Helping people with computers... one answer at a time.

In a brazen scam attempt you may get a phone call from someone claiming to be your ISP to "help" you with your Windows problems. Don't fall for it.

Perhaps you might be interested in this little anecdote.

Yesterday about noon, the telephone rang.

It was an Indian woman - the conversation is as I recall it ...

What follows is one of the most brazen scam attempts I've seen in a while. Fortunately, the person reporting it had the right instincts and was able to avoid getting taken.

Let's look at the transcript provided, and I'll identify all of the warning signs with [notes] as we go.

The conversation (with names changed) went like this:

"Given the amount of information that's likely publicly available about each of us, it's not that hard to put together a convincing sounding story - but that story will have holes."

Caller: "Mr. Smith? We have your address as [correct address given], and we have your telephone number, otherwise we'd not be able to call you. For security purposes, would you give me your first name, please?"

Smith: "You should have that on your records" [1]

Caller: "Yes, but this is to check that you are Mr. Smith."

Smith: "I don't think that is necessary - I answered the telephone. What is this all about?"

Caller: "This is your ISP. [2] We seem to be having some problems with your account. Have you been having trouble with programs crashing recently?" [3]

Smith: "Yes, of course !"

Caller: "Well, when that happens, it sends a message to us [4], and we are getting a lot of these from you, and they are causing us some problems. Also, it is a sign that you may have serious problems with your computer very shortly. We want to help you to solve this problem, which will prevent you having your computer die on you - and it will solve the problems we are having with your messages. We have a team of Microsoft experts here to deal with it."

Smith: "Are you trying to sell me something ?"

Caller: "Oh, NO, Mr Smith! We just want to help you to sort out the problems; it's part of our service."

Smith: "O......K."

Caller: "Is your computer turned on?"

Smith: "Yes"

Caller: "Will you go to Start > Run, type in "Eventvwr" and press Enter."

Smith: "O.K."

Caller: "Click on "Application, and you will see lots of Events [5], either Information, Warning or Error. What is the total shown at the top?"

Smith: "over 1,700 since 6th Jan"

Caller: "Wow ! Roughly how many of these are Warnings?"

Smith: "I guess about a third?"

Caller: "O.K., now click on System, and tell me the total?"

Smith: "Over 2,800 - again, about a third are Warnings."

Caller: "You see Mr. Smith, how serious this is ?"

Smith: "Is it ?"

Caller: "Oh, YES, Mr Smith! [6] But we can do something about this ! I'll hand you over to a colleague who is an expert who can fix it for you."

Expert: "Hello, Mr Smith ! I'm going to help you fix the problems on your computer. I want you to go to Run > Start, type in www.logmein.com [7] and press Enter. Then tell me what you see."

Smith: "It's asking for a six-figure entry code." [8]

Expert: "Ah. Do you have that ?"

Smith: "No."

Expert: "Well, that's because your computer is over a year old. You get a year's free support, and this has now lapsed. You will need this 6-figure code before we can proceed. Renewal costs 50. May I have your Credit Card Number, please?" [9]

Smith: "Just a moment ! Your colleague told me at the start of this call that this was not a sales pitch. Do you want money off me ?"

Expert: "Oh, NO, Mr Smith ! We just want to sort out the problems on your computer ! But to do that you must have that 6-figure code....etc., etc., etc..."

Smith: "Just a minute ! I asked, do you want money from me, Yes or No?"

Expert: "It's not about money, Mr Smith, it's about fixing your computer !

Smith: "Is that a Yes or a No?"

Expert: "It's a Yes."

Smith: "Fine. Good day." CLICK [10]

The biggest take-away from this conversation may not be obvious, and that's this: always (and I do mean always) be extra cautious when they call you. Ultimately, you have no way to verify that they are who they say they are. You could be talking to a total stranger - or scam artist.

With that in mind, on to the specific notes:

[1] Exactly. Though they will often ask for something even more personal - like mother's maiden name or a part of your social security number - with all the obvious risks therein. Hence the warning I started with: recognize that they called you, and don't respond with this information. [back]

[2] Your ISP will never say "this is your ISP" - they'll identify themselves by name, both the name of the individual calling (which may be meaningless for security purposes) and the actual name of your ISP. Stating the correct information doesn't mean they're legit (it's not that difficult to find someone's ISP), but not telling you at all is a big red flag. [back]

[3] Really, now ... who hasn't? Smile [back]

[4] No, it doesn't. If a message is sent at all, it's sent to Microsoft or to the vendor of the software that's having a problem. [back]

[5] Yes you will. In fact we all will. The event viewer is kind of a mess, and having lots of events is not an indication that things are about to go bad. [back]

[6] Oh, NO, Mr. Scammer! [back]

[7] Important: logmein.com is a legitimate company/site and they have nothing to do with this scam. They provide a "remote access" service - the ability to login to someone else's computer across the internet. I think you can see where this might be headed. [back]

[8] It's unclear, but this is one of two possible targets of the scam. It's possible that once the appropriate code is entered (provided by the scammer, of course) that they would then be able to access our victim's computer remotely. [back]

[9] Bingo. This is more likely the real target of the scam: to get you to divulge your credit card information. [back]

[10] Handled excellently. This is exactly the correct response. [back]

I think of it as phone phishing.

As you can see, there were many red flags in this conversation. Given the amount of information that's likely publicly available about each of us, it's not that hard to put together a convincing sounding story - but that story will have holes. You must watch for them.

Here are my important take-aways from this example:

  • Insist on full and correct identification of the company that they claim to represent.

  • Always be extra suspicious when they call you. One solution: ask for a number at which you can call them, and then either research that number (Google's been fairly useful for this), or call your ISP yourself using only phone numbers you find yourself in your ISP's provided information and ask if this number, person or scenario is something they actually know about.

  • Never, ever give your credit card or other personal information to someone who called you. At least not unless you're absolutely positively certain you know who they are. If needed, get a call back number - that way even if it still turns out to be a scam, you'll have that to give to the police.

  • Be particularly suspicious of instructions to visit web sites. They may be legitimate - if you call your ISP's tech support line, for example, they're likely to have you do things like that. However, until you're certain you know who you're talking to, don't.

If you get called, and you're the least bit uncertain the solution is simple: hang up, and call the company that they claimed to represent. If it's legitimate they'll understand (and perhaps even appreciate) your caution. If it's not, they'll definitely appreciate your caution, and you'll have just saved yourself a lot of grief.

Article C4164 - February 19, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

32 Comments
Chad Johnson
February 19, 2010 5:47 PM

About 10 years ago or so I fell for something similar to this. I won a cruise, but there was a processing fee, yadda yadda. Well, I even went so far and gave out my credit card, despite my gut warnings -- a credit card that I knew had a low limit and should be denied for what they said they'd be charging.

I ended up closing the card (or the company did, hard to remember). So many fraudulent charges appeared that there was little else that could be done.

Long story short: I never give out my credit card number to anyone over the phone anymore unless I called them and have called them before. :D

Mary
February 20, 2010 2:05 AM

As I've said many times, I'm not the brightest bulb in the chandelier But if a complete stranger came to my front door and asked me for my credit card information, I would not give it out. Most people wouldn't under those circumstances. Hard to believe so many people drop their guard when a complete stranger calls or emails.

Bob
February 22, 2010 1:14 AM

There is another really nasty twist to these 'out-of-the-blue' phone calls - I am not sure how, but some, as you get transferred to the 'expert', manage to switch the phone-call so that YOU called THEM. The 'new' call is to a much higher costing phone number, and of course, the 'expert' tries to keep you talking...

Thierry Delettre
February 22, 2010 5:24 AM

Two hours ago I was in my ISP's office, and there was a little old lady here, maybe 80 or 85 years old, who came here to 'have the internet'. (I suppose her children, or grandchildren, had paid her a computer so she could stay in touch with them, or something like that).

The guy from the ISP tried very hard to explain her the basics of Internet/network/..., but had problems even with the simplest things. She visibly was here long before I came, and 1/2h later he was still trying to explain her how an Internet account was supposed to work.

This lady (and all the _mainly older_ people who are on the internet but know nothing at all about computers, programs, networks,...) is the kind of person these scammers are looking for. I am sure that if anybody phones her to 'fix the problems on her computer', she will gladly give them her social security number, credit card number and everything they will ask her.

And there are good chances that, even after her ISP, her family and even police officers have explained her this is a scam, she will tell all people she knows that she has been robbed by her ISP !

hughetorrance
February 23, 2010 8:28 AM

I wonder what happens when you are a Linux user... ! Slakers never ever get taken in.

John Edwards
February 23, 2010 8:53 AM

In response to hughetorrance; It doesnt matter what OS you are using, they all throw event codes.

Robin Clay
February 23, 2010 9:02 AM

P.S.1
The URL they gave me was actually www.logmein123.com

P.S.2
They never actually gave me the name of my ISP

P.S.3
I forgot to check their number afterwards (1471) - but I dare say it was "with-held" anyway.

P.S.4
Thanks for the anonymity - but I can live with the shame !

Thanks for posting it.

Oh, and yes, I'm an old fart - but I have been using computers since 1968...

Yep, as another commenter points out, "logmein123.com" is yet another sign that this is bogus. There's no shame here, my friend - your gut instincts were right on. Thanks for sharing the experience!
Leo
24-Feb-2010

Norman Elliott
February 23, 2010 9:30 AM

in response to John Edwards
If they asked you to do this:
Start > Run, type in "Eventvwr" and press Enter."
You would know they assumed you were running Windows so they would fall at the first hurdle.

Rohn
February 23, 2010 12:37 PM

Actually, Robin's PS1 is another clue relating back to your point 7.

While LOGMEIN.COM may be a legitimate business, LOGMEIN123.com is most likely NOT.

So they are going to collect BOTH the $50 payment and your credit card info to charge against in future.

ashley
February 23, 2010 4:18 PM

Very interesting - I am happy to say that I am so cynical as to never believe anyone who calls me and wants to help me without asking from microsoft or any other Internet provider/service.
This information gives me some satisfaction that my cynicism is justified.

diligent
February 23, 2010 5:28 PM

Leo, these kind of in depth analysis' (especially for spams, frauds etc like this)will help you help others and thereby help your business. Other subjects should be included in your in-depth portfolio. Thanks for a Great! job Leo!!

Michael
February 23, 2010 6:21 PM

I also thank the original poster- The callers are probably part of a gang and the gang will be right royally annoyed because he spoke to them so long and they still failed to extract his credit card details. Hopefully it'll discourage them from this scam.

C.Wickramatunge
February 23, 2010 11:22 PM

Thank you.Very helpful. One more thing. To whom can this type of scam be reported?

It depends on where you live, of course, but in the U.S. I believe this goes to the FBI.
Leo
24-Feb-2010

Joshua
February 24, 2010 7:18 AM

My appropriate response (true or otherwise) .. "uh I actually have a Mac..so you must really suck at your job'.

as soon as a stranger calls you on the phone and asks for money.. hang up!

Charles Tilley
February 24, 2010 6:56 PM

Whenever someone calls me with a sales or donor pitch, almost 100% of the time either no phone number or no name, or sometimes both are not displayed on your Caller ID. To begin with, as soon as the words "Hi, Mr. Tilley, we're so & so with the police or fire association, the phone is hung up without second thought. The same for sales. Hiding their business name and/or phone number is a dead giveaway that they are fakes. One called back asking me why I hung up on him, and I told him this, and he said that if they displayed their name, no one would answer. What a dead giveaway, did this man think I was born yesterday? A 100% honest charity or salesperson should hide nothing, even the remote assumption that no one would answer is not a legit excuse for hiding your identity. And if they are a fast talker or speaks with broken English, they're crooks for sure.

Pookey
February 25, 2010 4:30 AM

I have had a couple of experiences where my bank has called after i have made purchases at locations far from where i live (when im on holidays for example). However, they have always given their full name and the Bank's name, as well as quoting my client number to me and inviting me to call them back if I wish to. It is this sort of practice that should be mandatory when companies contact their customers. (The bank is the Commonwealth Bank of Australia if anyone is curious).

I agree. It's the way my cedit card companies work as well - though once they have satisfactorily identified themselves, they also ask for some kind of confirmation that they've reached who they intended - often the last 4 digts of my SSN, here in the US. A call back number is also an option provided, and in fact recently there's also been confirmation email that follows a short time later. Insisting on those kinds of things when you are called is part of what it takes to remain secure.
Leo
25-Feb-2010

charlesq
February 26, 2010 11:28 AM

Check with your phone company to see if they have a Call Trace feature (*57 where I live). This will log a trace record with the phone company's security department for the last incoming call. Once you've hung up on the scammer, simply pick up again & dial *57. Generally, you will not get access to this information, but the phone company will release it to the police or other authorities.

Kris
March 1, 2010 8:25 AM

I use logmein123.com all the time with my reputable computer consultant. Are there legitimate issues with this?

You may be right - it looks like it redirects to a valid "logmein" server - but you might want to double check with the logmein folks to ensure that's what's intended. The domain registration is also hidden, so it's not easy to verify that this is legitimate.
Leo
01-Mar-2010

nirvarly
March 15, 2010 12:53 PM

Working for a PC manufacturer we are noticing a pattern starting to form with the same script as above in use, except they are fraudulently pretending to be Microsoft instead of "ISP" and the cost to fix the errors from eventvwr.msc is AU$400. The customers I've had so far a fortunate enough to realise that it is a scam before any damage has been done. The company that appears to be behind this scam is onlinepccare.com and the logmein client is branded as Horizon. The company has been reported to scamwatch and crimestoppers in Australia and is also in breach of the trade practices act.

nirvarly
March 15, 2010 1:17 PM

Sidenote regarding LogMeIn:
LogMeIn is a legitimate and reputable company providing remote support solutions in consumer and commercial environments and especially within the tech support industry. Cisco also provide similar solutions such as the application Go2Assist.

logmein123.com/, support.me/ and oty.com/ are all owned by LogMeIn for convenience and are documented within the technicians manual on the website for LogMeIn Rescue and also within the Rescue Console.

Researching a domain before making assumptions is a good thing! Whois details are just 1 option that is available.

Pauline Randall
May 18, 2010 1:16 AM

I've just had a similar call to the one above but the caller said he was from Windows technical department. I work in IT so I was pretty suspicious. I let him get as far as asking me to call up event viewer then asked him for his name - Ron Levy (not very likely) and where his office was. He told me he was in North London. I asked for his phone number and he gave me one which if you ring it goes to a company called zubla (?) and they say they will put you through to one of their agents. I did ask why his call was showing as international on my phone when he said he was calling from London and he told me I was mistaken. I did mention that I had several friends who worked for Microsoft and I was sure they would know him! By this point I think he'd lost interest in me and hung up. Hopefully he has blacklisted my phone number :)

Neal Ward
June 7, 2010 10:47 AM

I have just had a similar scam phone call here in the UK, claiming to be from a company providing technical support for Microsoft. After a lot of ramblings about spyware, he took me to the directory where I was asked to count the warnings and errors - just as you relate. I finally hung up when we got to the logmein.com page which asked for a 6 digit code.

Please spread your warnings widely!

ron gilman
November 3, 2010 10:25 AM

In the interest of seeing where he was going and to waste his time I went as far as making up six digits and typing them in the logmein screen. I don't think that 'opened the door' for the scammer. Since I had tied up the phone for a half hour I hung up the phone
and my McAfee AV software hasn't reported any intrusions. What would I have to have done to allow access to my machine?

Bill Boyd
November 9, 2010 9:33 AM

I just had a call from them while reading your newsletter, but it was about my computer running slow. They wanted remote control of my computer, but I said I had to confirm who they were, so he gave me his site (onlinepccare ).He said he would call back Mon. AM, nothing was mentioned about cost.

Caroline Forster
February 24, 2011 1:03 AM

I just got a call (which showed as Overseas on caller ID) from someone with an Indian accent telling me he was from 'Windows Clear' and that my computer sent several error messages to the company. He said that he was calling to fix it for me. I hung up at that point - he hasn't called back.

Maarten
September 27, 2011 1:02 PM

Well, here, in the Netherlands I work for the consumer dsl support desk and we may call our customers when a trouble ticket was logged in our ticket system. Also when a customer has inadvertently become part of a botnet or is violating security policy i.e. sending email without headers and was blocked by our abuse department and that has gone unnoticed for more than three weeks. However we always identify ourselved clearly and we will never take over a computer (as that has become impossible due to the block on their internet traffic)

Andrew
October 15, 2011 8:28 AM

I have had a similiar phone call today saying I have problems on my windows. I just said I don't have a computer and she said I was lieing to her and wasting there time, and just hung up on me. I then thought how do they know I have a computer and what my phone number was.

Shea
March 17, 2012 1:05 AM

I received a similar call yesterday and went along not thinking straight. I was eventually asked to go to {URL removed} not realising it was logmein allowing remote access. I did go as far as keying in the 6 digit pin but as soon as a connection was established I closed the chat box and hung up.

Now my question is whether my information has been compromised since I did not allow them to take control? I have disabled anything doing with lmi.exe on my firewall an disabled remote access.

Please help! Appreciate it..

Mark J
March 17, 2012 4:17 PM

@Shea
To be on the safe side, I would run an antispyware scan or two on my computer.
Spyware: How do I remove and avoid spyware?
I would also change my PIN.

Graham
August 29, 2012 2:03 PM

I had a similar call this morning from an Indian/Asian woman claiming to from a company called 'International Brouter' (at least I think that's what she said) who work for my ISP????. She gave me the 'warning messages coming from my computer' speel and that it needs fixing straight away or my computer will crash! I said my computer was running ok and that it has full Norton security but she said Norton do not cover these problems!!!! She instisted quite forcefully to turn my computer on straight away so that she could talk me through a 'fix'. I'm not a computer expert but I eventually twigged she was talking absolute rubbish. After a few more attempts at trying to convince me I told her 'how do I know you're not trying to get into my system yourself...goodbye'
and promptly hung up. And surprise surprise...the caller's number was unavailable on 1471. Thanks for publicising this scam.

MARIAN - Perth, Western Australia
December 17, 2012 2:03 PM

Hi Leo, I too, have had heaps of these calls and the callers are very persistent. I just hang up and tell my friends to do the same.

However, I now want to access my Aunt's computer in England to help set it up - would you please recommend software that I could use for this purpose?

Gratefully
Marian Cooper

Mark J
December 18, 2012 1:16 AM

@Marian
You can use a utility like TeamViewer for that. It allows you to control a computer remotely. TeamViewer is free for noncommercial use.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.