Hello, we are calling from Windows and your computer looks like it is infected. Our Microsoft Certified Technician can fix it for you. Sound familiar? Whether you have just been scammed or simply want to find out more on the topic, you have come to the right place. Let’s find out more about tech support scam.
Beware Of Tech Support Scam:
Anyone claiming to be from “Windows” could be expected to know if there was a virus on your PC, right? And when they guide you into checking the Windows Event Viewer (where harmless errors are logged) and reading out a string of numbers, they usually manage to snare you into their swindle. After all, you don’t want to lose your hard work, or be without your computer due a virus, right?
The aim of the scammers is to talk you into installing remote software on your computer, so that they might then take control. Once done, this will either allow them to steal data, introduce a Trojan horse or other malware (the remote software itself may be a malicious tool) or just perform a bit of “tech support theater” to make it seem as though they know what they’re doing.
Once the “virus” is discovered, of course, the scammers will demand money for their services of “removing” it. This can go a number of ways, but if you refuse, there is the possibility that the scammers have remotely changed your password or encrypted your files, transforming this into a one-on-one ransomware scam.
The really interesting feature, though, is the way that the scam seems to have moved on from giving you your address (which they get from a telephone directory)and a fake IP number to convince you that they can really see your system. A quick google indicates that many people are experiencing much the same thing, the scammer now asks you to check a CLSID.
What is CLSID?
A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOTCLSID, but we don’t recommend that you go digging into the Registry unless you really know what you’re doing. Fortunately (from the point of view of interfering with Registry entries), the scammer doesn’t need you to edit the registry to find the CLSID he’s looking for. He simply has to persuade you to run the ASSOC command. It’s easy to do: you click on the Start button, Run, type in CMD to get to the command prompt (DOS prompt) and type ASSOC.
Since it’s a long file it scrolls straight to the bottom, but if you’re really interested in seeing exactly what it contains, you can get it to go through page by page by typing in “assoc | more”: however, the scammer wants you to go straight to the bottom so that you’ll see this entry:
That’s the CLSID on both the PCs open on my desk at the moment. Amazingly, it’s also the one that the scammer quote. And I bet that if you have a recent version of Windows and go through the same steps you’ll find that you have it too. In other words, the scammer can’t see your CLSID or anything else on your PC, including your Event Viewer logs. Unless, of course, you fall for the scam and give him remote access with AMMYY or TeamViewer.
Getting help if you have been scammed:
Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.
If you already let them in
1. Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
2. Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.
3. Change all your passwords (Windows password, email, banking, etc).
In some cases (you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:
Master password lock out
There are various ‘hacks’ to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utilty. It is described here.
Missing software drivers
First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and download the appropriate driver.
First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.
If you already paid
Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.
Reporting the scam
Report the scam
In Canada: Contact Law Enforcement
In Australia: Report a scam | Report telemarketing abuse
In India: Report Fraud
In Norway: Police Economic Crime Unit
In Ireland: Garda SiochÃ¡na Bureau of Fraud Investigation
In Germany: Daten Schutz
In Netherlands: Spam Vrij
In Belgium: FGov.be
In Denmark: Fs.dk
Report misleading ads
“TrustInAds.org comprises a group of Internet industry leaders that have come together to work toward a common goal: Protect people from malicious online advertisements and deceptive practices.” Report misleading ads here.
Shut down their remote software account
Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
LogMeIn: Report abuse
An Important Announcement:
Recently, we have received a couple of e-mails from some German customers saying, someone have called them from India and offered them our service. And it is quite easy for people to believe that, we are just like many other techsupport scammers as we are mainly based in India (Where most of the cold calls initiated) and we don’t have any big brands supporting us(Since we are a startup). I have decided to make an announcement and clear few things about our business policy.
We do not make cold calls:
Outbound marketing is mostly based on cold calls and spam mails, forcing customer to make an instant decision to purchase something. And it is a wrong way of promoting any business as any instant decision made my human mind mostly change later on. Hence, customer retention ratio is extremely low with such type of marketing strategy. As a growing techsupport business, customer retention is very very important for us. Our goal is to keep our customers satisfied in such a way that, they can come back to us again and again whenever they need any technical support.
No fix – No pay policy & Repair First Policy:
We are so confident about our technical expertise that, we have introduced No fix no pay policy and repair first policy. It means, we never ask our customers to pay us before we work in their computer and fix their issues unlike many big technical support companies. We do not even have a payment gateway integrated in our website.
How does it work?
1. You visit our site, report your issues either via live chat, email or by creating a support ticket.
2. We assign a technical expert for you, who can collaborate with you in order to understand your issues and fix it.
3. Once you confirm, your issue is fixed. We send an invoice to you for the payment.
We are an independent organization:
We do not represent any big organization like Microsoft, Apple, Dell, Hp and so on. Nor we have any special authorization/certification from any of these organization. We are just a bunch of geeks, who knows technology very well and love helping people.
We are based in India:
Not every Indian you talk is a scammer (Off course, there are a few). India is wold’s IT capital and one of the biggest hub of support and maintenance project in information technology(China is No 2). It means, whole world is literally depending on us in their day to day life and we are quite proud of that. Techyuga is a private organization registered under govt of India and United Kingdom with complete authority to provide technical support for computer users all over the world.
1. Nobody can see, if you have problem in your computer (Not even Apple or Microsoft).
2. If you get a call from someone claiming he/she is from techyuga or Microsoft or CIA or Avengers. Just know, its a scam. Hung up (Or play with him, if you want to).
3. We are here for a long run and we don’t scam people.
Director Of techyuga