2012-06-26

"Windows Support Centre" scam


I just got called by the folks running the "Windows Support Centre" scam. If you haven't seen this one, the pitch is that they have noticed that your PC is producing a lot of Windows error messages and will crash and burn unless you let them help you. They are pretty skilful. If you express skepticism (as you should!) they ask you to examine the Windows Event Viewer whereupon you will see many error messages. This is normal for a Windows machine, but they will try to tell you that it is not.

It gets better. I continued to express my skepticism, so they went to the next page in their script. They get you to issue the "assoc" command in a windows command session, which produces several hundred lines of output. They draw your attention to a line near the bottom which contains .ZFSendToTarget=\CLSID=<888DCA60-FC0A-11CF-8F0F-00C04FD7D062>. They read if off to you over the phone in an attempt to convince you that they are legitimate. After all, how would they know your "computer id" if they weren't a genuine Windows support centre?

I was still skeptical, but I decided to play along. They had me open a browser window and type in a URL for a site that does remote management of PCs. I stalled for a few minutes while I opened up another browser window and Googled the URL. Sure enough, on the first page of hits were a couple of postings about this scam.

I hung up on the guy. I felt good about wasting his time, time he might have used to reel somebody else in.

See this link for more information. Among other things, it explains that .ZFSendToTarget is not a unique value; most Windows PCs have it.