Hello, we are calling from Windows and your computer looks like it is infected. Our Microsoft Certified Technician can fix it for you. Sound familiar? Whether you have just been scammed or simply want to find out more on the topic, you have come to the right place. Let’s find out more about tech support scam.

 

Beware Of Tech Support Scam:

 

Anyone claiming to be from “Windows” could be expected to know if there was a virus on your PC, right? And when they guide you into checking the Windows Event Viewer (where harmless errors are logged) and reading out a string of numbers, they usually manage to snare you into their swindle. After all, you don’t want to lose your hard work, or be without your computer due a virus, right?

 

eventvwr

 

The aim of the scammers is to talk you into installing remote software on your computer, so that they might then take control. Once done, this will either allow them to steal data, introduce a Trojan horse or other malware (the remote software itself may be a malicious tool) or just perform a bit of “tech support theater” to make it seem as though they know what they’re doing.

Once the “virus” is discovered, of course, the scammers will demand money for their services of “removing” it. This can go a number of ways, but if you refuse, there is the possibility that the scammers have remotely changed your password or encrypted your files, transforming this into a one-on-one ransomware scam.

 

The really interesting feature, though, is the way that the scam seems to have moved on from giving you your address (which they get from a telephone directory)and a fake IP number to convince you that they can really see your system. A quick google indicates that many people are experiencing much the same thing, the scammer now asks you to check a CLSID.

 

What is CLSID?

 

CLSID

 

A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOTCLSID, but we don’t recommend that you go digging into the Registry unless you really know what you’re doing. Fortunately (from the point of view of interfering with Registry entries), the scammer doesn’t need you to edit the registry to find the CLSID he’s looking for. He simply has to persuade you to run the ASSOC command. It’s easy to do: you click on the Start button, Run, type in CMD to get to the command prompt (DOS prompt) and type ASSOC.

Since it’s a long file it scrolls straight to the bottom, but if you’re really interested in seeing exactly what it contains, you can get it to go through page by page by typing in “assoc | more”: however, the scammer wants you to go straight to the bottom so that you’ll see this entry:

ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

That’s the CLSID on both the PCs open on my desk at the moment. Amazingly, it’s also the one that the scammer quote. And I bet that if you have a recent version of Windows and go through the same steps you’ll find that you have it too. In other words, the scammer can’t see your CLSID or anything else on your PC, including your Event Viewer logs. Unless, of course, you fall for the scam and give him remote access with AMMYY or TeamViewer.

 

Getting help if you have been scammed:

 

Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.

If you already let them in

1. Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.

2. Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.

3. Change all your passwords (Windows password, email, banking, etc).

In some cases (you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:

Master password lock out

There are various ‘hacks’ to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utilty. It is described here.

Missing software drivers

First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and download the appropriate driver.

Missing files

First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.

If you already paid

Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.

 

Reporting the scam

 

Report the scam

In the US: File a complaint (FTC) | More information about online fraud | Florida Attorney General

In Canada: Contact Law Enforcement

In the UK: Report fraud | Report cold call

In Australia: Report a scam | Report telemarketing abuse

In India: Report Fraud

In Norway:  Police Economic Crime Unit

In Ireland:  Garda Siochána Bureau of Fraud Investigation

In Germany: Daten Schutz

In Netherlands:  Spam Vrij

In Belgium: FGov.be

In Denmark: Fs.dk

 

Report misleading ads

TrustInAds.org comprises a group of Internet industry leaders that have come together to work toward a common goal: Protect people from malicious online advertisements and deceptive practices.” Report misleading ads here.

 

Shut down their remote software account

Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)

LogMeIn: Report abuse

 

I hope, it helps. Cheers.

Share On

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest

2 thoughts on “Beware Of Tech Support Scam”

  1. Thank you for this helpful article.
    FYI, I had received a number of calls in my call log (all while I was way, so noone answered the phone at my end) via SIP claiming originating number “00” and caller ID “TechYuga”. Obviously fake, and I would not have been scammed as my computers run Windows only in a VM when needed. As you noted, this seems to happen a lot in Germany at the moment.
    Your business model is quite interesting, and I wish you the best of success. Having worked in IT support for many years, I know it can be both frustrating and very rewarding.
    Best wishes from Hamburg,
    Jan

    1. Jingyansu Choudhury

      Thank you for your comment. Please note that, techyuga does not call people for fixing their computer. And our service is limited to India only. Not for germany. However, we will advice to not to entertain any call claiming from Microsoft, techyuga or apple. They are obviously fake.

Leave a Comment

Your email address will not be published. Required fields are marked *

Brave Browser

UPTO 70% FASTER

Download World's Fastest Browser Ever