(877) 629-6972 info@mycomputerworks.com

Minding my own business and relaxing after a hard day at work and my phone rings.  A scammer called me and from a local number (spoofed if you are wondering 602-795-2230). With a huge smile on my face I decided to play along and scrambled to open my Windows 10 Virtual Machine (1) to let him do his thing. The following is my Experience with a “Microsoft” Scammer.

Before I start the story the Virtual Machine I used was a fresh install of Windows with no infections or issues.

The Call:

First thing he told me he was from Microsoft and that my computer was reporting to them that I had errors on my computer. He had a very thick accent that one would attribute with overseas call centers. Holding in a chuckle I said “Oh no, what can we do!!” To which the tech replied, “I will show you the errors and then get you help to fix them.”

To prove how Microsoft knew it was my computer had me open he had me open a command window and list file associations and claimed the following was a unique identifier for my computer:

zfsendtotarget=clsid 888dca60-fc0a-11cf-8f0f-00c04fd7d062

Interestingly enough its just the “ID” for right click save as. Which EVERY windows computer has. http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/

Then he had me open System Information to show me all the errors.

System Info

OMG! Look at all the errors! Be sure to look at the screenshot below. Notice that the date was off and that there were no errors in the last 4 months.

The Microsoft Scammer claimed those were the messages Microsoft was getting. Of course this is a log of errors on your computer. That’s all the log is, errors. Everything that’s ever happened on the computer that went sideways. Remember this is a clean install with no issues. The errors it’s reporting are because it’s a virtual machine and nothing. Your computer will have some errors. They all do.

How he had me connect:

He asked me to connect my computer to him.  “Anything”, I said “I need this computer for work.” (Giggle) All throughout the call he had me use shortcuts to run things including going to the site below. It was scary how skilled he was at walking someone through the computer

Scam Page

Tight VNC, old school goodness! I asked if he was Microsoft why did we go to a non-Microsoft website.  He corrected me by informing me he is Microsoft Certified and moved on very quickly.  Not wanting to tip my hand too much I allowed it to continue.

After connecting with the VNC client he showed me how he now had control, very much like what we do at My Computer Works when we do online tech support for our members. Although he did stumble a bit with using windows 10…that was funny.

“OMG these are very bad virus!!”

According to him all of these errors are the infections that Microsoft was getting reports about.  Remember above when I told you about the date. How was Microsoft getting reports if the computer was off for over 3 months?

He went on to say it must not be running good.  I said it seems perfectly fine.  So he said it can’t be and wanted to show me to prove that my computer wasn’t working at its best. So he opened system configuration. This mostly has to do with how the computer starts. Stopped services he said, and that is bad, really bad. Again I know that this is all perfectly normal.

SysConfig

The Scammer started unchecking things, done at this point I stopped the charade.

The Confrontation with the Microsoft Scammer:

I paused the VMware before he could break it and proceeded to ask him how often this scam works on people.  He started to try to defend himself.  After a few choice words i wished him a good day.  I should have let him continue but the next step as we know is to break the computer and get credit card info.

What I Learned:

So that was my experience with a Microsoft Scammer. The tech was very confident and very well versed in his scam.  He also was able to get me to connect very easily when I played dumb with his instructions.  Controlling the flow of the call 100% and used some good scare tactics to make me believe that there was something wrong with my computer.  I can see how this works, average person would not know what the errors were or that the CSID is on EVERY SINGLE WINDOWS COMPUTER EVER.

Remember Microsoft has millions (last estimate was over 250 million) of users. That Microsoft has the resources available to cold call people to let them know they have issues is laughable. They don’t even have the staff to answer calls for help in a timely manner. Good rule of thumb. Microsoft will never call you. Ever.  If you ever feel your scammed or just need help call My Computer Works today.

  1. A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. A virtual machine is comprised of a set of specification and configuration files and backed by the physical resources of a host. I use one to test new programs and simulate infected computers.