Trying to unmask the fake Microsoft support scammers!

Im pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.

I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call from Microsoft stating that there are some indications that your computer is broken or infected - please hang up!

Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.

Lets pretend for a while that you have received the phone call, and you are playing along with the whole idea that your computer is infected. Their next step is to try to convince you that your computer is infected. This will be done in several different steps. Please find the steps below, including screenshots below:

  1. They will explain that your computer is only working with VERY low resources because the infection is consuming everything. This is completely wrong. What the picture actually shows is that your computer is only using very little resources at the moment.
  2. They will then open up the Event Manager to try to identify errors, warnings and other information that can be used to trick you into thinking that the computer is infected. The event viewer does show error messages, but not directly related to an infection. Almost all computers have errors in the log files, especially if the computer has not been re-installed lately and is running a lot of programs.
  3. At this point they are really pushing the idea that the computer is infected, and what needs to be done now is for you to confirm that your computer is actually the computer they have in their reporting system. They will then try to associate your computer with a unique number; a number they call the Consumer License ID, known as the CLSID. But the CLSID is actually a Class identifier. In the picture below you can see which program or CLSID an specific file extension is associated with. They will then ask you to execute the command assoc in a DOS prompt, and then ask you if your Consumer License ID is 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. This is actually the CLSID for the ZFSendToTarget file extension.
  4. At this point they have not just tried to convince you that the computer is infected, but also that the computer that they are seeing in their system is actually your computer. They will now ask you to execute yet another DOS command called verify. They state that if the output from the verify command is off it means that your computer license is not verified. This command has absolutely nothing to do with your license, it only allows you to enable/disable operating system verification that data has been written to disc correctly.
  5. At this point the woman I was talking to was screaming OH MY GOD! in my ear, she was super upset that my license was not verified; according to her this meant that no security patches could be installed. She then suggested that the next step was to allow a technician to access the computer and fix all these problems.Of course I allowed the technician to do so - I was running everything in an empty virtual machine :)

  6. They use a Remote Administration Software called AMMYY. I had never heard of this software before this incident. It seems pretty straight forward and legit. From a unique ID they can connect to my computer and work with it. I could also see everything that they were doing. An operator with the ID 10878203 connected to my computer, and below is the permissions that he/she requested.
  7. At this point the administrator connected to my computer and was able to use it. He opened up the Certification Manager and selected an old certificate. I still had the woman on the phone, and she explained that the operator had now found out that my computer had not been updated since 2011 because of this invalid certificate.
  8. Now things started to get really fishy, they told me that the only solution for this is to activate my system and also to install security software which will protect me against viruses, malware, Trojans, hackers and other things. She asked me on the phone If this is what I wanted to do, and said that if I do want this the operator would fix my computer and also install this software. She said this would only cost me about $250 USD.
  9. The operator then installed a program called G2AX_customer_downloader_win32_x86.exe from the website www.fastsupport.com. When this was done a chat popup came up. It was a person with the name David Stone who informed me that my computer was no longer at risk.
  10. They then told me that since I agreed to getting my software updated, I now have to fill out a form and pay $250. They then opened up a PayPal form. I was able to collect several different PayPal accounts including: ukfastcare@gmail.com and ddkcare@gmail.com
  11. Since I knew that this was simply a scam I wanted to see if I could get some more information about these people. So I tried several times to enter fake VISA and MasterCard information and also said that I dont have the ability to buy things on the Internet with my card. They got quite frustrated with me at this point. I then asked them to visit a website, which I pretended to be the website of a friend who I know has put his card information on a website.The website is actually only a textfile containing a static text: Hi, please connect from a different IP since your behind a proxy
  12. We tried several times from my computer, using different browsers, but then I asked them to check from their site, and to my surprise they actually did. I was looking in my log file and as soon as they connected I got their IP address :)

    101.xxx.xxx.197 - - [01/Aug/2012:13:44:31 +0200] "GET //.txt HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1"

  13. At this point I also just disconnected from the phone several times when we were talking, because I wanted to see which numbers they were calling from. I was able to collect the following numbers: 00441865589771, 008028, 002127773456 and also a hidden number.
  14. After collecting all the information, i have now contacted all the appropiate people such as the security team at PayPal, various law enforcement agencies with the hope that we can stop these people. They are stealing alot of money from innocent people. I know that people have been warned about these scams, but my conclusion is that they are still calling people because they are still making money out of these scams.

    The software that they were using was not malicious in any way, which means that no security software can detect these types of scams. This is one of the main reasons for this article and others like it - we need to keep informing people about it until the cybercriminals are forced to stop.

Related Posts

There are 78 comments
  1. Bonjour, c’est la première année que j’ utilise Kaspersky Internet Security et je suis très satisfaite de tous les services. J’ ai 67 ans, débutante et je suis très intéressée par vos informations. Bravo et merci à tous. Cordialement, Geneviève.

    1. Carol

      Is it possible that these scammers have put an insert into computer and printer boxes. I just purchased a new printer and computer. I couldn’t connect the printer to the computer so I called the number on the insert. It basically did pretty much as you describe in that they logged onto my computer and looked at it and told me that I was part of the mass hacker USA. They googled that and showed me 2 million people were hacked that I was not alone. They showed me files on my brand new computer and that it had been logged in by 6,984 x (I just got the computer the day before). I knew nothing about what they were saying (she was from India I believe) couldn’t understand half of what she said but for $299 (a discount for being a customer) they could transfer me to Microsoft’s Anti Hacker Experts who would do several things, basically get rid of the hackers, protect my banking information, protect my computer, etc etc etc. Now remember, I called THEM. Is it possible thjis was legitimate? I’m over 60 and one of those people you are worried about :(

      1. Lois Glanby

        I have been targeted as a victim. I have Guru Aid on contract for Technical Support. They had just tuned up my computer. I got these pop-ups which were very hard to remove from “Windows” that a Trojan horse virus had infected my computer and several others. I was immediately suspicious. I called the number listed. I talked to a woman, scolded her for a scam as I just had my monthly computer tune-up. She remained professional. I told her this was an extreme annoyance. We hung up. It didn’t stop. Still received pop ups and phone calls. As I am typing this report I am receiving pop-ups of Microsoft technical support. Thank you for your posts on the internet blog. My suspicions are confirmed. I have two reliable sources for technical support that I have used for years. Guru Aid and a local office supply chain. Today is October 24, 2014.

  2. joey sun

    thanks for the posting. there are still people calling and using the same scam. it happens to me today Jul 17, 2014.

    1. Kosha Kumar

      Still people calling today in the USA. I got one on November 26, 2014.

  3. Hate to tell you this David but they are still at it in the UK and it is now July 2014. Got my call yesterday when my son answered and they phoned back today. Very plausible. I stopped at the point he wanted me to run an exe file and said I wanted to investigate and to call back in a couple of hours. We will see if he does.

    Good try on your part though.

    1. bert

      got me yesterday now they put a password on and I cant get in do you know what to do

      1. vivienne

        Try this let your battery go to completely 0 the computer will shut off by itself. Then plug it up to charge, turn it back on you should see the screen display name press on safe mode. Now you are going to have to restore your computer back couple of days prior. Before receiving their call and illegally accessing your computer. They did the same thing to me. I had to restore my computer to a later point, before they accessed it. The bastards keep calling me. If you can scrub the
        deleted. That you know you won’t need at all

  4. Several calls about this. did assoc on several computers (remembering they should all be the same) while I strung the guy along. After that, I asked how they could all be the same? No reply. Then I politely told him I knew this was a scam as I am an IT person (I actually am) and told him never to call back. If he did I would track the number and sue his ass. Not sure how the bozo got my number (possibly random or some kind of list). This is something I would not fall for as I was pretty sure the item number was the same .. Glad for the explanation about what it is. Next time I will have more fun with it.

  5. Christine Ekin

    Thanks for this information, just had a call from a scammer and asked him to identify my computer ID he gave me the exact number as above!! He then offered to talk me through finding this number on my computer so I would know they were legitimate but luckily found this info on my I pad while talking to him and refused to connect to my computer. Kept him talking for a good 15 minutes and then told him I knew he was a scammer at which point he was very unhappy that I had wasted his time(shame) !! Operating in the UK July 25th only worry was that he also knew my home address!!

    1. roy west

      I told the caller that I did not have a computer and he called me a liar and that he had my pc licence number I said well he must have been scammed, he got very angry and I hung up

  6. Jim Frederick

    Just got the same call. 7/28/14 4:30 pm

  7. Kimberly Bentley

    Approximately a year ago my husband called me at work. They had convinced him. He followed along to a certain point but knows little about computers. He told me as soon as I got home I needed to call them back and get my computer fixed as he didn’t understand all of the commands they were requesting him to do. My poor husband, I yelled at him and told him the best course of action was to throw my tower against the wall as hard as he could!! Obviously I was very upset!! They still cost me money though because I chose to replace my hard drive. My Husband, as I stated is almost computer illiterate and is also 60 yrs. old. I worry that the older generation is still being taken advantage of!! The phone rang several days ago and I heard him say “Microsoft doesn’t call people, quit scamming people!!” I said good job!! Obviously still going on in the U.S. These criminals must be stopped!!!! If he can believe it, many more can. He knows little about computers but is above intelligence.

  8. Bridget

    I just got the same call, 2:30 on Aug 4. It sounded off from the start although he said several times he was calling from Windows Service Center. Fyi, when I told him I had to call back since a client was about to arrive, he gave me this number: 347-227-6900, x137, James. I don’t plan to call. And it did looked like a 213-3370014 Teleservice # on my in-coming call list.

  9. Charlie

    These people call me regularly. Now their calls are from “Private Number” or “Overseas”, and I don’t answer them. Unfortunately legitimate callers are missed, to, but they could leave a message.

  10. Tom

    I was contacted by these guys this morning. I had been contacted many times before but when I told them I knew they were not on the up and up they stopped calling. This morning they used the CSLID part. after a few minutes I told him I was tired and hung up. He called me back ant told me what a MF’er I was for wasting his time and he called me a few other choice words and hung up. I don’t know how to stop these guys but they sure showed their unprofessional side. Maybe put them on mute ant let them ramble on.
    Thanks for your time

  11. Andres Bott

    You are my new HERO!!, i wish i had the pacience to deal with this people.
    my call ended really fast as i told them i’m using Debian. :-)

  12. Phoned me last night -12/8/14. Deep Indian voice, convinced me the PC was infected. told him I was uncomfertable to proceed with call. asked to speak to his line manager. One second later (ie same bloke, deep Indian voice) pleaded with me that he was genuine, the call was being recorded, that he was based in London and his name was Richard Cooper.Said their website was www-/e-mantra.co.uk. I said I would call him back. He gave me this number 0844 740 6976.

  13. Don Johnson

    8/15/14 They are still operating in the United States. I received a call form 215-555-9874. I knew right away it was a hoax, but kept him on the line over 10 minutes until I got tired of talking to him and siad I knew it was a scam and he hung up.
    If we keep them on the line then they are not calling someone else who might fall victim to their scam.
    I have reported it.

  14. Dmendez

    Just happened to me also. August 16, 2014. After I refused to give him any information, he got extremely upset. I told him not to call this number back and he hung up on me. He called me from a number out of Florida Jupiter. The phone number was 561 745 5427. He somehow knew my name but he screwed it all up. Please be very careful people!!!!

  15. Dorothy

    caught me today. Thought it was on the up and up as I did have someone hack my computer recently

  16. George

    I was called today – from 101-275-0501. Same story about Microsoft support calling to help me due to all the error codes my computer is generating. After showing me the number of “errors” on my computer I was connected to another operator (both with heavy Indian accents and supposedly from California) who tried to get me to connect to http://www.fastsupport.com. I figured it was a scam and went my way. I googled to see if I can find out how the scam plays out.
    Thank you.

  17. Bob Martin

    those guys call me almost every day for a couple of years now. it’s pretty annoying but i have a lot of stress so i use the opportunity to have somebody to yell obscenities at to let off steam. they seem to enjoy it too and they never give up, they have no soul.

    1. tony

      they called me and it was a girl, so i went along with it for a while, and she thought she had a big fish on the line till i started asking her if she tells her mommy and daddy what she does, lol then i said your daddy would be so disappointed what a shame lol again then she was freakin out and finally hung up …….

  18. Dynese

    Received 1st call asking for my husband who was not available. Asked may I help you, Sir. He gave same error reporting issues from my computer. They were from Microsoft Support, providing anti-virus services to Windows owners. I asked what was the cost. Eric Martin (his name-Indian accent) stated it was a free service from Microsoft. I actually am a Mac User (3 in the home) which are my babies. I know very little about PCs, which there is a laptop and a desktop in my home, as well. He kept insisting that I get my PC in front of me and find the “ctrl button” and the button with the 4 window flags. Press both same time. I pretended there was no windows flag on my keyboard. He kept urging me to locate it. I said “Hold Up! I really don’t need this b’cuz there aren’t any viruses on my equipments.” Oh yes ma’am they are invisible.” Only our software can detect them. I asked for their company name & website info. He first said that they couldn’t give out their company’s info, but after me badgering him for something, He gave me SOUTH END PC SOLUTIONS. #210-888-9112, Web site as http://www.southenterprises.net. He asks now to locate the CTRL button and the 4 windows button. I said I wanted to check out their site. Eric asked could he call me back later tonight or tomorrow. RED FLAGS really started flying in my head. I said ‘How do I know that you’re not a HACKER. That’s when I asked several times for a number. Long story short, I told him I wasn’t interested, hung up, got 3 more harassing calls. Threatened we were recording the calls for the Police and they were not to call my number ever again. No calls after that. I did ask if they were so legal/legit, why call people with “Unknow Number” or “Name Unavailable” and if a number does show and you call it back you get this number is not in service. No answer to that. The last caller tried to appease me with charm and I really like your voice, etc. CRAP!!!!!! What a HOAX. People Please Spread The Word. Be Careful!1

  19. Pam

    I too was a victim of these scammers, almost anyway…Called me today stating that he “Tom” was from Microsoft support and had been receiving tons of error messages from my computer. Was initially suspicious given his accent and stated as much and he agreed, “yes, you can’t be too careful nowadays.” Asked again why he was calling me and about which computer and he sounded almost thrilled stating “oh, you have more than one computer?” Asked if he could tell me which computer it was which he couldn’t, so I went to my laptop (which was already having major issues in addition to fan running constantly so I was somewhat taken that this might be a legitimate call…) He asked me to go to a command prompt and type some command (don’t recall exactly what sorry) and verified my Class ID (?), reading it off to me and since it matched what was there, I felt a little more at ease. He also told me “never give this code out to anyone!” He then had me go into event viewer and uncheck several boxes which left only the warnings and major alerts. He then had me read the number of events listed out of “how many total” and was very upset with how many there were, stressing even more why I needed his help. I asked why he cared, further questioning was it “clogging up Microsofts servers or something” obut he didn’t respond, only insisted that I allow him remote access to my PC to fix these issues. I again asked the same question, but more so stated how confused I was since this was a Windows XP PC and that I thought MS no longer supported this? (I had also asked several times during the call what OS the PC with problems had was running, which is when he had me pull up the Class ID, stating that he was not able to see my OS, just that it kept sending all these error messages to Microsoft…)

    I asked one last time why it was an issue that my laptop was sending these warnings, and also expressed that I frankly didn’t care much since I would shortly be decommissioning the laptop anyway as I felt it was going to die, which is why I got the replacement desktop. Once again, he could not answer my question so I tried a different tactic. I asked further about his employment with MS. He stated now that he did not actually work for MS, but rather was “contracted by them” to call Windows customers and fix their problems, then asked if I wanted to disconnect this call. I stated that no, I was not there yet but was still skeptical, and asked if he could provide me the name of the company he worked for and how much this was going to cost me to “fix” these problems. He stated that he worked for Sach Solutions out of “New York” and that it wouldn’t cost me anything for him to fix my problems. The only cost involved would be “if we can’t fix the problem on our own and need to use a tool to help repair it.” Gotcha, I was done… I asked him to call me back tomorrow (a Saturday) to give me time to research this potential scam (which I of course didn’t say to him) and he said “business hours please” so I said ok, since Monday is a holiday, how about Tuesday? He said ok and would call me then…I am now for sure going to have some fun with “Tom” , if he even calls back…!!!

    My only question is, if anyone can answer if I gave him access to anything by agreeing with him that my Class ID was in fact correct by verifying it was what he said it was?.. Should I simply decommission my laptop TODAY or was this just harmless by verifying this???

    Any advice would be appreciated, thanks!

    Pam

  20. Enrique

    I just received a call from “David Billsen”, deep indian accent, talking bad spanish, I’m living in Madrid where he called. We started talking in English. When I asked where was he calling from, he told me that from the Microsoft Headquarters, in Florida. When I told him MS HQ are not in Florida, he told me that these are special technical support headquarters. Then I asked him to give me my computer’s details, brand, operating system, configuration… He was unable to anwser so he told me he could not give confidential information. When I told him I have a Macintosh computer he got nuts and then we ended the conversation.
    Callers ID: 00300000000000 September 1st 2014

  21. William Graham

    Someone with a caller I/D of Robert Fuller called me yesterday, stating that he represented Microsoft Corporation and my machine was sending out malicious software. I have been working with PC’s and computers for over thirty years and know a scam when I hear one. This is the eighth time they have tried to scam me and it is very irritating. I thank you for your informative article disseminating information that people less knowledgeable really need to know. Putting them on a virtual machine was a good move(wish I would have thought of it), oh well. Just remember you can always just hang up; this is what I do as soon as they start flapping their lips. Healthy networking to all!!
    William Graham

  22. Pam

    Just wanted to update let you all and let you know that “Tom” from “Microsoft” never called me back on Tuesday as we had previously discussed him doing (as I suspected he wouldn’t…) Perhaps that is the secret here, to act as if you are skeptical then ask them to call you back, rather than just hanging up on them and them hoping or “preying” (yes, pun intended) on someone less skeptical or knowledgable to answer the phone…?

    Incidentally, anyone knowing the answer to my original question about if me verifying that my Class ID was in fact correct and in someway now makes me vulnerable to these cyber-bullies would be most appreciated. My guess is that unless I allowed him to actually access to my computer I am safe is what I am thinking but, would really like to be sure! Any techie- geeks out there who could answer my question or give me more information on the Class ID subject would be majorly appreciated !

    In the meantime, and until I know for sure, my computer has been placed in standby mode until I get an answer and can safely transfer the rest of my files/folders to my new computer “just in case” …

    Most appreciative…

    Pam.

    1. Ryan

      Hey Pam

      Don’t worry, that was just a tricky way of them to let your guard down. As long as you did not give them remote access to your computer, your files are safe to transfer!

  23. This is brilliant, I wish I had the patience to get so much info out of these jerks.

  24. DB

    Thank you David for this page. I was called this morning here in MN, and luckily I knew of the scam, so while he was going through the scare tactics and telling me what my “unique” license number was, I googled up this page on my MAC. I never started my PC, and used your page as a script. When he would ask, “what do you see on your screen?” I would randomly pick one of your screenshots and recite things from it. This had him going in circles, “please close all the windows and we will start over.” 45 minutes and two operators later, I had an incoming call and never went back.

  25. Judith Mewllet

    I was caught in this scam around 2 years ago. I live in Cape Town in South Africa. These people are really good and had me totally believing that Microsoft was being kind to me. So we did the whole thing with them “taking over” my computer. Lasted around 20 minutes!
    It was only the following day when I mentioned this to a colleague that I got the rude shock that my computer was now infected.
    Fortunately my bank picked this up and had blocked transactions from their side.
    I had such a fright and actually ditched my computer and stayed without a compute for a few months until I could afford to buy a new one. A good lesson learned and at a cost, but I am not nearly as naive anymore. :)

  26. Bunna

    I had fun with them tonight (sept 2014 Australia) told them my computer screen was displaying different letters no numbers and read them out : f u c k o f f. I then heard heaps if background laughter so he must have had a team listening. To his credit he persisting at which point I gave him a serve. Next time they call I’ll really teach them, I’ll put them on the phone to my toddler !

  27. Steven Graham

    I have had three similar calls in the last few days. I keep them on the line for as long as possible, on the basis that whilst they are talking to me then they will not be scamming some unsuspecting individual. Normally when they ask me to type Win-R or assoc in the cmd window and ask me what I see, I normally tell them that I just see four characters displayed …. S C A M. They get very upset at this point and start swearing.

    One claimed to be calling from Manchester, so I asked him the name of the local cricket ground. He got very upset at that point too. Then they tend to hang up.

  28. Fred Parker

    Every single day here in France we get a microsoft scammer, ive asked them to take me off there phone list, asked to speak to a supervisor, played along ,shouted and lost my temper , still they ring, id love to be able to get my own back.
    Fred ,Dorgogne 11.09.14

  29. Linda Podd

    Had a call today at 8.15pm from an Indian sounding man who said his name was Brett Adams, that he worked for a company called DNA who are authorised to revoke computer licences. He said mine was at risk if I didnt go straight online and go through certain actions with him to save my licence. I told him I was a police officer and my son was a computer programmer and insisted he told me what i need to do but I wouldnt do it with him on the line but for him to hang up and ring me back later. He kept trying to get me to use my computer while he held on. In the end he gave me a 32 digit code and other commands to put into my computer and told me he would ring me back in ten minutes. The code he gave me is the same one you mention above starting888DCA60 etc. I have not attempted to do this at all and needless to say he hasnt rung back!!!Today is Saturday 12th September weird for a Saturday night!!

  30. Basil Burgess

    I get these calls from time to time. I teach IS development but am not a security expert. This time I strung them along to see how the scam goes. I got to the part where they wanted me to use remote access software (legit software). As I did not want remote access, and didn’t think to start up a virtual machine (I happen to have one), I stopped them there. I reported the remote access key they gave me to the software company, but it looks like all they did was de-activate the key. I had hoped they would go further and identify the hackers. I suppose they did what they could.

    Thank you for your story. It explained something I had not known (the common CLSID). I know amateurs should not get tied up in such things, but I, too, would like to identify and bust these people. Another drop in a large bucket, but then a bucket can be filled, drop by drop.

    Cheers
    Basil Burgess

  31. Paul

    I received the same call, with Caller ID displaying “Unknown Name/Unknown Number,” so I was suspicious. But I wanted to have some fun and string the scammers along. I started with a woman with an accent, then was handed off to a man after she took me to the “Run” window. He took me to the point of typing “assoc” at a DOS prompt, but I had enough at that point. I told them I knew they were scammers from the very beginning and that they were idiots and scum, then he hung up the call. Less than 60 seconds later she called back, asking why I had hung up. I told her they were idiots and scum, and she started yelling at me “You are idiot, you are scum!” over and over again. I hung up this time and laughed at their pathetic ways. Next time I will tell him or her “Your voice is so sexy” and ask him/her a series of intimate questions in a low sexy voice (got the the idea from a “House of Cards” TV episode) and see how long they last before they hang up on me. Or maybe I will play the part of the drunk PC expert who slurs his words telling them where their descriptions of certain items, like CLSID are wrong. Anything that works to get them to stop calling my number.

  32. Bob Kent

    I received six calls today from these clowns. Most of the callers had such heavy accents I could not understand them. After hanging up repeatedly, I realized that the only way to stop the calls was to play along and cost them some time, so I did that with a caller whose English I finally could understand. I asked him to verify that he was receiving errors from my PC by telling me what my IP address is. Of course he could not do that but he tried — he read to me the 32-digit CLSID number mentioned in David Jacoby’s article. I then asked him who he worked for and he said “The Computer Maintenance Department.” For what company? “‘Fix My Computer’ in Nogales, Texas.” (Nonexistent, of course.)

    David Jacoby’s excellent article revealing identifying information about these criminals was written over two years ago and this scam is still going strong! Why? Why aren’t these extortionists in jail?

  33. VINCENT

    I got tired of these nearly daily calls so purchased a very loud whistle. I let them talk for a few minutes then I blow as hard as possible directly into the phone. At least they won’t be bothering any one else until their ears stop ringing!

  34. Helen Choy

    I got the same call just now 6:30pm 23 Sept 2014 in Sydney! They are still at it. How can we stop them?

  35. Patricia

    I just hung up after getting a call from a Fastsupport tech from my home phone (which is unlisted). Yet they knew my name. Actually spoke with two techs as I could barely understand their heavily accented english. I suspected that it was a scam call as they wanted access to my computer. One even tried to convince me that they could lose their job if anything were to happen to my computer to cause it not to function. I asked for their name and phone number which they didn’t want to provide until they had fixed my computer first. Yeah right! They hung up on me after I kept asking them questions.

  36. Patricia

    I couldn’t believe they tried to call 3 more consecutive times after they hung up on the initial call. I hung up on their last 3 attempts.

  37. debbie

    Just had one of these phone calls. I let him explain everything then I said that I didn’t have a computer at home as my husband has it at work. He then asked when my husband would be in. I said that it would be early morning. I then said that it was strange that my husband’s IT department hadn’t picked up the problem as it is a company laptop ( total lie by me!). He then said have a good evening and I’m sure he said thanks for wasting my time. I asked him what he said and he repeated ‘have a good evening’
    So glad he thought I had wasted his time cos it meant he couldn’t be conning someone else whilst I was wasting his time. At least I wasted 11 minutes for him!

  38. Copy-pasted from Atma.es:

    “In May-June 2014 several people in Spain was phoned from a fake Microsoft customer service. So far these are the numbers we got to know: 16077670057 and 15124511556. Beware also of 4935120443, 442033100000 and 18176499077.”

  39. Elena

    I have got a call today from a woman with a very strong Asian accent who insisted I went on my computer to perform some action with the pretest that my IP address was sending Microsoft some error message
    I have let her talk for quite a while letting her believe that I was going to do what she asked me on my computer, at which point she said she was calling her manager and then hang up. She then called again but i did not answer any more, now thinking about it I should have said her to get a real job!

    1. Pam

      Robert, that was awesome !!! I have to admit, I was kind of blushing on my end at some of the stuff being said but clearly, you a- wasted their time and b- ticked them off royally that they themselves were “scammed.”

      The guy (both times, unsure if it was “Vicki” both times but “he” lol, sure sounded the same) was clearly not even listening to a single word you said until you cursed them both out in the end ! Sorry to anyone who might have been offended by these calls (as I’m sure you Richard, would yourself admit that some definitely had to have been) but it’s almost like nothing else will stop them so really, what do we have to lose to do something along these lines ??? Maybe if we all just start stringing them along (with or without some of the more graphic details that you went into, lol…) maybe they will eventually catch on and stop calling us all knowing that they themselves are now being scammed back.

      What I found I think most hilarious about this whole thing was the yelling at each other – even the agent who called you – going on the whole time he’s talking to you ! Seriously, do they honestly think we are all that dumb as to remain on a call with this going on – even if we don’t have a clue what they’re saying?

      I’d be even more curious to hear feedback from anyone who speaks whatever language they’re speaking, as to what they’re actually saying in the background ! (Any translators please feel free to step forward…)

      Keep up the great work Robert !!!

    2. BILLY

      loved your conversation with that so caring Indian Michael ,I sort of did the same thing acting as if I was half deaf and had fun when he was asking for my credit card info ,I made a fictitious credit card number I could tell that he was getting excited ,then he would come back and say that I had give him the wrong number now this was going on for 45 minutes and I was in stitches,
      he would ask me to repeat the number so I would say for the number 3 I would say freeee & 6 for sex and so on, and if I was getting a bit tired as I fancied a cup of tea I would crumple a piece of tin foil over the phone and say we had a bad connection ,
      as you said Robert they have no soul

    3. Cheryl

      I LOVE this!!
      They called me today (I live in a small town in western Canada) and I told them I did not have a computer, asked if it could be my iphone doing the errors. The guy said “Yes” and would send a tech to my house to fix my phone!!
      Asked for a number to call in case the tech got lost, and the guy proceeded to give me my number!! Pointed it out and he gave me a number starting with the area code of the area I live in. I asked where they would come from, he said NY city. NY city! well that is no where near me!! Then he said Calgary, that still is not local, no tech is going to drive from Calgary to fix my phone! He wanted me to deposit $169 before the tech came.
      I then said, how do you like me wasting your time? I know your a scammer. The guy said “Yes I am a scammer!” Then he threatened to send the Taliban to shoot me, then said he was going to F**K me.
      And yes I get numerous calls from these people! Last time a few months ago they started yelling at me and swearing at me as well. A couple of years ago same thing, only he wouldn’t hang up and kept our line busy. I finally had to phone the phone company on my cell in order to have the call on my land line cut.

  40. David

    How and who do you report these phone numbers to? The scammer got so lazy to not even block his number in caller ID. He even gave me an 888 number that worked. So they are investing in the scam. They call I got was today (Sept 2014), so it must be working. They tried to do the same steps as listed.

  41. Helen

    Good Work Robert! I loved it.
    We are in Sydney Australia. They called yesterday during lunch and my son (18 yrs) said “What computer? We don’t have a computer” and hang up.

  42. Kim

    I get these calls in cycles and always have a little fun (wasting their time)

    “my keyboard is really old and I can’t see any of those keys they are asking for

    “please help me – but I don’t speak English”

    “Robert called last week and we fixed my computer”

    and if I can’t have fun – “I don’t have a computer”

  43. Anjum

    I got a call from Peter Smith (v thick Indian accent) from Microsoft Technical support this afternoon. Got the BS about how the internet gate on my PC was not protected and so cybercriminals and hackers are using my machine for illegal activities and i could be a victim of identity theft. And as per UK federal law (really??!!) i could be held responsible. He wanted me to log on and check the CLS id. I told him i could not access the machine and i’ll call him back. The number he gave me was 02081332538. Kept insisting he would call me back when I had access to my computer. Kept asking me loads of questions about my name and who else uses the machine and what their names are. I refused to give him the details and said i was uncomfortable. Would check out what this is about and call him back when we are ready.

    It was lucky i answered the call – usually my parents/grandparents would and they would not likely do all this checking. These people ought to be caught if they are indeed cheating innocent people out of a lot of money. Any idea who we can report such things to here in the UK? thanks a lot!

    1. Sally Tunstill

      My parents have just received a call also from 0208 133 2538. They said they were calling from Microsoft and someone was hacking into their pc.

      My parents called me to double check everything for them. I rang the number and spoke to Harris Parker, who says he is available 8am to 3:30pm Mon to Fri. It was his colleague Mark Wilson who also had an Indian accent that had rung my parents.

      I told them that I worked in IT and they should tell me what they want my parents to do, and he said type in NETSTAT and that i should call back with the IP addresses of the local address and any foreign addresses. I asked what they would do with this info, and they said that they would install some software.

      That’s all very kind of them, but why on earth do they think they can do this??

      How can we get these people reported?

  44. BILLY

    I just got a call this morning from an Asian operator with a Indian accent, saying that they were from Microsoft and that my computer was infected ,so I acted like I was a very old man aged about 96,after a bit fun saying that I was deaf he asked me to switch my computer on and say what was on the screen ,so I did I told him that I had a picture of a church, he said what ,I said I had a picture of a church a place of worship, well I do not no what upset him but he called me a f*$£!£g idiot and put the phone down, so I pressed the number for last number caller, this is the phone number 001003451 .plus I asked where he was from he said Sydney come off it tell me another one you idiot,

  45. babrry

    Just tell them you don’t have a computer End of !!!

  46. ducky

    Well i just got a call on 10-10-2014 from a windows company from sunnyvale california phone #408-757-0112. well i fell victim of them basically the same thing as described above. but they wanted to charge me $120.00 and i couldn’t afford that much. is there some way to get our money back. also i noticed on my online bank the money went to canada. i should check into my bank and file a grieveance. any suggestions

  47. Michelle

    I got a call from “Peter” this morning at 1-245-897-6589 and he asked about the Microsoft computers in my house. Having been an IT professional–system admin, system engineer, and systems and software security officer, I knew that this was not a legitimate call or request. So, after messing with him and asking him which Microsoft computer and how many I had, he began to get angry and impatient. At this point I made a made a friendly suggestion as to what he and his mother could do to themselves, at which point he angrily returned the sentiment and hung up. Oh well, you just can’t please some people.

  48. Jay Pascarella

    looks like this is still going on. I just received a call today 10/15/2014 the interesting thing is that I had placed a support request into Microsoft for Office 365 earlier today but had ended up resolving it myself.

    The gentleman with a deep Indian accent called from an unknown number (I wish I was prepared as I would have asked for a number and then lit up their call center with inbound calls from a war dialer. Insisted that my machine was infected. I asked him several times if he was from Microsoft and also told him that Microsoft doesn’t ever call customers in this fashion he then changes his story to say he was from a company Microsoft had hired.

    He asked me to bring up the run command using the windows hot key when I asked if he wanted me to run a program he asked me to type cmd. So playing along I did and he had me print out the clasid association. At which point I told him this is was a class ID and not my machines license number. He got angry and was insistent that it was I played along some more to see how far he would go and he asked me to run event viewer. He didn’t say what it was so I asked him you want me to run event viewer so I can look at events in my logs and he said yes. Then he told me that all of the red and yellow icons meant that my machine was infected (nice try if you don’t know this stuff) and that if I clicked on anyone of them they would multiple and make the problem worse.

    I then told him that he was full of it as this is typical behavior and the warning message about a disc not being in my DVD drive was not a virus. I will give him credit he proceeded to argue with him at which point i laid in to him letting him know that I was an IT Professional with a security background and that if he called again I would contact the police (I also used a couple of choice words to describe what he was doing and his character). I really wish I could have gotten him to give me phone number and a real company name so I could turn it over to the authorities.

    I could see my in laws who are older and both use a computer as getting caught on this one. Hopefully they will get caught and pay the price.

  49. Gary Kemp

    Happening in Africa, too.

    Got a call today saying my PC had logged a critical virus with their “Microsoft Service
    Centre”; the lady (of Indian accent) was very efficient and directed me via the MS-Start button, right-click Computer, Manage, Computer Management, to Events viewer where lo and behold to a log absolutely filled with critical
    errors.

    Coincidentally just an hour before, a website had prompted me to update my Java-version,
    where I blithely clicked OK to all the User-permission and Terms-&Conditions prompts in
    blind faith that the link provided was a bona fide Java mirror.
    So -panic attack (I’m an old fart, and not prticulrly computer-literate).

    Urging me that my PC was on the edge of self-destruct, the lady directed me to the
    RUN-prompt, and patiently spelt out what I needed to type in there – “www.supremotecontrol.com”.
    Alarm bells rang; the fact that she had asked whether it was a work- or personal PC, what
    operating system I was running (surely my PC would have logged that information with
    Microsoft?), that she had phoned me on my landline whilst I had bought the PC from a
    store with Windows preloaded (never the two to meet).
    When pushed, she said they were Help & Secure, a Cape Town-based contracted agent for
    Microsoft.
    I offered to call her back; she didn’t offer their telephone number…

    Needless to say, I started researching the issue, and found your site.

    1. E. Speike

      Is this yet another scammer?

      PCCZARS Support

  50. Gandalf the Grey AND White

    I had a fun conversation with one of these guys on Monday. After a while, it went something like this…

    Me: Where did you say you were from?

    Him: Australia, but I live in San Diego.

    Me: You don’t sound Australian. You sound Indian.

    Him: Well, I AM Australian and I have an Australian driver’s license and my name is on my Australian driver’s license!

    Me: Uh-huh. So why do you sound Indian?

    Him: I went to the University of India so maybe I picked up an accent!

    Me: Interesting. I don’t know of anyone who goes off to college and leaves with an accent.

    Him: I don’t like you insulting me!

    Me: I don’t like you scamming me.

  51. laura

    They have been pestering the hell out of me…The last I heard from them <I told them that I would contact kaspersky and norton and give them their number so that they could resolve this issue. then I blocked their number.I could only tract their account as far as north florida.

  52. Erna Bruwer

    Hi I am from South Africa-had the same problem. I just told the guy that I know this is a scam. I have only recently moved into a rental home while we are building our house-so I only have the landline allocated to me 3 months ago-I have never registered any thing on the internet with this number. I asked the guy if he knows my landline number then surely he must know my name and surname…..he came up with a totally different surname…..just told him to bugger off

  53. Milinda L. Potter

    I am pretty sure that they did contact me and got control of my computer said they were from windows and now I have a problem with it and Kaspersky I had to call and reinstall it on my computer and now I don’t believe it is working correctly what can I do and what should I do to clean up my computer.

  54. Hannah

    Hey , I got a call tonight October 2014! When I told the lady on the phone that I couldn’t continue the conversation as I had to put my young children to bed she started getting agitated with me! and it ended up in me shouting at her and putting the phone down I wasn’t convinced she was from windows one bit! I googled the number before I came on to this site to find others have also had the call from the same women that I have!! I hope they manage to stop this sometime soon!!!

  55. This company in India advertise on the internet. They have very little ability to fix simple things. They profess to be a computer repair company for Netgear, Avast, and yes you guessed it even for Kaspersky. If you Google for help their website comes up top of the list. They took remote control of 2 of my computers, told me I had 500 errors, and that system restore would not work, They corrupted my Wi-Fi totally, and were unable to fix the problem I had with home networking. They wanted $169.99 for each computer to fix my problem. I disconnected the phone and computers from them after almost 12 hours of wasted time. I suddenly remembered the fix is to set the Kaspersky/Firewall/Network/Private Network to Trusted or Local instead of Public in both computers. I also used a restore point in each computer to eliminate all their access to my computers.

  56. Evelyn

    When I had a land line I had several of those calls, in the United States, have been receiving them for the last few years, nothing new. I knew they were scams as who would call “out of the blue” like that. They are like so called psychics as most people probably have a computer and are on Windows. I was always trying to screw with them, so once I got psyched up, I would play along then tell them I knew it was a scam. The first guy acted like he was so hurt. I asked for a number, and that nothing had come through my email, so if I was such a risk why would someone call my home number and not send me a message like ON MY COMPUTER! He kept it professional, was actually really good in his calmness and having other numbers to check on him. That got boring so I told him to never call again. After that, I would listen for their name, or ask again, and then either pretend I was deaf or just crazy, like we were old friends. It lasted for a few minutes because I knew it through them. Then I would say a few choice words of trying to take advantage of people and that it was really funny for them to call because, I didn’t own a computer but if they were willing to send me one, then I would be more than happy to discuss the so called issues. I am not a smart individual, just understanding that the world is full of hacks and scams. If it sounds too awesome, good, kind or over the top for any corporation, then it is.
    I love what you did. Thank you!

  57. Basia Miller

    I got a call at lunchtime today from a man with an Indian accent who identified himself as “Alec Stanley,” from Windows Registration Department in San Diego. At first I thought it was nice of Windows to be concerned about hackers that had gotten into my computer. I asked for a telephone number so that I could call him back when things were quieter and it upset him. I was suspicious but couldn’t figure out what his pitch would be so I stayed on the line and pulled up the CLSID that you describe. He had me pull up a certificate that expired on 12-12-99–he said the hacker had stolen the original and replaced it with this. Meanwhile I used my Mac to ask Are there computer scams? and found this page. Great info!! Then I hung up.

    Posted by Bobbsey

  58. Di

    I am from Trinidad (in the Caribbean) the number they called me at was 442033180712 and they were from Windows Service Centre. I admit I fell for it especially as they had the code before I looked it up. I went as far as allowing the install of Team-something software and I gave them remote access (groan). They pulled up certain information (that was probably legitimate) to “prove” my system was hijacked.Then they told me that my windows licence had been hijacked and it would have to be disabled (fine by me) but then they said I would need to pay US$200+ for a new licence immediately. That’s when problems started. I said I couldn’t do that transaction, I had problems with credit card. They said they had to disable immediately (policy they had to follow) and I would not be able to use the system or call back later. I said fine, I would just replace the hard drive and install fresh stuff even if it meant to buy new stuff from microsoft.

    Then they said that that would not work because the licence was tied to my IP address and once I was “flagged” that any windows-based computer would not be allowed to function from my IP address even if I got another product ID. This got me worried. I said I had to call someone (on pretext to get assistance to make the payment) they agreed after insisting that my system be left on (and connected to them remotely) and also they would call back in 15 mins. I immediately called computer friend, relayed the basics of what happened and asked if it was true that licence and product id are 2 different things and that windows function could be affected by my IP being “flagged”. My computer friend said that’s not true it sounds like a scam don’t talk to them anymore. I disable wifi connection. While still on phone they call back. I take the call, they know I “turned off my machine even though they said not to” I said I couldn’t make the payment so it didn’t matter.

    They insist if I don’t get card info from someone and make payment, they will have to report me and security will show up in an hour (gee, all the way in Trinidad) and that will be a lot of trouble. I say fine, you do what you have to do. I hang up.

    Now I’m in trouble. I’ve just been phished, my system is compromised. Call back friend ask what to do. Says to copy out personal files unto CD because the system will have to be wiped and everything re-installed. I do so, then shut the system down. Friend arrives later to see what’s up (is pissed he didn’t get the call, would have loved the opportunity to mess with them), tries to boot up to find windows locked by password. Friend does techy stuff to get in and now in process of wiping and reinstalling stuff.

  59. PJ Pollock

    I never hang up, i play them for as long as i can, i take the view that if i’m playing with them like a fish on a line, they cant be scamming anyone else.
    I basically play the daftie, keep making mistakes, pretending that i dont know what i’m doing. That invariably gets you transferred to a supervisor, and then i play the whole lot again. My record is 54 minutes, eventually they get cross and start to become abusive, but i always keep them going and force them to be the ones to hang up.
    Dont get mad, get even, if we become a pest to them, they will eventually stop

  60. Kevin Hann

    Hi, some advice …

    Had a call a few weeks ago, second time, so knew it was a scam. I told the bloke that I had to warn him that my phone has a special equipment attached and if at any time my phone device detects a fraud it gives off a high pitched noise which may be distressing to them. … so we carried on and when we got to the bit about verifying the CLSID I let off a personal attacker alarm in to the ear piece, which believe me is very loud. After a couple of seconds I stopped it and said to him, sorry about that but my phone device seems to be detecting something wrong, but would he like to carry on … so we did and again we got a bit further on and I let it off again … he hung up !! and I have not had a return call from them.

  61. Mike

    They called me today from NY NY 646-475-2216 phone number.
    I went through with the Eventvwr and saw 55,000 errors in my logs. Then they asked me to connect to fastsupport.com so they could take control of my machine. At that point I told them it was a work PC and that it was against my company policy to let them connect and I would contact my support desk. He insisted on connecting to my machine because my machine was responsible for stealing 50 thousand dollars and it needed to be fixed right away. I then told him that “yes I am a hacker and I am stealing money” He said “You are??? I must connect you right away to the FBI and if I hung up I was a coward”. I stayed on and told him to connect me to the FBI. The phone went dead and disconnected. If I get another call back I will post again.

  62. Dorothy

    I tried to download a Norton antivirus for a free 30 day trial in June 2014 as the Microsoft Essentials had gone out of business and not wanting to get a virus I went to the Norton site to take advantage of their offer there. First I was connected to a dude in in a company called Plimus Sales . When he told me it had to pay $69 I asked he if this was a scam (stupid I know) He just laughed and said ” like a scammer would tell you that”) it was late at night by this time. I’ m disabled senior with little money. and some of my friends have paid around that to purchase year’s worth of Norton so thought “Ok might as well pay it so i have anti-virus protection gave him visa # then somehow I was connected to a person in India who said “Yes I had many viruses on my computer ” He had thick Indian accent and accessed my computer; told me not to touch anything that he would clean it up for me. He also wanted me to sign up for a 4 year program for $499 USA I declined that as can’t afford. but he was very insistent and so I settled For a year’s protection at a cost of $199 so over $200 Canadian.By now it wa 4 a.m here so foolishly gave him Visa card # and told him I had to go to bed. and yes my computer went black with the white letters like posted earlier above by David. much movement .Told him I couldn’t stay up any longer and that he could call later the next day I felt sick inside but not sure why. He said don’t turn off computer so I didn’t just fell into bed. I was up 3 hours later computer was off. strange I thought and there was a message on my phone from Visa security asking me to call them asap .Turned out I that I had been scammed :( but they had blocked the payment as they figured I didn’t go to India to shop .After talking with the woman we canceled my card and Master Card as well just to be safe and she said a new would be sent.within the week. I felt so foolish and vulnerable but I called the cops to report it.. the Detective was quite understanding and said not need to feel ashamed , they did it to her when she went shopping in the states so after much hassle as being disabled with terrible arthritis in my hands and body. I don’t use cash as I have to wear splints on hands and wrsts so can’t fel if money alls. I just use credit cards and pay them each moth over the phone. A week later new cards arrived and I was able to go get some food, I was/am so thankful that Visa was on the alert ,I got my all money refunded but had to call geek squad ( Detective said this was the way to go as several other seniors had experienced the same problem) Geek squad came and took computer to clean it all out. was bale to save my pictures to come and take computer to be throughly cleaned up. after 5 days I got computer back My life line to the world as I need a walker and don’t get out much. So did have to pay geek squad to fix the problem.. I am not computer savvy , too trusting but now wiser for this experience ., agent said his name was Anant Kummar. the name of scammer company is Avangate Systweak .thanks for this posting David I think you did a terrific job talking to ‘Michael’ .

  63. Gerry

    Still happening in Ontario, Canada. 2x this month November. After telling this one fellow that I knew he was a scammer he got quite vulgar.

  64. Henrik Pedersen

    My mother got one of these calls today in Denmark, at least she was smart enough to give me the phone so i could talk to them. Even though i wasent aware of this issiue, it took me no longer than 30-90 seconds for me to realise that it was a scam, the english-indian woman claimed to be from the microsoft department in Scottland, and started asking questions about who was the owner of the 2 computers she called about, i then asked her which computers it was since we have 3 or 4 working computers in the household, whereafter she asked to talk to my mother. I refused since i know very well that there would be no reason for her to talk to my mother rather than me, if she was indeed an microsoft employee. after i refused she started talking nonsens, and i asked her what the issiue was. She then told me that there had been downloaded malicious software on 2 of our computers. Then when i replied “if there is malicious software on those computers i will remove it myself.” aparently that made her angry, and she replied in a rather unpleasant way, and i quote: “You are not an educated computer technician, so that will not be possible.” then i just laughed and told her to shut up, at that poing i knew very well that she was no microsoft employee, and interistingly enough she pretty much yelled, no, you shut up!. When she finally realised that i wasen’t going ot let her talk to my mother agian, she said “Idiot” in a rather high tone and hung up.

Leave a Reply

Your email address will not be published. Required fields are marked *