Logo

Phone Scam – Tech Support Ploy

Back to All Blogs
Author avatar

Admin  |  2019-10-22

Rise of Telephone Impersonation Scams

In recent months, there has been a rise of telephone impersonation scams in Singapore.

One particular scam involves Singtel, with callers claiming to be a Singtel technician or customer care officer offering to troubleshoot customers' Internet connection. These callers ask for personal details including NRIC numbers, Wi-Fi passwords, and router numbers.

This is a scam. Singtel does not ask for Wi-Fi passwords and router numbers during troubleshooting calls.

It advised customers never to share personal details - including passwords - with unknown callers, and not to click on random links from unknown numbers.

Source: Channel News Asia, 28 Oct 2019, Link

Anatomy of a "Windows Support" Scam Call

In recent years, many would have experienced receiving a phone call from a company that claims the identity of Windows by calling themselves Online Windows For Support. The following is an account of investigating their claims.

The author spoke to a person named "Jim" who claimed he was from California but had a strong Indian accent. Jim said they had been receiving error messages from the author's computer. When asked to speak to a manager, "Edward" came on the line, also with a non-American accent, claiming to work for Microsoft.

With much difficulty, they provided a website: http://onlinewindowsforsupport.yolasite.com/. It was suspicious that a support company used a free subdomain. They also provided a fraudulent email: onlinewindowsforsupport@microsoft.com.

Edward insisted they received an error from the author's computer the previous day, despite the computer being off and disconnected for weeks. He then falsely claimed hackers were using the author's IP address, a claim that is technically not plausible in the way he described.

To "prove" they had information, the scammer provided a CLSID (Class ID) string: 888DCA60-FC0A-11CF-8F0F-00C04FD7D062, claiming it was unique to the author's computer.

The scammer instructed the author to open the command window, type "assoc", and look for that CLSID. It was, of course, present.

Output of the 'assoc' command showing the generic CLSID

How could he know this? The trick is that the "assoc" command displays or modifies file name extension associations. The CLSID he provided, for the .ZFSendToTarget file extension, is a generic identifier found on nearly all Windows computers. It is not unique at all.

Source: ESET Blog - Support desk scams and the CLSID not-so-unique ID