ESP Logo
 Elliott Sound Products Scams & Ripoffs 

Copyright © 2005 - Rod Elliott (ESP)
Page Created 07 March 2005, Updated 06 October 2010


Spam, Scam & Security Index
Main Scam Index
Main Index


11.0 - Microsoft (Or Any Local Major/ Minor Telecommunications Provider)

The phone rings, and the voice at the other end says s/he's from Microsoft (or a major ISP (internet service provider) in your region). Apparently, their servers have detected that your computer has a virus, possibly several, and they want to help you to fix the 'problem'.

You have two choices - either hang up straight away, or you may choose to have some fun at their expense. Because they know that people are (rightfully) wary, they need a way to convince you that they know the details of your PC. Of course, you may well be using Linux or a Mac - I've told several 'Microsoft' people that it's odd that they would call me because I use Linux - that always confuses them . I've also led several on for a while, letting them think they have a live target. Their ultimate disappointment is almost worth the time spent.

One of the things they will ask you to do is open a command prompt (they will helpfully explain what to do), and type the command 'assoc' at the command line. A long way down the list is the string they are after - it's actually the association that lets you send a file to a zipped 'folder' (directory), but most people don't know this. The string itself? It looks like this ...

	.zfsendtotarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

In 'Windows-speak', that's a class identifier, and it looks as if it should be unique. That's exactly what the scammers want you to believe - that it is unique. At this stage, it doesn't take much imagination to realise that it is common to all Windows-7 machines, and it appears to be the same for Win-8 and Win-10 as well. I don't propose to go through the whole spiel they will use, and a very simple way to track down a vast amount of info on this particular scam is to run a search of the CLSID shown above (or click the link below).

By telling you the contents of the CLSID string, they hope that you will be convinced that they actually do have information about your PC. For a laugh, you can always ask them to tell you your machine's IP (internet protocol) address, which is a block of digits that looks something like 222.333.444.555 and uniquely identifies your machine on the Net. To see your IP address, click What Is My IP Address and the site will show you. This address is allocated by your ISP when you connect to the Net. It may change from time to time, but this is normal. If the scammers really know anything about your machine, they must have this info. They will tell you that they can't reveal this for 'security reasons' or some such drivel when you ask.

Click the class ID CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} to launch a Google search. It goes without saying that should you let them have access to your computer (NEVER DOWNLOAD ANYTHING THEY ASK YOU TO !), you will either end up with a real virus, or you'll be asked to pay for them to 'remove' the virus (one or more) from your machine.

This scam is fairly sophisticated, and the scammers will spend a lot of time with you if they think they have a real sucker target. However, no matter how plausible they sound, neither Microsoft nor any major (or minor) ISP will call people out of the blue to tell them their machine has a virus.


Spam, Scam & Security Index
Main Scam Index
Main Index

Copyright Notice. This article, including but not limited to all text and diagrams, may be freely distributed in the interests of helping to prevent fraud, scams and spam. Please include a link to this page if you use the info elsewhere. Note that the ESP® logo is the registered trade mark of Elliott Sound Products, and may not be reproduced without permission from Rod Elliott.
Page created and copyright © Jan 2017.