ESPN, Amazon, and iTunes, then you will have at least six remote ("foreign") connections.  There is nothing overly malicious about them despite the fact that some people can use them for bad purposes. 


From this, they'll try to get you to use a remote access program (TeamViewer, Ammyy Admin, GoToAssist, etc) to allow them to "fix" the problem and "reactivate" your serial number.


Why is this a scam?

First of all, as can be seen all over the internet Microsoft will never call you about a computer problem! 

But... they knew the number, and when they gave me the commands, they knew the rest:
No!  Here's the quick and dirty on the "assoc" command.   It tells the associations of everything on the drive.   It's a very long list, and if you're so inclined, you can read through it using the steps outlined aboveThe CLSID number that you see (and they'll quote you) is not your Serial.  It's not your key.  It's not even unique to your computer.   It's common amongst similarly current versions of Windows, and since it's at the bottom of the list; it's easy to use that to sound "knowledgeable". 

But s/he gave me a website to show they're legitimate:
So what?   Domains are a easy to create.  In fact, GoDaddy - has been the recent registrar and host for quite a few scam domains recently registered with fake information.  With their current promo, a year's worth of hosting can net you a "free" domain for under $15.   If they've fleeced thousands of dollars, worldwide, a few disposable domains are hardly a concern.


What they'll do:
Here are a few things that can happen if you allow the scammers to have access to your computer:
  • They install malicious software, claiming that it's there to "fix your problem".  This could be anything from a program to allow them access at their leisure, or a key logger (monitors your commands, and transmits them - includes passwords)
  • Snoop through your personal files for anting that may be "interesting" (tax info, bank accounts, etc) to liberate
  • Install a free or trialware version of software to your computer, and ask you to pay a price for it - generally a scaled price with the "most reasonable" being for the ""life of your computer".   
  • Change your passwords to lock you out, and "ransom" your computer and files back to you - for a price
  • Damage files or delete information necessitating you spend (more) money on useless service

What you should do:

In general, it's advised that you don't answer the phone for strangers.  know that Microsoft doesn't cold call, and only allow access to your computer to people that you trust.

If you do happen to answer to these criminals, probably the best  course of action is simply to hang up on them.   Microsoft will never cold call, and nothing good can come of this.  Even if your computer is having some difficulties, this is not the way to fix it.

Under no  circumstance allow a stranger to have remote access to your computer.

It is generally not advisable to bait them, as I do at times.   I know what I'm doing.   I know what they're looking for - and how to answer questions to make them think I'm playing along.   Also, when they find out they're being played, they may react  angrily.  Mostly this amounts to them cussing and calling names or making empty threats (they're not going to fly from India because someone made an ass of them for 45 minutes)

Yes, I often have better things to do with my time.   Sometimes I have a project running that I can spare a half hour instead of watching TV during.    I only do this when I'm able to spare the time.  I also do it because the time they waste with me is time they are not trying to fleece someone's grandma or grandpa.  I also do it, so that I may educate others so that they may not fall victim