Phone Scam – Tech Support Ploy
In the recent months, there is a rise of telephone impersonation scams in Singapore.
One particular scam involves Singtel with callers claiming to be a Singtel technician or customer care officer, offering to troubleshoot customers’ Internet connection. These callers ask for personal details including NRIC numbers, Wi-Fi passwords and router numbers.
“This is a scam,” said the company. “Singtel does not ask for Wi-Fi passwords and router numbers during troubleshooting calls.”
It advised customers never to share personal details – including passwords – with unknown callers, and not to click on random links from unknown numbers.
Source: Channel News Asia, 28 Oct 2019
https://www.channelnewsasia.com/news/singapore/singtel-scam-warning-fake-technicians-customer-care-11849878
Read on to discover the right questions you could ask your caller to verify their authenticity.
Source: TangoMan From Quebec, 31 July 2013 http://www.tangomanfromqc.com/node/61
In recent years, many of us would have had the experience of receiving a phone call by a company that claims the identity of Windows by calling themselves Online Windows For Support. In the past few weeks, we have received one phone call a week from them and then another today. Out of curiosity I started to ask them a couple of questions and investigate further, their claims.
I spoke to a person by the name Jim and he claimed that he was from California. His accent however did not sound like an American, but more of like of an Indian. This made me very suspicious. Jim said they have been receiving error messages from my computer for a long time now. Since they’ve been calling me many times already, I asked Jim if I could speak to his manager, who identified himself as Edward and said he worked for Microsoft. Again, this guy did not sound like an American, more of like an Indian (from India). I wanted to know more about the company, so I asked for their website address. With much spelling errors he finally gave me the website as follows below:
This: http://onlinewindowsforsupport.yolasite.com/
It was weird that a support company did not have its own domain name, but instead a subdomain from an internet provider (yolasite.com). I kept all doubts to myself and asked him for an email address he could provide me with, and he gave me the email as follows below:
This: onlinewindowsforsupport@microsoft.com
It made me even more suspicious, as this email address did not appear legitimate to me. I asked Edward when was the last instance that they received an error message from my computer, and he insisted that they received yesterday. My Windows computer was however turned off on that day and has been turned off for many weeks and was not even connected to the internet anyway (no cable connection), so their claim was obviously not true.
Edward told me that even if my computer was not connected, what really mattered was that the hackers were using my IP address to hack and do bad stuff under my name. I did not think his claim was possible. My IP address is of public domain and any web site that I visit will have my IP address (it’s part of the http protocol). A hacker wanting to execute something bad under my name needs some sort of username/password of mine or have access to my one of my computers. So again, this was obviously not true.
After the phone call, I ran Microsoft Safety Scanner and it detected zero trace of viruses or spyware. Edward kept being persuasive and insisted that I was being hacked. I continued to comply as I wanted to dig up more information on these guys. They said that they could prove to me that he had information from my computer. I said OK, prove it!
So, he spelled a CLSID that I should to be able to find on my computer and this was supposedly an information I uniquely only had on my computer. This CLSID was as follows below:
888DCA60-FC0A-11CF-8F0F-00C04FD7D062
or something close to that.
It took me a long time to spell it out to him as command of English was poor and it was a no brainer that English was not his 1st language. Once my computer was switched on, he told me to open the command window (cmd.exe) and type “assoc”, which I did. Once the app had fulfilled its job of listing information, he told me to look for the actual CLSID that he spelled for me. Of course, it was there. Look at the picture below (4th before the last line):
How could he possibly know something about my computer? He kept insisting that my Ip address was being used and so and so forth. At one point I lost my temper leading to the guys disconnecting the phone call.
After that I conducted some research on my own about what he disclosed to me. Firstly, the application “assoc” displays or modifies file name extension associations. So basically, this CLSID is a file on a windows computer. When I further searched on Google for Scam and CLSID, I found the answer to the issue as follow below:
assoc command lists the file associations. zfsendtotarget happens to be the last one. The Class ID identifies a COM object to run.
Source: http://blog.eset.com/2011/07/19/support-desk-scams-clsid-not-unique