Comments on: Support Scammer Anna’s CLSID confusion http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: David Harley http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-4382 Sat, 30 Nov 2013 13:45:00 +0000 http://blog.eset.com/?p=14679#comment-4382 Event Viewer often does show ‘errors’, but they’re usually transient glitches rather than persistent errors, and unlikely to indicate the presence of malware attacks. The utility is only really of use (sometimes) to real tech support people (or _very_ knowledgeable users) researching a possible problem. And, of course, to scammers. :(

]]>
By: janifair http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-4381 Sat, 30 Nov 2013 03:29:00 +0000 http://blog.eset.com/?p=14679#comment-4381 Just got off the phone with Rosalyn from “Windows Support” trying to gain access to my system saying they were receiving ERROR messages, etc…using same 00C04FD7D062 CLSID #. She gave this number to call back for verification 1-800-806-0762
So, I called back and got her on the line after googling your site…thanks! My scolding about preying on a single mom of 4 kids who makes a living on my computer probably fell on deaf ears, but I felt better!
My question is: I DO actually have ERROR messages on Event Viewer…are these real threats? If so, who do I call to fix.
Thanks!

]]>
By: Suzy http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-4337 Mon, 11 Nov 2013 21:05:00 +0000 http://blog.eset.com/?p=14679#comment-4337 Yep – just received the call. Said she was from Online PC Advisor. I had her on the phone for about 10 minutes, and she tried to get me to sit at the computer in question. I said that someone else in my family was using it right now, so the timing wasn’t convenient. I asked for a phone number and an ID number for them to verify that they knew who I was and they gave the 800-986-4764 number and the same 00C04FD7D062 ID#. I told them I would Google their company and call them back if it was legit, and she immediately hung up on me. It was very difficult to understand her accent, and she was very insistent that I should do something fast, as they were receiving many error messages to their server. Don’t fall for their bully tactics. ALWAYS verify and say you will call back. ALWAYS.

]]>
By: Mrs Rosemary Bamford http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-1052 Wed, 29 Aug 2012 13:05:43 +0000 http://blog.eset.com/?p=14679#comment-1052 Had a similar call today from 'John Thompson', very strong Indian accent.  This is the first time we've had an address which sounds even plausible (my husband likes to string them along).  It's been a bit quiet recently but for well over a year we've had variations on this, perhaps twice a week.  I have a post grad. in Computer Science but this doesn't seem to daunt them at all.

]]>
By: David Harley http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-1051 Tue, 21 Aug 2012 06:20:15 +0000 http://blog.eset.com/?p=14679#comment-1051 Thanks, Allan. It’s always good to have data on specific sites.

]]>
By: Allan G. Hitchmoth http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-1050 Tue, 21 Aug 2012 01:55:22 +0000 http://blog.eset.com/?p=14679#comment-1050 August 20, 2012.
Got a frantic voice-mail from my sister-in-law about a call from a woman named "Shivi", or some such, stating that she was with "Global PC Personal Computer Help Lline" The number she gave was  1-800-986-4764, and does indeed correspond to a company with the URL of ". The woman claimed that Microsoft was reporting that my sister-in-laws' machine was reporting errors and had her go to the comman-prompt and check the screen. Of course, once the woman read back the CLSID, she was amazed and really thought she had a problem. She also, in her befuddlement, completely forgot the "ASSOC" command the woman instructed her to issue once at the prompt. (That's why it took me so long to realize what number the woman "read back" to her) Luckily, she told the woman that she wated HER computer guy to check it out before going any further. It took me a while to decipher exactly what the steps were that the woman walked her through, but it was this very CLSID scam!
For informational purposes, the URL is registered through GoDaddy,
 Domain Name: GLOBALPCHELPLINE.COM
      Created on: 18-Dec-10
      Expires on: 18-Dec-13
      Last Updated on: 15-Jul-12
 
The rest is useless as it pertains to DomainsByProxy.
I have no idea if this is a legitimate company who's information is simply being exploited, or if they're the scammers themselves. Either way, it seems this little gem is about to make the rounds again!
Thanks for the blog, David!
Great job!
I now have something to which I can point when explaining the scam and (hopefully) forewarning my clients.
All the best!
-Al

]]>
By: David Harley http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-1049 Thu, 09 Aug 2012 17:39:07 +0000 http://blog.eset.com/?p=14679#comment-1049 Thanks, Aaron. :)

]]>
By: Aaron http://www.welivesecurity.com/2012/08/09/support-scammer-annas-clsid-confusion/#comment-1048 Thu, 09 Aug 2012 17:36:08 +0000 http://blog.eset.com/?p=14679#comment-1048 As usual, what a great post David! Keep up the excellent investigations exposing these such scammers and never lose your sarcastic writing style. It is informative while entertaining, which is most appreciated.

]]>