Today I received a call from my grandmother - she was in a bit of a panic. She had just spent 2 hours on the phone with some technicians from Microsoft's Security Threat Department (or something similar).
Now, before I go any further I would like to say that my grandmother is one of the most careful computer users in my family. She will not even install Java or Adobe Flash updates without calling me and making sure it is OK to install them. So, to continue my story...
She begins to tell me how someone from Microsoft called her following the scenario below:
Scenario: You receive a phone call from a guy (or lady) who says he is from a department of Microsoft (Maintenance & Security or something similar). He states there are high computer virus threats in your area and your computer has been infected with malware. Your computer is also infecting other computers, so it needs to be fixed as Microsoft is really trying to help prevent the spread of viruses. He would like to verify this with you by having you type a few things on your computer.
These commands will generate output that they will use to convince you that your computer is indeed infected with malware.
They will have you run the Task Manager. No matter what shows up on your computer, they will state that your computer has very few resources left because the virus infection is consuming all resources. This is not correct. The photo below shows that the computer is only using a few resources at the moment and is running fine. (red notations are by us to explain what you should look for in the task manager)
These crooks will also have you open the Event Viewer so they may identify errors, warnings, and other issues that will help them gain your trust and fear that something is wrong with your computer and you do really need help from a computer professional.
The event manager does show error messages of all kinds, but most are normal. They may be related to updates that have not completed, restart requests that you denied, network disconnections, and more but may not be directly related to a virus infection.
The above errors relate to a VPN that I connect to - the Cisco VPN client generates these errors during the connection. There is nothing wrong and nothing to fix (on my computer). Your computer logs messages all the time you are using it, so errors are expected to be logged as well as non-error messages and codes.
By now, they probably have you hooked. You have "seen" that your computer is indeed infected and you need help.
....Now they move in for the kill...
What they need now is for you to confirm that your computer is actually the computer they have in their virus report system. They will try to associate your computer with a unique Consumer License ID, but what they actually have you confirm is a class identifier (known to computer geeks as a CLSID).
Above you can see the CLSID. To see this on your own computer, click Start and type cmd in the box and then hit Enter on your keyboard.
In the black box that pops up, type assoc and hit Enter They will then ask you if your Consumer License ID is 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 - yet again proving to your that they are Microsoft and your computer is in their database to be checked.
As you can guess, the CLSID above is the same for all computers. To even a skeptic, having them provide such detailed information about your computer just proves they are here to help......wow.
The next step in their evil plan is to have you type the word verify in that black box.
It will state Verify is off.
The "Microsoft Expert" on the phone will tell you that if verify is off, that means your computer license is not verified.
This command has absolutely nothing to do with your license, it only allows you to enable/disable operating system verification that data has been written to disc correctly.
Response from the "Microsoft Expert" = Oh No! This is terrible! If your license is unverified, you will not be allowed to install security patches from Microsoft. Next - The expert suggests the next step was to allow a technician to remotely access the computer and fix all these problems.
They use a Remote Administration Software and you give them a unique ID after you install their software so they may connect.
Yes, you can see everything they are doing while they are connected.
Once connected, they will open the Certification Manager and selected an old certificate. They will state that your computer has not been updated in a long time because of an invalid certificate.
Now here is where things vary. They may or may not ask for payment at this point.
The technician on the phone will state that the only way to fix this is to activate your system and install security software that will protect you against viruses, trojans, hackers, malware, etc.
Once you say "Yes", they will install a program and will let you know that your computer is no longer at risk. They might ask you to visit a website like www.fastsupport.com or others. Some variations are made at this point with them using LogMeIn and other remote support software to execute their scam.
They may ask you to fill out a form and enter your payment information.
Please note that Microsoft (and other reputable companies including banks) will never call you. And if they do, do not give them any information - state you need a case number and you will call their main number (which you will look up yourself). I personally have done this with American Express credit card processing agents.
What can you do?
Nothing. Hang up. Ask them for a case number and you will call the main company number and give them your case number.
Here is where you are supposed to report phone scams (per Microsoft): http://www.consumer.ftc.gov/articles/0076-telemarketing-scams
This is general info from Microsoft on how to avoid phone scams: http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
I hope you have found this information helpful.
As for myself and my grandmother:
I will be wiping and reloading her laptop to ensure all traces of anything they did are removed.
My grandmother is a bit wiser and less trusting of people calling. Sad, but a necessary lesson in today's world.
Technical Generalist with over 20 years in the field. Experience ranging from server and network administration to web programming and SEO.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.