The really interesting feature, though, is the way that the scam seems to have moved on from giving you your address (which they get from a telephone directory)and a fake IP number to convince you that they can really see your system.
According to Herold (and a quick google indicates that others are experiencing much the same thing) the scammer now asks you to check a CLSID.
Unless, of course, you fall for the scam and give him remote access with AMMYY or Let Me In. That’s the tool he uses to persuade you that the transitory errors inevitably flagged in its logs are “evidence” of a system problem or malware infection. I don’t know anyone who’s gone that route yet, though, so no promises.
All the scam calls I’ve had (and there’ve been many!
However, I notice that company’s web site also has phone numbers for Australia and the UK, so it looks as if the usual English-speaking populations are being targeted, using and to get remote access to your system – there’s actually an link on their web site, which is registered in Illinois, though Herold’s caller had the Indian accent we’ve come to expect from this kind of scam.Yeah, yeah, yet another coldcall scam post, but featuring a ploy I haven’t come across before, intended to convince you that the scammer really knows something about your system, so that you’re likelier to fall for the scam.Rebecca Herold reports for Infosec Island that she was contacted by one of those helpful “support desk” people who call you up to help you with problems you didn’t know you had such as malware you don’t have.A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOTCLSID, but I don’t recommend that you go digging into the Registry unless you really know what you’re doing.Fortunately (from the point of view of interfering with Registry entries), the scammer doesn’t need you to edit the registry to find the CLSID he’s looking for.