Network Security, Threat Management

Cold call scams: Life in the old dog

What comes around, comes around. And around, and around, and around... No, I'm not referring to LulzSec on this occasion, even though the group has apparently returned to life in order to add to the woes of News Corp.

Instead, I'm referring to the ongoing saga of cold-calling support desk scams, which I last wrote about here in March. A few days ago I picked up a slightly puzzling email mention of such a call where the scammer terminated the call because he was asking for a number that didn't match the one that his intended victim (a well-known figure in AV and security) had mischievously made up for him.

Shortly after, I came across an article by Rebecca Herold that shed some light on the issue: The scammer was trying to “prove” he was “genuine” because he knew a “unique” CLSID [a class ID  is a 128-bit identity number for a software application or application component] for that machine. In fact, the CLSID in question – CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} – is common to every Windows machine I have around here (including XP, Vista and Windows 7). I've explained how the trick works here (as well as linking to a longer paper that ESET put together on the topic), so I won't go over it again.

But today, the topic turned up yet again in a BCS security blog by Andrea Simmons about how her husband nearly fell for the scam. Happily, my wife is pretty familiar with this type of scam, being pretty ITsec-savvy in her own right. In fact, whenever one of these guys rings us, she asks me why I bother to talk to them. It's because I'm interested in finding out what kind of social engineering they're using currently. However, I'm not very good at it, mainly because I get cross quite quickly and tell them what I think of them, so I guess when they come to make a movie about my life, it probably won't be called “The Sting.” (Suggestions for more appropriate titles are not invited.)

The BCS blog led me to an article by Bruce Schneier about yet another scam call. The article itself is brief, but I was amused by a blog commenter who suggested: "Just tell them your computer runs Linux." The reason the scammer in my first paragraph wouldn't have been able to get that CLSID off the “victim's” PC is that he does, in fact, run Linux, and was telling the scammer what he (the scammer) wanted to hear. The reverse con stalled because he doesn't run Windows, and so didn't have immediate access to the real CLSID, and the scammer's script didn't allow for any other number. Apparently, even rogue support desks have trouble getting good – or bad – staff.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.