Sponsored by..

Thursday 12 January 2017

Scam: 01254522444, the fake BT engineer and 888DCA60-FC0A-11CF-8F0F-00C04FD7D062

In the past few weeks I have seen a huge upsurge in the number of Indian tech support scammers ringing, both at home and my place of work. (For example.. this).

One common trick they use revolves around this hexadecimal number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Either it's a signal that hackers are at your PC, or it's your secret router ID that only BT would know.

The conversation goes something like this..

Victim: "But I don't get my internet from BT.."

Scammer: "BT provides all the internet connections for everyone else, including TalkTalk and Virgin Media."

Victim: "How do I know you're from BT?

Scammer: "There is a confidential Router ID that only BT will know. You can verify this to prove that we are BT."

The scammer then talks the victim through pressing -R then CMD (followed by OK) and then ASSOC (followed by RETURN). That simply produces a list of file associations (e.g. to say that .xlsx is an Excel spreadsheet). The line they want you to see is:
.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
This is just something to do with how Windows  handles compressed files and folders. All Windows machines should have t his entry, but it looks sufficiently scary about to impress at least some victims.

NEVER GIVE THESE PEOPLE ACCESS TO YOUR PC.

However, if you want to waste their time please do so.. if you work in IT you can probably play a convincingly dumb user. It seems that they will try for up to 40 minutes or so before they give up. Alternatively, say that you have to get your laptop out from somewhere and it is very slow and just put them on hold. Every minute of their time you can waste will stop them targeting other potential victims.

And don't just ignore the call - report it. If you are in the UK you can report this sort of scam to Action Fraud - it will certainly help law enforcement if they have an idea of how many potential victims there are.

29 comments:

Jesse said...

They called this morning. Same game. Probably upping their call frequency in response to the recent hacking scare. Now are claiming to be with Microsoft. In background I think I could hear one of the other callers in the Indian call center collecting money from someone, so probably is a payday for the hackers right now.

El Comino said...

Same here. Supposedly 'Microsoft IT department' calling from the UK to my home number in the Netherlands. I tried to keep them busy as long as I could. He claimed to be calling from the UK. I just checked my incoming call log'(12 minutes before they hung up on me). They called from NL but the number is one digit too short. I will now contact my Phone Provider. It isn't he first time 'Microsoft call me.

Wendy said...

Received a call about 40 minutes ago. Gave me a name Ryan Peterson and a BT employee ID 860005285, the scam 32 digit code, the address 81 Newgate Street London EC1-this address I reported about 2 years ago, and a phone number 02031295164, although the number he called from was 07034399887.

I am also giving this information to BT and Action Fraud, I have already informed Microsoft.

Wendy

Wendy said...

Received a call today using the same 32 digit license number
Details obtained Ryan Peterson BT ID number 860005285, 81 Newgate EC1, 02031295164, although he phoned from 07034399887.

Have reported this to Microsoft, will now contact Action Fraud and BT

Thierry Terrain said...

While talking with them I searched their phone number 0353587863 and the Modem number they gave me 88DCA60 and found this page. I said to the Indian on the end of the phone, “when I search your phone number and also the Modem number, the search shows SCAM”. Then they hung up.

A3aan said...

20180219 - same story, same number. I kind of feel sorry for those guys doing this job, in (poor) India I think. Next time they call I’l have the number ready on my (iPad) screen and tell HIM what my number is, to confuse him ;-) Is there really no solution to avoid these calls? Send troops? A drone?

HoolaHoop500 said...

I have just received the same phone call. The scammer lasted five minutes. I am incredibly irritating. I made her repeat herself at least five times, told her I hadn t got a clue what she was talking about and asked her how I would know that she actually was from BT. Then she got clever and said that only someone from BT would know I was with them and my security number. I replied that as far as I am aware there is nothing wrong with my internet and if I felt there was I would ring her and not the other way round. She hung up

SFBayMaman said...

I'm in the US and just got this call from a man with an Indian accent (3:33pm Pacific Time). The phone number was +1-847-311-1769. Does anyone on this thread know where I can report it in the US?

I knew immediately it was a scam! Of course he didn't mention BT. He just said something super general like, "We've detected a signal from your computer." I gave him a few minutes with BS about how I have multiple computers and which one did he want to know about. He also gave me the number 888DCA60 (which I wrote down and then googled to find this thread!).

I hung up when I asked how he could tell if I had a PC or mac and he said, "Well obviously I know you're using a Windows machine!" (I'm a Mac user.)

charlie said...

3 times i received this call yesterday (20/07/2018) starting with a recorded message saying it was BT and there was a problem with my internet connection. Press 1 if your internet service is supplied by BT or press 2 for all other suppliers. The caller was an indian and you could hear other indian voices in the background. Then the usual garbage about problems with your internet connection. The interesting thing was all 3 calls came from different numbers. After the second call I just let the guy ramble on until ha got fed up.
Very annoying

Unknown said...

Just got the same call today, claiming to be from Microsoft in Birmingham to my home number in France. He knew my name, town and postcode.

Acted slow and dumb and kept him talking for about 10 minutes until I got fed up (they called several times a day a few years ago and finally stopped) and read him the text on this blog post. He kept protesting his innocence when I read the bit about "scam" but when I got to "However, if you want to waste their time please do so ... play a convincingly dumb user." And there was a loud click.

Next time I'll take the tip and say "so glad to hear from you, yes our computer is very slow, it takes almost 10 minutes to boot up" and put them on hold. It would be good to have a satisfying way to close, rather than actually making an unpleasant person even angrier and maybe go home afterwards and beat up on his wife and kids. Anyone have any ideas?

Unknown said...

Just had the same. I asked what IP address they had for me. 192.142.1.502. Anyone in IT will notice two things wrong with this IP address. It's a private address and so not routable on the internet and that last octet is above 255 and so not possible.

This is when I told the scammer off and told them to stop calling!.

I was also given that same CLSID number as the others.

At least I stopped them scamming someone else for a while!

ChrisChaos said...

January 2019 Same Scam Still Going but with New Twist

Still the same request to hold 'ctrl' & 'R' together, then type 'CMD' enter, then 'ASSOC' to bring up list, then view last line from bottom, then quoted the hexadecimal CLSID number (888dca60-fc0a-11cf-8f0f-00c04fd7d062)

Even after spending nearly 20 minutes explaining that I work in compiler development and have personally known of this scam for at least four or five years now, he continued to insist that he, John (with a very heavy Indian accent - calling he said from Microsoft's UK HQ) was in fact, honestly, really really, cross his heart, very much Not a scammer, but really was a legit MSFT Cyber Crime Technician.

As I'm working from home this week, needed a break from thinking too much and felt like having a laugh I had a chat with him and ended up (almost) feeling a bit sorry for the chap tbh!
I'm quite willing to believe that he actually Does think that he's working for MSFT's Cyber Crime division, either that or he is seriously wasting an acting talent that would take Bollywood by storm.

I actually read his script to him before he went through the spiel himself which got him a little confused, I pointed out that Anyone following his requests would indeed see that exact hexadecimal and no other, that the number was Not as he claimed a Windows OS licence
number.

What was new though is that when I asked for his phone number he actually quoted the correct Microsoft Technical Support UK contact number of 0344 800 2400, though my caller display showed the call as coming from 0021 0182018, odd number that one.

He seemed genuinely upset that I was calling him a scammer, kept on insisting he was legit despite what I was calling him out on.
Are the gangs that organise these scams actually going so far as to create 'real call centres' and employ people whom themselves are being conned into believing that they are working for a real company?

Unknown said...

Today, 16th Jan 2019 - I had a very convincing call from Microsoft advising me that hackers were using my PC. They gave the registry key... and started going down the cmd route, type assoc etc. I knew that this is not a license registry, but file associations, so was immediately on alert and with a second laptop looked it up. When I started asking more detailed questions they started raising their voice at me and wouldn't give me the person's name - instead transferring em to a supervisor, who gave his name - and tried to pass himself off as an employee from Microsoft in Illinois (yet he said he was calling from Thames Valley, UK).
I hung up - others may have been caught by this. Be alert!

Uwe said...

I received such a call last week. Although I told them that I do not possess a windows PC, the clerk did not gave up. After some minutes he ordered bis "boss". He wanted to convince me once more. It was funny for. As I told them, that I am a former programmer and I know what they are talking about they gave up. I can really agree. If you have the time and want to have fun, play with them as long as possible. But don't tell any details of your compouter(s)! :-)

Unknown said...

We have these same %^&*( calling in the US as well. I did manage to tie him up for about 15 minutes, and he took it rather well when I explained to him the only reason I was still on the phone with him was to prevent him from scamming someone else.

Mitchell Schoenbrun said...

They've switched their strategy slightly. They tell you that they are not from Microsoft and that anyone who claims so is a scammer. Otherwise, not much difference. Had fun for an hour letting them pick through a Virtual VM system.

Unknown said...

Got a call just now regarding my BT broadband running slow and they are picking up an issue on their server. The guy sounded Asian and asked me if I had given out my password details to anyone. He said that they know of the problem through my device/computer IP address. I asked then to specify my IP address and they said that they couldn't, but they could supply my router ID code which was 888dca60-fc0..... blah, blah, blah. Got annoyed with the rubbish and hung up.

Unknown said...

I keep them on the phone as long as I can. I followed his instruction to the letter only with a Ubuntu operating system, After 45 minutes, I told the guy that I knew this was a scam and he would probably sell my information on the dark web. He asked who he would sell it to - my mother. When I told him my mother had passed away 40 years ago, he said he would bring her back from hell to get even with me.

Unknown said...

I live in Belgium and they tried it again with the same number this morning (29/03/2019). Same BS story...

Debs B said...

I got this call today, I pushed her to give me my BT account no, and she gave me the same code as in previous messages, I told her that proves nothing other than she is scammer!! No Madame I am BT. So I suggested she give me her phone number so I could call her back, she hung up!!! How Rude! But was fun while it lasted, I had so many more questions for her!!!

Unknown said...

That's exactly what happened to me

Unknown said...

exactly the same story this morning for me. that goodness i saw this blog

Guido said...

They are still active... Kept them busy for half an hour, just to make them lose time hahaha...Finally I said I worked for IBM and that I don't trust Indian computer freaks....They got upset ..hahaha.. and closed the call.
30 minutes LOST TIME !!! hahaha

Unknown said...

Clearly these tech scams work because there are many different sweat shops in India doing it, and they have been doing it for many years now. I get about 5 calls a week. They know they are not going to be able to scam everyone, they just needs to scam enough people to make money. They might only scam 1 out every 200 calls, but that one call nets them hundreds.

I recommend hanging up anytime you hear an accent that clearly is from India. Tech savvy people can toy with them, string them along, wasting their time, but not recommended for people who don't know what they are doing.

GermanUser said...

This is still going on. I'm in Germany and the woman said she's from Microsoft. I did what she told me, showing Warnings and Errors and CLSID 888DCS60 until she wanted me to download remote desctop control. Then - after 26 minutes - I hang up. After this she called me again 15 times, every time with a different number until she stopped.
After I've found this blog I can say it was probably an Indian woman speaking bad English and some German words. Now 2 hours later they are trying again.

ChickieDee said...

Got a weird 5 digit phone call, decided to answer it and got these lovely folks. They told me they were from Cybersild LLC after giving me the above "computer licence ID"; 888DCA60. His name was "Jack Thompson"? I asked him what he was going to do once linking up to my computer. He said he would remove all files related to the problem. Yeah, okay. I asked him what else he would do, do I have to give him a gift card or something? Nope, it will be free of charge because I am a loyal customer, but there would be a "nominal charge" if they find the problem. Wow. Told me it was an urgent problem. Likely. I guess I better act fast, and just not think, and link up quick because oh! Might be an issue! That you charge me for? Wow. Also tried to gaslight me into believing I signed up with them when I bought my damn computer. I was THERE. I did NOT sign up. Anyway, couldn't keep him on the line long, too bad. Hope this helps other folks not believe this crap.

Taina Finland said...

Got a call from same place and took their time this 40 minutes...Scam.

Unknown said...

Well, this post was handy, as it was the very script being read to me; and the 888DCA60 code was all that the lady with an Indian accent gave me. Dragged the conversation out long enough to be able to type out onto Google and discover she was a scammer, made more obvious when she's trying to get me to open the cmd prompt!

She gave me the full list of UK phone/broadband providers, that she claimed she represented.

The conversation itself started out with another family member, before the phone was handed to me and the scam began to unfold. I was asked if I was using the internet at 2am this morning? Sure was! I was running around on Battlefield V, VOIP in use. However there were also 16 others using my phone line at the same time, lmao! "Would that be the other 16 players, I asked?" haha. Clearly, she has no idea what BF5 is, but from working in IT for a number of years; and hearing every phone/internet scam imaginable, I just played along, until I had the above post/script in front of me!

Safe to say, I gave her hell down the phone; and she went nice and silent as I ripped her "No, Sir, I'm from BT!" story to shreds, then said, "I'm hanging up now, it's was nice talking to you, sadly you failed in scamming, me!" She still insisted, it wasn't a scam, right up to the point that I said, "Well, explain to me why what you've just told me is on the OFCOM website as being a scam? I'm hanging up now, bye-bye and don't bother calling me again!"

Unknown said...

I just had a phonecall claiming to be from Reading Microsoft centre from an Indian called Kelvin Steveman. wit the same code wanting access to my computer to check for hacking.... he eventually gave me telephone number 03448002400 to call him back on which apparently is an MS number, but not the one the call originated from 00467392237463702... He was quite repetitive about everything, becoming very irritated when I started questioning him, before I finished the phone call. .