Sponsored by..

Thursday, 12 January 2017

Scam: 01254522444, the fake BT engineer and 888DCA60-FC0A-11CF-8F0F-00C04FD7D062

In the past few weeks I have seen a huge upsurge in the number of Indian tech support scammers ringing, both at home and my place of work. (For example.. this).

One common trick they use revolves around this hexadecimal number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Either it's a signal that hackers are at your PC, or it's your secret router ID that only BT would know.

The conversation goes something like this..

Victim: "But I don't get my internet from BT.."

Scammer: "BT provides all the internet connections for everyone else, including TalkTalk and Virgin Media."

Victim: "How do I know you're from BT?

Scammer: "There is a confidential Router ID that only BT will know. You can verify this to prove that we are BT."

The scammer then talks the victim through pressing -R then CMD (followed by OK) and then ASSOC (followed by RETURN). That simply produces a list of file associations (e.g. to say that .xlsx is an Excel spreadsheet). The line they want you to see is:
.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
This is just something to do with how Windows  handles compressed files and folders. All Windows machines should have t his entry, but it looks sufficiently scary about to impress at least some victims.

NEVER GIVE THESE PEOPLE ACCESS TO YOUR PC.

However, if you want to waste their time please do so.. if you work in IT you can probably play a convincingly dumb user. It seems that they will try for up to 40 minutes or so before they give up. Alternatively, say that you have to get your laptop out from somewhere and it is very slow and just put them on hold. Every minute of their time you can waste will stop them targeting other potential victims.

And don't just ignore the call - report it. If you are in the UK you can report this sort of scam to Action Fraud - it will certainly help law enforcement if they have an idea of how many potential victims there are.

No comments: