Support Scammer Anna’s CLSID confusion | WeLiveSecurity

Support Scammer Anna’s CLSID confusion

Scammer Anna claims to be from Global PC Helpline, and certainly that site seems to be confused about what it is and where it operates from.

Scammer Anna claims to be from Global PC Helpline, and certainly that site seems to be confused about what it is and where it operates from.

[I’ve removed some links and registration data from this article that are no longer current. David Harley, November 2013.)

Another day, another support scam call. It appears that one of my PCs has been  sending out messages to India again about system problems. I don’t know why it would rather talk about its problems to a call centre in Uttar Pradesh rather than just pop up an error message to me. Does it feel I’m working it too hard? ;-)

‘Anna’ claimed to be from Global PC Helpline, and gave me a UK phone number – 0800-0148910 – which did indeed correspond to a page for the UK claiming to belong to a company of the same name. 15 months on, however, that URL is unreachable. (That number has been reported many times on services like Who Calls Me? as being cited by scammers as a  number to ring them back on, but at least one company has claimed in the past that scammers are maliciously directing victims to use its helpline number to call back on.) ‘Anna’ also told me that my PC was sending out messages about system errors, and tried to pull the CLSID gambit on me, then put the phone down when she realized I wasn’t buying it and tried to get her to tell me what she thought the ASSOC command really does.

While this was clearly a scam call, I can’t, of course, prove beyond all doubt that she was really calling from Global PC Helpline, and in fact Caller ID was disabled (as is usually the case – calls show as International or Withheld when I receive them).

However, after taking a quick look at the GPCHL website, if they’ll excuse the familiarity, it includes some interesting features. While the company is claimed to have been founded in Magnolia TX in January 2009, whois data at the time this article were posted were not  exactly consistent with that claim, being registered with a company in India. The whois registration data for that domain have since changed: the  data are published via Domains By Proxy, so we don’t know the identity of the current registrant.

Anna also told me she was in India,  when she was still answering my questions.

The site claims, among other services, to offer support for a number of well-known antivirus products. I particularly liked the first sentence of a section on support for McAfee products:

Our certified technicians provide you immediate help and best possible solutions for Norton Antivirus.

I’m not sure whether that means that McAfee and Symantec are closer friends than anyone realized. Or does it mean that McAfee detects and removes Norton? Perhaps the AV industry is more competitive than I’d realized.

The site has a number of more serious problems:

  • unfinished stub pages (I can’t wait to find out what Smart Phone Support is, unless it turns out to be Anna, in which case there may be a Trade Descriptions issue)
  •  invalid security certificate messages
  • a Facebook page  that claims the company was founded in Foley TX. Not exactly round the corner from Magnolia TX. That Facebook page has now disappeared.

Any Texas Rangers reading this who can help this confused company sort out its real location?

ESET Senior Research Fellow