Sponsored by..

Thursday, 12 January 2017

Scam: 01254522444, the fake BT engineer and 888DCA60-FC0A-11CF-8F0F-00C04FD7D062

In the past few weeks I have seen a huge upsurge in the number of Indian tech support scammers ringing, both at home and my place of work. (For example.. this).

One common trick they use revolves around this hexadecimal number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Either it's a signal that hackers are at your PC, or it's your secret router ID that only BT would know.

The conversation goes something like this..

Victim: "But I don't get my internet from BT.."

Scammer: "BT provides all the internet connections for everyone else, including TalkTalk and Virgin Media."

Victim: "How do I know you're from BT?

Scammer: "There is a confidential Router ID that only BT will know. You can verify this to prove that we are BT."

The scammer then talks the victim through pressing -R then CMD (followed by OK) and then ASSOC (followed by RETURN). That simply produces a list of file associations (e.g. to say that .xlsx is an Excel spreadsheet). The line they want you to see is:
.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
This is just something to do with how Windows  handles compressed files and folders. All Windows machines should have t his entry, but it looks sufficiently scary about to impress at least some victims.

NEVER GIVE THESE PEOPLE ACCESS TO YOUR PC.

However, if you want to waste their time please do so.. if you work in IT you can probably play a convincingly dumb user. It seems that they will try for up to 40 minutes or so before they give up. Alternatively, say that you have to get your laptop out from somewhere and it is very slow and just put them on hold. Every minute of their time you can waste will stop them targeting other potential victims.

And don't just ignore the call - report it. If you are in the UK you can report this sort of scam to Action Fraud - it will certainly help law enforcement if they have an idea of how many potential victims there are.

9 comments:

Jesse said...

They called this morning. Same game. Probably upping their call frequency in response to the recent hacking scare. Now are claiming to be with Microsoft. In background I think I could hear one of the other callers in the Indian call center collecting money from someone, so probably is a payday for the hackers right now.

El Comino said...

Same here. Supposedly 'Microsoft IT department' calling from the UK to my home number in the Netherlands. I tried to keep them busy as long as I could. He claimed to be calling from the UK. I just checked my incoming call log'(12 minutes before they hung up on me). They called from NL but the number is one digit too short. I will now contact my Phone Provider. It isn't he first time 'Microsoft call me.

Wendy said...

Received a call about 40 minutes ago. Gave me a name Ryan Peterson and a BT employee ID 860005285, the scam 32 digit code, the address 81 Newgate Street London EC1-this address I reported about 2 years ago, and a phone number 02031295164, although the number he called from was 07034399887.

I am also giving this information to BT and Action Fraud, I have already informed Microsoft.

Wendy

Wendy said...

Received a call today using the same 32 digit license number
Details obtained Ryan Peterson BT ID number 860005285, 81 Newgate EC1, 02031295164, although he phoned from 07034399887.

Have reported this to Microsoft, will now contact Action Fraud and BT

Thierry Terrain said...

While talking with them I searched their phone number 0353587863 and the Modem number they gave me 88DCA60 and found this page. I said to the Indian on the end of the phone, “when I search your phone number and also the Modem number, the search shows SCAM”. Then they hung up.

A3aan said...

20180219 - same story, same number. I kind of feel sorry for those guys doing this job, in (poor) India I think. Next time they call I’l have the number ready on my (iPad) screen and tell HIM what my number is, to confuse him ;-) Is there really no solution to avoid these calls? Send troops? A drone?

HoolaHoop500 said...

I have just received the same phone call. The scammer lasted five minutes. I am incredibly irritating. I made her repeat herself at least five times, told her I hadn t got a clue what she was talking about and asked her how I would know that she actually was from BT. Then she got clever and said that only someone from BT would know I was with them and my security number. I replied that as far as I am aware there is nothing wrong with my internet and if I felt there was I would ring her and not the other way round. She hung up

SFBayMaman said...

I'm in the US and just got this call from a man with an Indian accent (3:33pm Pacific Time). The phone number was +1-847-311-1769. Does anyone on this thread know where I can report it in the US?

I knew immediately it was a scam! Of course he didn't mention BT. He just said something super general like, "We've detected a signal from your computer." I gave him a few minutes with BS about how I have multiple computers and which one did he want to know about. He also gave me the number 888DCA60 (which I wrote down and then googled to find this thread!).

I hung up when I asked how he could tell if I had a PC or mac and he said, "Well obviously I know you're using a Windows machine!" (I'm a Mac user.)

charlie said...

3 times i received this call yesterday (20/07/2018) starting with a recorded message saying it was BT and there was a problem with my internet connection. Press 1 if your internet service is supplied by BT or press 2 for all other suppliers. The caller was an indian and you could hear other indian voices in the background. Then the usual garbage about problems with your internet connection. The interesting thing was all 3 calls came from different numbers. After the second call I just let the guy ramble on until ha got fed up.
Very annoying