Global IT Support Telephone Scam
Sometimes we get the scam phone calls ourselves and it gives us a chance to examine their current approach
Thursday, 9th August 2018, incoming call on my mobile from 02 6734 6767
Happy to answer these calls because I can block them if they are nuisance calls
In this case, trying to call back gives a "not connected" message
Clearly the call is coming from overseas and they have somehow got access to an Australian number to make the call seem legitimate
Hello, I am calling from Global IT Support
Yeah, right....
We have identified that your computer has been compromised by hackers and we are calling to assist you
Why thank you I said with a welcoming smile
I kind response does encourage them to jump in with both feet
Please hold down the Windows key and press the letter R
This is the known shortcut for the Windows Run command
Please type in the letters CMD and press the Enter key
This step takes one to the Command Screen, what we used to know as the DOS prompt
This allows system commands to be easily typed and run
What can you see?
I can see the Windows version (10) and a prompt containing my username
Please type in the letters ASSOC and press the Enter key
This runs the Windows system command assoc which is hardly ever used except by programmers and scammers!
What does the second-last line start with?
ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
I will now confirm the product key which you can see on your screen
He then reads out the alphanumeric expression within the brackets
This step is designed to convince me that they have identified my computer precisely which is why they have called me
In actual fact, they have called me randomly and the above expression is the same on pretty much all Windows computers
So it's a pretty good trick, the average user could not possibly know the expression is found on most computers
Please hold down the Windows key and press the letter R again
Please type in the letters MSCONFIG and press the Enter key
You can now see several tabs, please click on the tab marked "Services"
You will see that some are running and some are stopped
This is quite normal
Are there more than 20 which are stopped?
The scammer knows this is quite likely
I report that there about 50 services which are stopped
The scammer is delighted with this statement
Do you see the "Enable" button?
Yes I do
Is the "Enable" button "washed out" (he means greyed out but close enough)
Yes it is
Oh my golly goodness (OK, I made this bit up but he was Indian!) this is the work of the Cyber Hackers
They have stopped a large number of your services and you cannot re-enable them
We will fix this for you
Please hold down the Windows key and press the letter R again
Please type in the expression "www.gg.gg/technician" and press the Enter key
The "gg.gg" part is a bit odd but www.gg.gg is a legitimate website which shortens URLs (web page addresses)
You can safely browse to the web links above and no harm will befall you
You will simply be prompted to download and save the TeamViewerQS remote access software
Again, this is legitimate remote access software, we use it ourselves to provide technical support to our customers
Please download and run the file
I am not sure I should do this, I have heard it is not safe to download and run files from the internet
It is OK sir, there is no problem
So I download and run the file which installs TeamviewerQS
This is when the fun starts, there is no way I will let them login to my computer!
So up pops the TeamviewerQS Remote Access window
The Windows has two numbers in a large font
Your ID: which is a unique number which identifies your computer to the scammer
Password: which they need to gain access to your computer
What is Your ID?
1 235 347 991 I say (it's not true though, the actual number on my screen was 1 235 347 919)
I am sorry sir that is incorrect
Well, I am just reading the number off my screen
Please tell us the correct number!
He is getting a bit toey now
I tell him I am reading the number which is on my screen
I know that when they type in the wrong number at their end it gives an error
So I tell them perhaps I should take my computer to my local computer repair shop
Oh no sir, we can fix the problem for you
Are you sure, it might be just easier to take my computer to them
No sir, they will not be able to fix it
I am pretty sure they would, perhaps they can help me fix the problem you have connecting to my computer?
<Click>
That's it, they lost interest
OK, even though I had a bit of fun with them, this is a deadly serious business, just last week we had a customer scammed out of $38,000 (yes, this is not a typo) because he allowed the scammers (fake Telstra support this time) to login to his computer, and while they were logged in to his computer he logged in to his bank account and paid $10 for postage for the new modem they were going to send him. That $10 payment was duly authorised with two-step verification but nek minnit his screen went blank and they proceeded to transfer ever increasing amounts of money to the same payee until the bank said stop. It happens because once you are convinced it really is Telstra, you are likely to be done like a dinner. Our job is to call out the scams and alert our customers where the knowledge that this can happen (and is happening locally) is the best defence. Please contact us if you would like additional information.