Skip to content Skip to sidebar Skip to footer
Home / Transfer Number to Cricket Oops! Were Having Trouble Validating Your Number Please Try Again

Transfer Number to Cricket Oops! Were Having Trouble Validating Your Number Please Try Again

Post a Comment

Incidents

Trying to unmask the imitation Microsoft support scammers!

Incidents

minute read

Im pretty sure that most of you guys know most the contempo phone scam which is circulating correct at present. They accept been calling a lot of people in countries such as Germany, Sweden, the Britain and probably more. The scam is pretty simple; they pretend to exist from a department within Microsoft which has received indications that your calculator is infected with some malware. They volition then offering (for complimentary) to verify if this is the case. If the victim agrees on this, they will enquire the victim to perform sure deportment, and as well type sure commands, which will trick a non-experienced user that the output is actually showing that the calculator is infected.

I just want to mention that at that place is no such department at Microsoft, and they would never phone call upward customers offer this. So if you ever get a phone call from Microsoft stating that at that place are some indications that your figurer is broken or infected – please hang upwards!

Well, they take called me several times, and finally Ii got fed up with this and started to play along. At the aforementioned time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to become concur of information such as their internal IP addresses, the PayPal accounts used to wire coin and the numbers they are calling from.

Lets pretend for a while that you lot have received the phone call, and you are playing along with the whole idea that your computer is infected. Their next step is to try to convince you lot that your computer is infected. This volition be done in several different steps. Please find the steps below, including screenshots below:

  1. They will explicate that your computer is only working with VERY low resource because the infection is consuming everything. This is completely wrong. What the picture actually shows is that your computer is merely using very little resource at the moment.

  2. They will then open up up the Outcome Managing director to try to identify errors, warnings and other information that can be used to trick you into thinking that the computer is infected. The event viewer does testify error messages, merely not directly related to an infection. Almost all computers accept errors in the log files, especially if the reckoner has not been re-installed lately and is running a lot of programs.

  3. At this point they are really pushing the thought that the computer is infected, and what needs to be done at present is for you to confirm that your reckoner is actually the computer they have in their reporting system. They will so try to associate your computer with a unique number; a number they call the Consumer License ID, known as the CLSID. But the CLSID is actually a Class identifier. In the moving picture below y'all can see which program or CLSID an specific file extension is associated with. They will and so enquire you to execute the control assoc in a DOS prompt, and then inquire yous if your Consumer License ID is 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. This is actually the CLSID for the ZFSendToTarget file extension.

  4. At this signal they accept not just tried to convince yous that the computer is infected, only also that the reckoner that they are seeing in their organisation is actually your computer. They will now ask yous to execute yet another DOS control called verify. They country that if the output from the verify command is off it means that your computer license is not verified. This command has admittedly naught to do with your license, it only allows you to enable/disable operating organisation verification that data has been written to disc correctly.

    5. At this point the woman I was talking to was screaming OH MY GOD! in my ear, she was super upset that my license was non verified; co-ordinate to her this meant that no security patches could be installed. She then suggested that the next step was to allow a technician to access the reckoner and prepare all these issues.Of form I allowed the technician to exercise and so – I was running everything in an empty virtual motorcar 🙂

  5. They use a Remote Assistants Software chosen AMMYY. I had never heard of this software earlier this incident. It seems pretty directly forward and legit. From a unique ID they can connect to my computer and work with it. I could as well run across everything that they were doing. An operator with the ID 10878203 connected to my figurer, and below is the permissions that he/she requested.

  6. At this point the administrator continued to my estimator and was able to use it. He opened upwardly the Certification Manager and selected an old certificate. I still had the adult female on the phone, and she explained that the operator had now plant out that my computer had non been updated since 2011 because of this invalid certificate.

  7. Now things started to get actually fishy, they told me that the merely solution for this is to activate my system and besides to install security software which will protect me against viruses, malware, Trojans, hackers and other things. She asked me on the phone If this is what I wanted to do, and said that if I do want this the operator would fix my figurer and besides install this software. She said this would only cost me virtually $250 USD.
  8. The operator then installed a program called G2AX_customer_downloader_win32_x86.exe from the website www.fastsupport.com. When this was done a chat popup came upwards. It was a person with the proper name David Stone who informed me that my computer was no longer at risk.

  9. They then told me that since I agreed to getting my software updated, I now have to fill out a form and pay $250. They then opened up a PayPal grade. I was able to collect several different PayPal accounts including: ukfastcare@gmail.com and ddkcare@gmail.com
  10. Since I knew that this was simply a scam I wanted to encounter if I could get some more than information about these people. So I tried several times to enter imitation VISA and MasterCard information and also said that I dont have the ability to purchase things on the Internet with my carte du jour. They got quite frustrated with me at this point. I then asked them to visit a website, which I pretended to be the website of a friend who I know has put his carte du jour information on a website.The website is actually only a textfile containing a static text: How-do-you-do, please connect from a different IP since your backside a proxy

  11. We tried several times from my computer, using different browsers, simply so I asked them to cheque from their site, and to my surprise they actually did. I was looking in my log file and as before long as they connected I got their IP address 🙂

    101.thirty.xxx.197 – – [01/Aug/2012:thirteen:44:31 +0200] "GET //.txt HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 6.one; WOW64; rv:xiv.0) Gecko/20100101 Firefox/14.0.ane"

  12. At this indicate I also simply disconnected from the phone several times when nosotros were talking, because I wanted to see which numbers they were calling from. I was able to collect the following numbers: 00441865589771, 008028, 002127773456 and also a subconscious number.

    13. Afterwards collecting all the data, i have now contacted all the appropiate people such every bit the security team at PayPal, various law enforcement agencies with the hope that we can stop these people. They are stealing alot of money from innocent people. I know that people have been warned near these scams, but my conclusion is that they are however calling people because they are still making money out of these scams.

    The software that they were using was not malicious in any way, which means that no security software can find these types of scams. This is one of the main reasons for this article and others like information technology – we demand to keep informing people almost information technology until the cybercriminals are forced to cease.

  • David Jacoby

    • Latest Posts
    Latest Webinars
    Reports

    We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program chosen DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a total-featured backdoor.

    turnereplay1970.blogspot.com

    Source: https://securelist.com/trying-to-unmask-the-fake-microsoft-support-scammers/33734/

    Post a Comment for "Transfer Number to Cricket Oops! Were Having Trouble Validating Your Number Please Try Again"