Microsoft security scam (Singapore)

First of all, happy new year to all!

The purpose of this post is just to add on to the already saturated web illustrating such incidents. Yes, I picked up a phone call tonight from a scam syndicate claiming to be from Microsoft security.

The story goes:

I received a phone call at about 8pm asking for my father and “the owner of the windows computer in my house”. The caller was an Indian lady with her strong accent. The background was a little noisy and it didn’t sound like an office. I got suspicious and asked who she was and her attitude wasn’t excellent at all. She claimed to be from “Windows”, and wtf? What kind of “window” are you from? Tinted? Shaded? Tempered? Well, the call wasn’t for me anyway so I told her my dad was out. She couldn’t even get the name of the company right.

After my parents came home, she called again and this time my mum picked up. I was eavesdropping and heard her pathetic attempts to try to convince my mother the rubbish she didn’t even know what she was trying to say. She kept repeating that my “Microsoft licence” is being illegally used. I didn’t know that there is such a thing called “Microsoft licence”, and she claimed that the entire household shares the same “licence”. Then, my dad took over the call and screamed at her saying that she is accusing us of using fake products. The only Microsoft product my entire household shares is the Microsoft office which we bought it legally. My dad kept telling her not to accuse us and that what we are using is legal. And he slammed the phone down. She must be crying to her mama after that.

Now, that is actually not the best way to deal with it though. He didn’t understand her fully, but my dad doesn’t give a flying fuck whether you are the Queen or the President. If you are an asshole, he treats you like one. His signature moves are shouting at bank employees for screw ups to his accounts. I guess I took up that hot-tempered genes but with more self restrain.

So a few minutes later, the phone rang again. This time I was determined to find out what the hell is happening. A man was on the line this time. He sounded like a Filipino, but he could have been an Indian. Anyways, not a Singaporean, nor a Singaporean Indian. He thought I was the person who “scolded” his colleague. He demanded to know why I had “abused” his colleague. It took me no time to convinced him that was my father and apologized on his behalf and that I want to know what was going on because my parents’ command of English is not great.

This faggot repeated the same situation and explained that my household’s “Microsoft licence” is being used by a third party. Logic ran through my mind. Wait up, if each PC that runs on a Microsoft operating system has a unique licence, how is it possible that the entire household runs on the same one?? The other thing that the entire household shares is our internet connection! Thus he went on to “cover up” by saying that yes, the licence runs through the internet. Well go eat your own shit. It doesn’t take a genius to figure that it is rubbish. I continued to play with him and without me asking, he volunteered to “show me” that the licence can be checked. I asked him through which computer, and he said any one will do. So I brought out my laptop and asked him what’s the next step.

“Look at the bottom left corner of your laptop,” he said. “Do you see the key C-T-R-L?”

In my mind I was like fuck you, fuck your ancestors. Are you testing my intelligence? Seriously??

Me: “Yes”

Him: “What’s on the right side of it?”

Me: “Fn key~”

Him: “And then the right of it?”

Me: “Windows key????”

Him: “Okay I want you to press win+r quickly together, What do you see?”

Me: “Don’t waste my time. Tell me what to type.” (It was obvious he wanted me to bring out the run box and he thought I was a computer idiot)

Him: “Okay, type CMD. What do you see?” (That brings up the command prompt)

Me: “The command box????”

Him: “Do you see at the top it says Microsoft Windows….”

Me: “Yes and?”

Him: “At the bottom of it, the copyright?”

Me: “And then?”

Him: “And do you see the blinking cursor at the next line?”

Me: “I know my shit, what do I key in?” (I was seriously getting impatient with his naivety)

Him: “Type A for Alpha, S for Sock, S for Sock, O for Oscar and C for Cat” (What?? He really think I’m as stupid as him)

Instead of keying into cmd.exe, I did a google search immediately and the scam alerts appeared.

Him: “What do you see?”…”What do you see?”…”Have you typed assoc?” He kept repeating it because I was doing my google search and wasn’t actually keying into the prompt. 

Me: “I’m going to call the police right now because this is a scam.”

Him: “Who told you this is a scam? How do you know this is a scam?” (He panicked and kept interrupting my words)

Me: “I am not going to talk to you further and I am going to hang up!”

I had to shout because he raised his voice and kept talking. And I slammed the phone down. The calls kept coming but nobody answered and my mother disconnected the wire eventually.

Advice I would like to dish out to avoid being scammed.

1. Verify the authenticity of the caller. 

Using common sense, why would an authority call on a darn Saturday night about privacy issues unless it is really important? Since when did the Singapore authorities outsource “security officers” to foreigners? If such licencing issues were involved, it would most likely be my ISP calling or the media authorities such as IDA. In severe cases, the police. Fancy identifying themselves as “Windows security officers”?? I help you secure your window, want?

Sadly, my home phone does not have a caller ID, but they were most likely calling from overseas anyway. It is easy for anyone to take the yellow pages and call the “owner of the house”, so do not let your guard down even if they can identify your name. The background noise of the calls sounded much like a call center. A scamming den.

2. Do not be intimidated

Get the situation clear. Even if you did flout the law and an authority calls up, you should still stay calm and verify the situation. What if the authority turns out to be fake and you get blackmail instead? Until I verify that this was a scam, I kept my mind open as there is still a possibility that it could be a genuine call. Hence, I had to calm that fucker down and talked nicely. Subconsciously, when he mentioned that he was “a security officer”, and demanded to know why my dad “abused” his colleague, and that the call was “recorded”, my mind took a double because he sounded serious.

3. Protect and educated yourself with the necessary knowledge

Kidnap scam? Know the whereabouts of your family and always keep in contact. Lottery scam? I wonder if anyone is still stupid enough to fall for that. Thus, scammers now move into computer scams, where many only know how to use but do not know how to troubleshoot. If you are not a fan of computers, at least know that Google is your best friend. Google is legal, Google is powerful and Google is fast.

Be clear of every single step that you are asked to do if you were to go ahead to further verify the scam. Think of the possible implications before clicking anything. Even a friend can get you to reveal sensitive information if you blindly follow instructions. Although I knew that by typing “assoc” into the command prompt, there were not yet any implications, I refused to go further as the fucker was wasting my time.

I got this from another source (Hebrides Weather Facebook page):

“So, this is how it works;

They ask you to sit at your PC and click START > RUN > then type “CMD” (command) into the RUN box. This opens up a black box on the screen, which older PC users may recognise as the DOS window.
In the DOS window they ask you to type “ASSOC” and hit Rtn and a long list of stuff comes up on the screen.

They ask you to look near the bottom of the list for the letters “CLSID” and explain that this is a unique identification number known only by the manufacturer of the operating system.
They then read out a number and ask you if it matches the one on the screen in front of you, which of course it does.
The complete line looks like this: ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
and they read out this number: 888DCA60-FC0A-11CF-8F0F-00C04FD7D062

This is all to get your trust and make you think that they are a support company and that they have the information about your computer, they don’t, this number is the same on every Windows based operating system released in recent years.

I don’t know what happens after this but I have read elsewhere that they are trying to get you to allow them remote access to your PC via the likes of LogMeIn or other means. This could be for various reason like charging you for the “work” they have done or installing software on you PC.

I managed to keep them on the phone for 16 minute, making out I was trying what they were asking me to do, but when they ask me to enter “ASSOC” into the DOS window I kept saying that nothing happened and that I could just see the cursor flashing and nothing else. After they talked me through another route to the DOS window and being told to type “ASSOC” into the window again, I again said nothing had come up.

She was starting to loose hope and then I said “These commands do work on a Linux operating system don’t they? As all my PC’s are Linux, not Windows.” To which she said “No this is only for Windows” and hung up!

So, be warned if you get a cold call like this, don’t do as they ask you. Ask them to tell you what your IP Address is and who your Internet Service Provider (ISP) is, I bet they don’t, or can’t!

The best thing if you not sure is to just hang up but if you want to end the call politely then the best thing seems to be telling them that your PC runs Linux or MAC.
I kept them on the line as long as possible because I figured that if they’re speaking to me then they’re not scamming someone else.”

There you have it.

I’m surprised that this was written in 2012. Nearly 4 years and now they turn their guns on Singapore? So they think Singaporeans are easy to scam? I hope not. Then again, if lottery scams are successful, this business could be thriving so much such that they can expand their operations to Singapore. Stay safe everyone.

Advertisements

2 thoughts on “Microsoft security scam (Singapore)

  1. “I kept them on the line as long as possible because I figured that if they’re speaking to me then they’re not scamming someone else” gee thanks 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s