We recently had a scammer attempt to trap one of our business customers in a confidence scheme involving something called a CLSID, or a security tag on your computer. This scammer told my client that they were a tech company associated with Microsoft and they had detected the presence of malware throwing infectious code from my client’s computer. To prove it, they asked my client to pull up a command line window and run a function called “assoc” which looks like this:

He quoted the CLSID back to my client exactly, but what any average person wouldn’t know is that this CLSID isn’t the one associated with your computer, but with Microsoft’s “send zipped file to target” function which always has the same CLSID associated with it on every windows computer. The effect is that the scam artist makes it seem like he can see into the deepest reaches of your computer and is trying to help, but the reality is that he’s exploiting a constant value within Windows in order to gain a victim’s trust before launching a trap of some kind.

Here is the CLSID in case it is ever quoted to you: 888dca60-fc-a-11cf-8f0f-00c04vfd7d062. If you receive such a phone call, please hang up and don’t talk to them.