Tech Support Scams – Help & Resource Page
October 4, 2013 | By Jérôme Segura | 56 Comments | Share
Hello, we are calling from Windows and your computer looks like it is infected. Our Microsoft Certified Technician can fix it for you.
Sound familiar? Whether you have just been scammed or simply want to find out more on the topic, you have come to the right place.
Tech support scams are a million-dollar industry and have been around since 2008. Every single day, innocent people are tricked into spending hundreds of dollars on non-existent computer problems.
There is no sign of these scams slowing down despite several actions taken by the Federal Trade Commission.
Perhaps even worse, companies right here in North America are now pulling the same tricks and taking advantage of existing and prospect customers replying to online ads.
Since we wrote our very first blog post on the subject and subsequent articles (A look behind the curtain, Turning the tables), we’ve received much feedback and many people have shared their own experiences. We believe tech support scams are despicable and need to be exposed for the greater good.
The purpose of this page is to gather all the information we have collected over time into one place which you can use as a goto resource when you need it.
-
How it all begins
- Cold call
- Calling for assistance
-
Remote access
-
Tricks of the trade
- The Event Viewer (eventvwr)
- The System Configuration Utility (msconfig)
- The Task Manager (CPU ‘spikes’)
- The System Information (msinfo32)
- The Prefetch files
- The Temporary files (%temp%)
- The fake scanners
- The dir and tree commands
- The custom Virus message
- The red Command-Line Terminal
- The ‘ping’ (on Mac OS X)
- The netstat command
- The online glossary or wikipedia trick
- The Network Access Protection (NAP)
- The notepad trick
- The Power Efficiency report (powercfg energy)
- The (value not set) registry trick
- The Process Explorer error
-
Getting help (damage control)
- If you already let them in
- If you already paid
-
Fighting back
- Report the scam
- Shut down their remote software account
- Spread the word
- Investigate
-
List of reported scammers
-
Related articles
How it all begins
Cold call
Usually from India and operating out of boiler rooms, these scammers call people in the U.S, Canada, the UK, and Australia whom they find in the phone directory.
The scam is straightforward: pretend to be calling from Microsoft, gain remote control of the machine, trick the victim with fake error reports and collect the money.
If you ever get a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is simply hang up. Scammers like to use VoIP technology so their actual number and location are hidden. Their calls are almost free which is why they can do this 24/7.
As per Microsoft: “There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”
Calling for assistance
Located in India but also in the US, these companies heavily advertise on popular search engines as well as websites with high traffic. People call them for assistance and get fooled with similar techniques employed by Indian cold callers.
Another source for these companies comes from some of their existing customers or customers of parent companies sent to them. The remote technician upsells the customer who only came to activate their software but ends up forking hundreds of dollars on “Windows support”.
If you decide to call in for remote computer assistance, you need to be very careful about which company you are going to deal with. Simply picking the top ad on a search results page could end very badly.
Unfortunately, the company/technician being from the US is no longer a guarantee for honest service. Many businesses here in the US are using the same dirty tricks to take advantage of people.
If you don’t feel comfortable doing this online, brick and mortar computer repair shops are a good alternative.
Fake pop ups claiming your computer is infected (reminding of FakeAV) are a good way for scammers to reel in innocent victims:
A new trend shows that crooks are using phishing scams as a ruse to get people to phone in, not only stealing their credentials but also claiming their account was suspended:
Remote access
The ‘technician’ requests to have remote access to your computer (taking control of it) and may use one of the following programs. Note that these applications are perfectly legitimate and used daily for good reasons. However, it is important to remember that if you run remote login software you are effectively giving a complete stranger total control of your computer.
>> Report fraudulent use of remote login software.
There are too many other applications that are used for remote support to list them all here. They pretty much do the same thing which is to provide direct access to your computer from anywhere in the world.
Tricks of the trade
Once logged into your computer, the remote technician will attempt to trick you by fabricating errors or even viruses on your computer. They like to use the default Windows tools and turn them against you, hoping you’ll get scared and follow up their directions.
The Event Viewer (eventvwr)
even on Windows 8:
“These errors are viruses or serious damage to the backend of your PC. If not taken care of immediately, you will lose your computer.”
The Event Viewer is an application that aggregates all of the log files from your computer. It is traditionally used by system administrators to diagnose certain errors. However, most events are harmless notifications.
The System Configuration Utility (msconfig)
“There are many programs that are stopped, indicating some serious damage to the backend of your computer and poor performance.”
It is perfectly normal to have services that are stopped. In fact, you can actually speed up the boot time of your PC by disabling unneeded start up programs.
The Task Manager (CPU ‘spikes’)
“These spikes are dangerous for your PC’s health. Just like your heart rate, they should not go up. Your PC could suffer some irreparable damage.”
When your PC is active, you will see the CPU usage go up and down constantly. What would not be good is if the CPU was pegged at 100% utilization all of the time. This is not the case here.
The System Information (msinfo32)
“These are critical “Windows Errors”. You need to buy the software warranty to fix them.”
Again, error logs (which all computers have) should not be translated into poor performance or malware without actually reviewing them one by one.
The Prefetch files
“These are damaged programs that cannot be deleted or even worse, viruses! You need to clean up your PC now!”
These are files that correspond to applications you often use. Windows saves them in there so that next time you launch those applications they start faster.
The Temporary files (%temp%)
“These are infected files with worms, trojans and viruses. The disk is full of them.”
Simply because a temporary file cannot be deleted does not mean it’s a virus. It could be in use by any currently running application.
The fake scanners
“This scan shows several viruses that were found by our security scanner. They have infected your registry.”
This program is essentially a fake antivirus, stuffed with made up detections meant to alarm you.
The dir and tree commands
“These two commands perform a full virus scan on your computer and will report any infected file.”
These are DOS commands that list directory contents and paths. They have absolutely nothing to do with scanning for malware.
The custom Virus message
“Following the scan, we found 42% of your files are infected, including a Zeus Trojan. Windows is at high risk.”
This message was typed by the scammers and then pasted on the command prompt. It is totally fake.
The red Command-Line Terminal
“Look at all these malware infections in red. All of your files have been compromised and will be destroyed.”
The Windows Terminal can be customized to have different font colors as well as background colors. Red looks scary…
The ‘ping’ (on Mac OS X)
“We tested the protection on your Mac and found that there isn’t any. You need to buy our antivirus right now because you are going to get infected.”
This is an abuse of the ‘ping’ command, something meant to check if you are properly connected to the Internet or see if a website is responding. It has nothing to do with protection on your Mac.
The netstat command
“Hackers have infiltrated your computer, they are stealing your files doing cybercrime!!”
This is a command to display network connections (incoming, outgoing) but you can’t necessarily deduce these are “hackers”.
The online glossary or Wikipedia trick
“It’s not just me saying that there are viruses and trojans on your computer. Check these online resources as well.”
Leveraging glossaries or reference sites is a clever trick to borrow legitimacy to certain claims. If such or such site says it’s true then it must be… or not.
The Network Access Protection (NAP)
“Your network protection is disabled. All the hackers are already inside your computer.”
The Network Access Protection is a feature that mostly applies to PCs that connect to a domain. It ensures they adhere to safety standards. If this is your one and only computer, NAP should be left Off.
The notepad trick
“Can you read this? Does this make sense to you? No. The computer cannot understand this file. It is like alien words.”
Certain files are not meant to be read with notepad. In particular, executable files need special tools to read their ‘sections’. Therefore, it is perfectly normal that this files cannot be read as ‘text’.
The Power Efficiency report (powercfg energy)
“Your computer’s battery is going to fail very soon. It might even catch on fire if you don’t do something about it right now! ”
This command can generate a report to help users optimize their battery (useful on a laptop) and detect non optimal settings to save power, etc..
The (value not set) registry trick
“Your network is not working properly as you can see it says: value not set and default. ”
The network is working just fine. Scammers will use the registry editor to show empty keys and conclude your security is at risk.
The Process Explorer error
“We need to manually remove the infected entries and delete all the error files from your computer”
This [Error opening process] label happens because the user ran Process Explorer with limited privileges. It has nothing to do with errors on the computer.
Getting help (damage control)
Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.
If you already let them in
- Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
- Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.
- Change all your passwords (Windows password, email, banking, etc).
In some cases (you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:
- Master password lock out
There are various ‘hacks’ to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utilty. It is described here.
- Missing software drivers
First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and download the appropriate driver.
- Missing files
First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.
If you already paid
- Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.
- If you gave them personal information such as date of birth, Social Security Number, full address, name and maiden name you may want to consult the FTC’s website and report identity theft.
Fighting back
Report the scam
- In the US: File a complaint (FTC) | More information about online fraud
- In Canada: Contact Law Enforcement
- In the UK: Report fraud | Report cold call (cold calls are illegal in the UK)
- In Australia: Report a scam | Report telemarketing abuse
Shut down their remote software account
- Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
- LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.
Investigate
While hanging up is the safest thing to do when you get a cold call, some people have gone on a mission to expose those scammers. While we don’t endorse this behaviour, if you do have information to share, please let us know and we will update this page with any new relevant details.
List of reported scammers
(This list is being updated on a regular basis)
- 24/7 PC Guard | 247pcguard.com | 1-888-855-7953
- 365 Tech Help | 365techhelp.co/bng/slow-pc, fastsupport.com | 1-866-539-8804
- Speak Support | speaksupport.com, 121usa.com | 1-800-806-0768
- PC Smart Care | pcsmartcare.com, pcsmartcare.us | 1-855-569-5945
- PC Mask | pcmask.com | 1-877-385-1667
- My Tech Gurus | mytechgurus.com | 1-866-587-1775
- MegaITSupport | megaitsupport.com | 1-888-939-3618
- Click4Support | clickforsupport.net, webtechmasterhelp.com, techsupportcenter.org
- PC Toolkit Pro | pctoolkitpro.com | 1-855-803-1370
- Compute My PC | computemypc.com | 1-800-356-7697
- iGennie | igennie.net | 1-888-239-4339
- TechFix Pro | techfixpro.com | 1-888-768-0082
- iMax Support | imaxsupport.com,fix247.org | 1-800-247-0830
(video recordings for proof are available upon request)
Related articles
- Phone scammers call the wrong guy, get mad and trash PC
- Tech support scams: a look behind the curtain
- Online PC Support Scams: Turning the Tables
- Tech Support Scams: Coming to a Mac near you
- Tech support scammers spam YouTube with robot-like warnings
- Tech support scammers target smartphone and tablet users
- Tech support scams: Show me the money
- Netflix Phishing Scam leads to Fake Microsoft Tech Support
About the author:
I am senior security researcher at Malwarebytes where I specialize on tracking down malicious websites, general online threats as well as scams.
I first got interested in the Microsoft Tech Support Scams when I received a cold call back in April 2013 while working remotely from home.
Since then I’ve been documenting the various tricks crooks use and exposing companies involved in scamming innocent people.
While law enforcement has taken actions with some success many times before, I still believe the best solution to this problem is awareness.
At the same time, as more people know about these scams, there have been an increasing number of pranks played on the cold-callers. Beside the funny aspect and the fact it is well deserved, it has made scammers eager to seek revenge and be even more aggressive.
Beyond the technological tricks which can be amusing, there remains a human element and deep socio-psychological factors at the core of this scam, all of which I find quite fascinating.
You can follow me on Twitter @jeromesegura
56 thoughts on “Tech Support Scams – Help & Resource Page”
Leave a Reply
You must be logged in to post a comment. Click here to login or connect a social media account to leave a comment.
reported scam: mitechmate.com
they seem like a scam to me, please, malwarebytes, investigate asap
Thanks for reporting this.
Their live chat is currently not available and nobody is answering the phone. Will try again later.
Just allowed a ‘techinician’ from maxpccare.com into a Virtual Machine, told him it was running slow. He did the old Event Viewer trick, then did the tree command and typed “network not secure- infections found on pc”. I can 100% confirm this site and organisation is a scam.
Domains: maxpccare.com
Phone number: +1-855-763-0457
Found suspicious website http://megaitsupport.com/ – Will probably call them later and see if they are legitimate or not. Please investigate.
Domains: megaitsupport.com
Found suspicious website http://www.techicode.co.uk/ – Will call these guys too, see if they’re legitimate. Another thing I noticed was they have a UK domain but they have an american number on their website?
Feel free to investigate.
Domains: techicode.co.uk
Phone number: +1-888-4074554
To “Operatingsystem OS” – I agree, the website does seem suspicious, I agree, however I let them into a Windows 8.1 Pro 64bit machine, and they said it was clean, no virus. They appear to be legitimate, but don’t bet on it, may be worth further investigation with a more cluttered machine.
Thanks for all the info Stan. Will check back on these guys and update the page accordingly.
Thanks a lot to you to for helping investigate and making more people aware of these scams. I’m here to help anytime, equipped with unlimited landline calls worldwide on Skype, Windows 1, Windows 98, Windows XP, Windows 7, Windows 8.1 Pro Virtual Machines, and a VPN so my IP can’t be targeted for any reason or for advertising.
Hi Stan,
This: megaitsupport.com is a scam, called them and pulled tricks before wanting $399. Will update the list with this at a later point.
Hi, thanks for investigating. Rang PC Mask again just for fun, after finding out me and a friend were messing with them, they proceeded to delete the WHOLE of the C:\ drive. Screenshot can be found
Here: http://ss.stn.so/pcmaskdestroyingpc.png the <a href didn't work.
Hi Stan,
What they did doesn’t really surprise me… Some scammers are particularly vicious when they don’t get what they want.
Personally, I never taunt them or anything like that (and I don’t condone these types of actions ;-)) although that thought has crossed my mind a few times. I just like to let them do their thing and then politely leave. But even if you are nice, it doesn’t mean they will let you go easily. On one occasion, the scammer stole several personal (albeit fake) documents from my computer before saying “thank you and good bye”.
I have a few upcoming blog posts and one in particular about what kind of work they really do if you do pay (I did not give them a dime or anything, just managed to get them to start the work while I searched for my missing credit card). You will be surprised to see what their definition of ‘fixing’ a computer for $399 is….
Stay tuned
Hi…
I was just an ‘almost victim’ of this scam. I feel very silly and gullible. They didn’t get very far before I hung up. I asked for a call-back number, was given two. I was told to ask for Logan. The numbers are 818-813-6174 and 800-516-0854. I am just sending in case it is helpful for someone else.
Thank you for what you do.
Hi Debbie Perret,
Thanks for sharing your experience and providing these numbers.
I think most people who aren’t prepared and receive such a call may actually fall for this scam. Although we know how to be careful in certain situations, most of us tend to trust others within our daily social interactions.
Unless you’ve been through it before or know enough about computers to realize this is nonsense, the well rehearsed scam script tends to be quite effective.
I see you mentioned the name ‘Logan’.. I had someone who pretended to be ‘Max’. All these little details immediately raise red flags for me. When that same person is speaking with a very thick foreign accent, it just doesn’t really add up.
Hello Jerome, looking forward to that next post with their “fixing” – it’s the only thing I’ve not been able to find out so far. I will continue to report organisations I find to be scams or very suspicious here as I’m still surprised at how the same, 10 year old technique is still being successful. It makes me angry. Again, thanks for what you do, and I’m here to help push these scamming companies further downhill.
Good to hear Debbie that you realised they were a scam. Makes me happy everytime someone beats them, even if it means they chargeback a credit card payment.
It is shameless that some people do this. From cold calls to targeted Google ads… from Windows PCs to Macs and smartphones. They will take advantage of everyone and anyone without fear or favour. Of course, the more vulberable the target person is, the easier for the shameless scammer.
I’ve had a number of these calls over the years. No matter if I hang up straight away or follow through (but never give control of my machine) there is always a feeling of helplessness as they can simply hang up the phone themselves and move on to the next victim without blinking.
That is… until I realised there was something that I could say that MIGHT make a difference to the scammer/caller. They often sound like they’re in or come from a spiritual country so now I string them along for a while then when I’m convinced they are indeed aware of their actions I simply say, “God will punish you” and then no matter what they say next (and they usually get defensive) I repeat it with emphasise on different words. “God WILL punish you.” “God will PUNISH you.” “God will punish YOU” and somethimes they still stay on the phonne so I start to include their family too. “God will punish you and your family.” Etc. Etc. Eventually they give up but hopefully it gives them something to think about.
I used to think that maybe they too are a victim; an innocent call-centre worker with a script and without an understanding of the lies they are saying. But I don’t any more.
Hello again
http://Www.securebitin.com
There is a video
http://www.myphonesupport.com
Never contacted any, but keep up the great videos!
I found SecureBitin too.. tried calling them, and they said they didn’t work in the area of computers anymore? Is that what they do when one of the employees can’t be bothered to do their job? When I went to question it or talk at all, they simply hung up. Looks like they’re a scam, and a bad one at that.
http://www.techliveconnect.com/en-us/
http://www.howtofixcomputers.com/forums/dell/askpcexperts-who-they-311621.html
There’s another company called Comantra (indian based) that has been found thanks to Youtube user Troy Hunt (uses Max Zorin to trick them)
Video:
I was almost scammed. I let them have remote access. An when they asked me to make a paypal account I knew something was wrong. Without really knowing what to do I quickly shut down my computer. Now when I try to turn on my computer it won’t take let me. I can’t restore it either. What should I do? Should I take it in for repair?
Hi Andrew Wijenathan,
It sounds like they may have put an admin password to prevent you from logging in. It’s not uncommon that scammers retaliate when people don’t pay up.
There are methods to recover such passwords using advanced techniques (if that is what the problem is). Before attempting a reinstall of the system, you may want to attempt to recover your data or have a professional do that for you.
1-866-612-4220
I went on one of their websites and let them in to an infected VM via live chat, they used a registry cleaner and said that the scan results are “malware”. they have many websites if you google that number. Thanks
A slight twist on the “Cold Call” method:
My wife’s uncle fell victim to this scam a few months back. He got the usual call from “MS Tech Support” saying his computer was the source of hacks against some popular web site. I cannot recall which sites were mentioned. The rest of the story is the same.
However, instead of the normal cold call this was a bit more targeted I believe. I don’t have much prof and it could but a total coincidence but earlier that day he was asked by a complete stranger to use his cell phone. He gave them the phone and they went around the corner for “privacy.” I think they were either calling a number to have his phone number recorded in caller ID or they were scrolling through his address book to get his and other’s numbers. After his wife called me about what happened I had to break the news they were victims of a scam. I told them to go the police and report what happened.
The people I called when I thought I was getting YouTube support had me open TeamViewer8; other icons on my desktop are “Cleaner” (That picture of a large and small gear), “IPC System Optimizer”, and a “Warranty services” screen shot for support@instantpccare.com. 1-800-565-7782 and 1-800-848-1897.
The voice of the man who talked with me sounded just like the man who talked to you in your video, and my “tech” was especially polite too, calling me ma’am.
http://www.youtube.com/watch?v=flLcGNS5mVs&feature=youtu.be
I made a video, i let them into a VM and they found out soon
My 83-year-old mother is getting scammed as I write this. I told her about this scam just days ago but she got warnings about her computer being infected. Because AOL no longer has tech support you are left on your own and she googled up tech support. She was CERTAIN they were part of the AOL because “AOL is in their name.” (Yeah…after a backslash.) We aren’t sure what to do. Cut them off and risk problems, or let them finish and then spend MORE money trying to fix the computer. By that time we might as well buy a new computer! Worse…this company isn’t on the list above…so how do you know the good support companies from the bad ones? This one is http://www.gotoassistance.com Phone 800-664-7520. Can anyone tell me if they might be legit????
Hi arlene,
I haven’t had a chance to check this company out but if you feel uncomfortable about it, you have a full right to ask for a complete refund or reverse the charges from your credit card.
The list of known scammers above only represents a fraction of all companies and websites involved in this kind of fraud, making it hard to keep up with.
Looking for a support company online is tricky… scammers know that and buy ads quite aggressively.
If the technician used any of the tricks mentioned in this article, it is not a good sign and you should stay away from that company. It’s something you can use as a reference anyway.
Thanks Jerome…but I wasn’t there when it happened. My mom just happened to mention when I called her that someone was working on her computer. She knows so very, very little about computers that she couldn’t explain to me what they were doing. Like she’ll say “my computer” instead of “my email”…she said the tech showed her that people in Florida and Texas were using her “computer.” And she kept insisting that because she somehow stumbled on this web address– https://www.gotoassistance.com/email-support/aol-email-support/ –with the AOL in the URL they were part of the AOL company. The only way I could get her to understand was by telling her that it has to be right after the www’s. So we let them finish. I phoned the number and heard a big call center in the background and they insisted they were in partnership with AOL. I suspect it is all a lie…so what I would like is if anyone here finds out that they are indeed scammers to please post that…I doubt it but maybe she happened across a company that didn’t do more than overcharge her. Also, how do we find the kind of tech that will be capable of finding whatever keystroke recorders, hidden malware, trojans, or alternate passwords they added so they could shut down the computer if we do reverse the charges. I’d want to clean out the computer before we reverse the charge. Does an everyday tech at a big box computer store have the knowledge to do that? I’m just so freaking angry…she paid $300! For a bit more (or equal to that “repair” and the cost of the additional repair plus getting her signed up for an identity monitoring service) we could have bought a new computer. This is a woman who saves for months just for that $300 and we, her kids, aren’t in worse financial situation than she is. They had her send them an email when they were done, confirming that they fixed her computer…so I suspect they are willing to battle any reversal of charges.
Hi arlene,
“I would like is if anyone here finds out that they are indeed scammers to please post that”
>> I tried to call them today but it did not answer. I will keep them on my checklist though. If you have an alternate number (different from the one of their website) please post it here.
“she said the tech showed her that people in Florida and Texas were using her “computer.”
>> That sounds very much like “hackers have infiltrated your computer” scare tactics…
“Also, how do we find the kind of tech that will be capable of finding whatever keystroke recorders, hidden malware, trojans, ”
>> You can download our own Malwarebytes anti-malware free of charge and run a full system scan. If anything is found the program will let you clean up the computer without asking you to register or pay the product. http://www.malwarebytes.org/free/
“Does an everyday tech at a big box computer store have the knowledge to do that?”
>> Yes, most likely and by going with a well known name at least you reduce your chances of being scammed. However, their services can be costly, so you should ask about fees before.
” I’m just so freaking angry…she paid $300!”
>> I’m really sorry to hear that. All is not lost though and time is of the essence if you want to reverse charges.
Thanks for the tip Operatingsystem OS, I’m also primarily using Virtual Box but I’ve made some changes to my set up so it doesn’t show it anymore.
Thanks Jerome. I have no other number. I called them around 8pm eastern time last night and someone picked up. Really weird. Thanks for trying!
Hi Jerome,
Please contact 247computersupport.net sometime soon. They seem very suspicious, please do not let them find out you are on a VM, but trouble will arise when they open msinfo32 and see it says virtual box, I don’t know what they would do afterwards. BTW they don’t have a phone number on their site and identify themselves based in India
There is also an ‘assoc’ command trick, they instruct you to type that BEFORE they gain remote access and lOok at the bottom string and say it’s your unique Windows license ID or something when it’s not unique at all
Information you shared which is get secure alarm in advance for all users. I uses some them to fix myself slow performance of PC
The System Configuration Utility (msconfig)
The Temporary files (%temp%)
Thank You
Fix My Computer Dude
https://www.youtube.com/channel/UCLE-rnODZKC-emo44cRujVw
Thanks Operatingsystem. I have seen these before: http://blog.malwarebytes.org/fraud-scam/2013/12/tech-support-scammers-spam-youtube-with-robot-like-warnings/
https://www.us-techsupport.com/microsoft-support.html
http://techfixpro.com/microsoft-support.html
I went on that website and called them, they connected me to a MyTechGurus “technician” in my VM with Logmein and I think they might be related
Dear Jérôme, thanks for this blog on this particular type of scams.
I’m sure you are already aware, but in case you are not, we are receiving these scams in France as well.
I live in the Haute-Savoie, in France (next to Geneva), and somehow they “know” that we speak English at home (I’m Spanish and my wife French/British). They keep calling every now and again… it didn’t bother me until today, when they called at 7.00 am (!!!).
Some other English-speaking friends living in France have also received this type of calls…
Do you know who we could contact in France to report this scam?
(on commence a n’avoir marre!)
Thanks again for your good job (and of course for malwarebytes software!)
ps. One day I was playing their game… to get rid of them, nothing simpler than telling them I use Linux, which I don’t… then they asked about a million times if I had a Windows or a Mac computer… another solution is speaking to them in French or Spanish…
Salut Eduard Serra Ros,
Thanks for your comment. I wonder if it’s a mistake or not (I had never heard of someone from France being targeted), but evidently the language barrier has been keeping scammers from venturing too much out of non English speaking countries.
I’m not sure who to contact in this case because the perpetrators are from outside of France. So if you were on a “do not call list”, it most likely would not fix this issue.
If you were defrauded, you could file a complaint with the usual orgs, but again there’s the extra territory issue…
What you could do (if you have the time) is find out a little more about who’s calling: what is their website, company name, etc? That information can be helpful for those of us that go on an investigative mission. Not only can we gather info on scammers but in some cases we can also have their sites shutdown.
By the way, beautiful region you live in
I was born in the region nearby and still have family there.
Thanks operatingsystemos for reporting these two sites
Jerome, I have shared many site with you, and why haven’t you contacted them or added them to the list of reported scammer
Heres another suspicious one
https://www.imaxsupport.com/
Hi operatingsystemos,
I appreciate your sharing all these sites here and I am looking into them. As you may imagine I have many things going on at the same time (I do other security research too) and mostly I want to make sure that everything is well validated before I publish it. As it happens I am currently working on another scam company at the moment that has been taking me a week to track and that I plan on exposing perhaps next week once I’ve made full disclosure with a big name company involved.
Anyway, your info is valuable and does not go unnoticed.
http://www.iqgeek.com/
Where are the links to the videos gone. And are there any new videos?
operatingsystemos, the links were removed but the videos that were used in blog posts are still available on our YouTube channel.
Other videos where the only purpose is to identify new companies involved in scams are not public. The idea is that there is no need to give scammers a full view of the tools and techniques we use. An awful lot of information can be learned from watching the videos (oh he’s running this setup, with these icons, this Windows license key, etc…) and yes, some scammers have been watching and learning from that.
Since you last posted about the VirtualBox detection, I’ve had 3 different companies check that first thing when they remotely connect to make sure this was a real computer and not a virtual machine. They check the tray icons, and then do a msinfo32 to see the information from the BIOS.
In other words, they are being a lot more cautious. While documenting with videos is great and is proof of unethical activities, it also gives the bad guys too much insight into how they can be tricked.
All the recordings are archived though, in case a company wanted to contest being listed on the “reported scammers”, it’d be easy to show them footage of an interaction with a technician.
http://www.myremotepcfix.com
I made a comment befor and it didn’t show up, so once again, please email me links to the scammer videos at operating{NOSPAM}system121@yahoo dot com, I will only store them for personal use and nothing else
https://www.gennexttechie.com