Tech Discussion PC support Telephone Scam

velvetfog · 01-22-2014, 01:47 PM

An east Indian called, claiming there was something wrong with my computer.
I listened to his entire pitch, which was quite clever.
He first wanted me to open a command prompt box and type assoc at the prompt.
That brings up the file association list in the operating system.
The second last item on the list is the following entry:
.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
The east Indian then read the CLSID number sequence back to me, as "proof" that it was my specific computer that he was receiving problems from.
This number is in reality the exact same on all Windows machines.
But to the clueless end user, it is a neat confidence building trick.

It boiled down to that he wanted me to go to the www.deamviewer.com web site and download that particular TeamViewer clone,
so that he would be able to make a remote connection to my PC and mess with it.
I did not do that. Instead I hung up on him and call blocked the number.
He then called back 5 more times, with the call originating from a different phone number each time.
Beware of this type of call. It is a scam that will cost you a lot of money, since they effectively take your computer hostage until you pay them.

Here is a YouTube recording made by someone else of a similar scam phone call:

Read more about this particular phone scam here:

Can't catch me! The zfsendtotarget telemarketing scam

PC Support Security Scams – ZFSENDTOTARGET CLSID Trick

Scam? Using zfsendtotarget=CLSID\{ 888DCA60-FC0A-11CF-8F0F-00C04FD7D062} to sound legit?

(This post was last modified: 01-22-2014, 01:54 PM by velvetfog.)

AliShibaz · 01-22-2014, 04:31 PM

I would have thought that tech savvy people would know not to ever answer a knock at your door unless you know who is knocking. And never just pick up your phone and answer it unless you know who is calling.

I know who is calling because I either made an arrangement for them to call at a specific time. Or I can see their name and number on my phone.

If someone wants to call me, they need to make prior arrangements. Otherwise when you pick up the phone, you could be talking with a creep, a criminal or even worse ... a cop.

velvetfog · 01-22-2014, 05:37 PM

I always answer my phone, unless the caller ID shows an area code that starts with the digit "8".
Phone numbers that I find annoying, I copy into a block list, as I own a freestanding callerID device that has a blocking function.
Any incoming call from a number in its block list get an automatic answer and hangup toggle on the line after the first ring.

Anyway, I am now getting myself ready for the next time the Windows virus telemarketing scammers call me.
I have a Ubuntu Linux machine with the VirtualBox software installed.
In the VirtualBox folder I have a virtual machine install of Windows 7 which exists as a single 12 GB file.
I have now made a copy of that Windows 7 image file, so that when they mess with it, I can replace it with a copy of the original.
Next time they call, I'll go along with their scam all the way, by letting them do their TeamViewer remote connection into my virtual Windows 7 install running inside of Linux.
It is a perfectly safe place for them to mess around, since they won't be able to do anything outside of the virtual image file.
I am curious to find out how much they charge to "fix" my PC after they mess it up.

(This post was last modified: 01-22-2014, 05:40 PM by velvetfog.)

System Folder · 01-23-2014, 05:29 AM

I always answer the phone when I can. If I received a call like this, I would've pretended to be extremely computer illiterate and waste as much of his time as possible. The stupider I acted, the more it world make me look like a good candidate for his scam.