05/09/2023
Phone scammers come in many different forms, one of the common ones most people are familiar with is the fake Microsoft call. In this a scammer rings up and pretends to be calling from Microsoft, telling you they have spotted malicious activity coming from your computer. This is a lie, but how do they “prove” it. There are two parts to this.
1) First they get you to open Windows Event Viewer. What is this? This is a built in Windows Application that lets you see logs that show software events that happen on your computer. These events cover all manor of things, including the individual parts of Windows starting up, network connections being established, software configuring itself etc. As this is a complex process, minor issues do occur and do result in warnings and errors being recorded in the logs, which then can be seen in the Event Viewer. Are errors and warnings a sign of viruses? In the vast majority of cases, no they’re not. In fact they are often of no concern at all. But if you aren’t familiar with this part of Windows, claiming that all these errors and warnings are a terrible sign is not particularly difficult. After all, generally in life ignoring warnings is often a bad idea, particularly if they’re in red.
2) The second part of this is the claim they are from Microsoft. If you say you don’t believe them, they do have tricks to “prove” they are from Microsoft. One of the common ways is by using the command line and running a command that produces something that looks like it could well be a licence number. For a great many users the command line is something they used ages ago for very simple commands, or something they have simply never used. Those who do know about it associate techies and nerds, so that’s convenient for the scammer. After opening the command line, the command they use is “assoc”. It appears suitably technical and one of the last lines in the list of results;
“ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”
definitely looks like it may contain a licence number..but it isn’t a licence number of any sort, let alone a Windows licence number. The command “assoc” shows what files types are associated with which programs, it just so happens that one of the last entries in the list happens to have a convenient letter and number arrangement which looks like a licence number. Also, critcally for the scammer, it’s exactly the same of the vast majority of Windows machines. This means the scammer can tell the intended target what their supposed individual licence number is, and then run them through a suitably techie route to reveal the exact number they claimed is unique to you.
These well known rules are always worth repeating:
1) It is exceptionally unlikely Microsoft will ever ring you about anything, it’s extremely likely scammers will call you. If anyone rings claiming to be from Microsoft, hang up.
2) If you do get a call from Microsoft, BT or anyone else, and your computer happens to be misbehaving, it’s simply coincidence. Given the number of calls scammers make, they are undoubtedly going to get lucky now and again. If you think you may have an issue, use someone you can trust, not a call out of the blue.
