I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India). He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted.
I’m sure I made his call a nightmare with all the questions I had for him. And after he insulted my intelligence (Him: “that little blinking thing; that is where your letters show up when you type. Look at that please, ma’am.” I decided I’d just play dumb and go along with him to see what he would have me do. Oh, and I asked a lot of questions along the way to gather as much information about him and his organization as possible.
Here are some key facts about the call:
- His phone number is 201-338-6170. I told him I had to go to a different part of the house to get in front of my computer, which is how I got his phone number from him; it does not show up on caller ID. When I called this number someone else (it sounded like) with a very thick Indian accent answered, and then transferred me to “Jason.”
- His company is EProtectionz www.eprotectionz.com NOTE: I advise you to not order anything from this site!
- When I asked him why he called me in particular, he tried to avoid the question or say he was calling to help me. I persisted. Finally I asked him if Microsoft had contracted his company to call me. He then said, “Yes! My company was subcontracted by Microsoft to call me, and that is how I got your information!”
- He told me to enter “eventvwr” in the command line. Well, HE didn’t say “command line”…he walked me through how to get there as though I had never touched a computer before.
- NOTE: Be on the look-out for a caller such as this who calls unsolicited and tells you to enter “cmd” and also “assoc”.
- After going through a few more steps, he had me check my CLSID and said, “Is your CLSID number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062?”
- Of course I said, in amazement, “Why yes? How did you know that?”
- He said, “See!? I know because I’m trying to help you! I was asked by Microsoft to help you! I wouldn’t have known that information otherwise, would I! That is specific to your computer. I wouldn’t have known it unless I was asked to help you specifically!”
- NOTE: Techie friends, correct me if I’m wrong, but isn’t the CLSID code on all MS OS’s, at least late model ones, the same?
- When he told me to go to https://secure.logmeinrescue.com/Customer/Code.aspx (NOTE: Don’t go to this site unless you’re an information security expert and know what you’re doing) and said he would be happy to tell me the code so I could log into the site, I asked him why I needed to. He said so he could download software to my computer to scan and clean my operating system.
- I then said that I would not download software from a site I knew nothing about. He then tried for a minute or so to convince me, and then finally said, “Well, then close down that screen.” Me, “What screen?” Him, “The logmein screen” Me, “No, I think I’ll keep it here for a while,” Him (voice raised), “Close it down now!” Me, “Why are you yelling at me?” Him, “Sorry, I wasn’t yelling, that is just how I talk.” Me, “It sounded like yelling to me.”
- After a few more minutes of such talk, and yes, he started almost yelling again, I stopped and started telling him about the reasons why I would not do as he asked, and then I started explaining to him about cyber scammers and cybercriminals.
- Sadly, then, dear “Jason” then hung up.
Yes, I will report this scam to the FTC as a type of phone fraud: http://www.ftc.gov/bcp/edu/microsites/phonefraud/report.shtml
Please be on the lookout for this scam! I don’t want you to fall for what is a pretty convincing reason from these crooks for why you should accept their “help,” this guy was pretty good at social engineering.
If you DO receive a call, please report it http://www.ftc.gov/bcp/edu/microsites/phonefraud/report.shtml so these crooks can be caught. The more evidence against them, the better.
It was kind fun to pretend to be an airhead for a while, but overall this guy just really made me mad.
Tags: cybercrime, cybercriminals, Information Security, phone fraud, scams, social engineering