Playing Along With Fake Microsoft Support Call

Fake Microsoft phone scam

This page is information about the fake Microsoft / Windows support phone call scams, The following is what happens if you play along with these scams, well in my case to a point before they put the phone down. No one from Microsoft or any other company would cold call to say you have a problem with your pc. So the following is a warning, sorry if long article just want to go into as much detail as possible so you don’t fall for these scams.

Had a phone call this morning, the call came up on caller id as “out of area” A foreign sounding lady said that she was from “windows support” and that I had problems with my pc and she would show me what was on my system, really went into detail about that there are virus and software on my pc that has been downloaded and is passing information onto other parties. She also gave me my full name and address, so that she supposedly confirms she is calling from Microsoft. Though remember most people’s names and address is available either through the phone book or electoral register. I have to say they do make it sound convincing so can see how people would fall for this kind of call.

She asked to turn on my pc at that time I said which one as I have several around the house. I wanted to play along but though would see if she could work out if knew anything about pc’s so said that I also have a laptop with a Linux operating system on, this did seem to throw her of guard for a second or two, but then told me just to use the windows pc, I asked does it make a difference which version of windows she said no.

On the pc she asked me to use the windows key and press R, i.e. to get the run dialog box up, then asked me to type CMD, I did ask if the command prompt needed to be open in administrator mode, at this point she didn’t know exactly what to say as was unsure of admin mode. Within the command prompt she asked me to type “assoc” so she could prove that she was calling from Microsoft. Now for people that don’t know running this command just shows you associated file extension on your pc. Though towards the bottom of the list is the CLSID, she says the number is unique to your pc and only the owner and Microsoft will know this, so she reads out the number which is “888DCA60-FC0A-11CF-8F0F-00C04FD7D062” now this number is no way unique this number is a licence number for a standard extension within any windows pc for ZPSendToTarget. But they really do make you think this is unique so then they can carry on with the scam.

command prompt

What will be listed in command prompt

Within the command prompt they get you to type in “eventvwr” this launches the windows event viewer. She asked what is listed on the left hand side under Event viewer (local) they ask this as this list is slight difference depending on the version of windows you are running. She asks you to open “Administration events” She states that if you have error messages or warning these are viruses on your pc. Again this is not true under the Administration events there will be errors as this only shows errors within your pc, now on most pc’s 95% of these are nothing to worry about as these are just standard warning or errors windows produces from even having problems connecting to the internet to a simple program crash etc.

But again they make most people think these are major problems or viruses etc on your pc, after she has confirmed these errors she wanted to pass me onto a “senior technical supervisor” I did say well if I have got viruses and she is from windows that the security software on my pc is Microsoft security essentials is she saying that the Microsoft software is rubbish, she hesitated and said that it had just stopped working. So they will make you think any type of security software on your pc i.e. MacAfee, Norton, AVG etc has just stopped working. I did ask if she could prove that and she just went on again about the amount of software on my pc etc.
I then was passed to the senior tech guy, he gave his name and again asked if I had gone through the checks i.e. the CLSID and event viewer, I said yes he did ask how many pc’s I have got I told him and he then said that all pc’s will be infected, I did state they run different versions of windows and Ubuntu and different security software, but was still adamant that would be on all pc’s around the home, Did state we have several Android tablets on the internet, but he just brushed over that. He then asked the age of the pc I did state was a few years old but has undergone changes ie cpu, memory, hard drive etc. As a guess was trying to get you more worried if you have an older pc. He then asked what I did on the pc, I just asked well what do we need to do to sort this, but he carried on saying do I go onto Facebook, twitter, emails, internet etc and asked again so did say im a computer engineer and web designer. He did hesitate and then asked do I know about event viewer as he knew he was going to get caught out. I said no not really so he went on again about the errors in event viewer that are then virus, so I stated again about is supposedly their own security software is rubbish, again he said no there was a pause for a few seconds and Then the phone went dead. At this point I was having a giggle to myself. The call upto this point was about 15 minutes long.

event viewer

Standard errors within event viewer

Now if he hadn’t of sussed I knew what I was doing the next step they take is normally to get you to download software to let them take control of your pc, this can be anything from logmein to remote desktop. Once they are in they would normally install software on your pc that may show fake virus lists etc and at this point could go either of two ways.

1. show you screens that supposedly show that they have cleaned up any fake viruses on your pc and ask for money for the service they have done. They may even get you to transfer money direct to them using paypal or direct from bank. Remember they are still logged in so can see any details you type in, as their may even be a key logger installed that show them every key you press.

2. Again show you they have cleaned up the software on your pc, but unknowing to you that software is still sitting on your pc, now this is the spyware / virus software they have installed and then within a few days or even weeks will then keep popping up that you have viruses on your computer and then asking for money to clear this up, some of this type of software can even lock you out of booting up your pc to the desktop without you paying to have it removed.
If you have ever got to this stage of these fake Microsoft virus scams, DO NOT PAY any money. As they could then use your details for fraud, as they will have your credit /debit card details.

The best thing to do if you have any software on your pc that seems to show lists of virus or any type of ransom ware software is to speak to a computer engineer, or computer shop like myself as 90% of the time these can be cleared up without any problems and you will not loose data, in the other 10% of the time your pc may need to be reloaded, though engineers like myself will be able to save any data i.e. photos, videos, documents etc. The charge for a service like this could be as little as £30, which is well below what you will pay the scammers and even after you have paid the scammers the software is still on your pc, so this can happen again and again.

So this is a warning about getting caught out with these support phone calls, I can see how easily people can fall for this type of scan so please share this page so that everyone is aware of this type of phone scam, as like all scams they rely on people falling for it and paying money. So if everyone knows about this they wont make any money and eventually will stop. So if you get one of these calls just put the phone down. Though if you think you do have any problems with your pc speak to a company that can help you help direct ie like myself .

Follow For Updates

If you found this article interesting or useful, why not follow us for updates though the following: Twitter, Facebook, Google+, Tumblr or email. For updates of photos I upload see Flickr, Or share this page using the services below:

You may also like...

2 Responses

  1. Matt B says:

    I often wondered what would happen if someone who knew their stuff went through the motions on one of these calls.

    Interesting to read the results – Thanks for the info!

    Matt B (Facebook Connection)

  2. Lyn Vesey says:

    Just reading your post and have to smile. For some reason I receive these calls nearly every month or so no matter what I try with them eg hangup, say a few choice words, or when they tell me to turn my computer on, I respond that I don’t have a computer.
    I had another call yesterday so tried a different tack. I played along with answers but did not turn on PC. I kept asking who she was and how did she know I had a problem. Kept her going for 5 mins or so and then said after one more question from her re my PC what was her name again and that I had to keep her talking as the police had asked me to keep her talking next time she calls. She said pardon so I repeated my statement. All of a sudden the line disconnected. Be interesting now to see if I receive any more calls. The calls usually come in from Greece although she told me she was calling from London.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.