Categories

Fraud/Scam Alert

Tech support scammers spam YouTube with robot-like warnings

If you have been following our blog, you certainly know how much we despise the fake tech support scams.

In a twisted new variant, crooks are calling out to all antivirus / anti-malware customers and urging them to fix their computers now.

One such account was spamming YouTube with hundreds of videos, all using a computer-generated voice and personalized for each AV/Anti-Malware company:

vendors

One of those videos hit a little too close to home: “Malware Bytes Antivirus Support”. It has since been removed by YouTube’s Legal Team but we did save a copy which you can watch here.

MBAMyt

Not only do they not know how to spell our name properly, nor know that we are not an antivirus, they further advertise their service in the video’s description:

service

Time to pick up the phone and expose those crooks.

The company behind this scam is “My Tech Gurus” (http://www.mytechgurus.com):

website

Once on the phone, I am quickly directed to a remote technician and instructed to hang the call to pursue the support session directly through the chat window on my computer:

chatsession1

I know the drill (having performed it too many times to remember) so I just keep playing the game to see where it’s going to take me.

If the ‘technician’ were honest, she would tell me there is absolutely nothing wrong with this computer and perhaps even say: “Nice try! This is a Virtual Machine”.

But this is not the road ‘Helen’ is going to take, oh no… Instead she wastes no time in making up fake errors:

ping

100% Loss, argh!!!!

services

Yikes, everything is stopped!!!

errors

Bucket loads of errors!!!

infections

All my files are infected!!! Someone please save me!

And here is the ‘technical’ explanation:

thedetails

Of course, fixing those ‘errors’ is not going to be free:

pay

The little charade had gone for long enough so I decided to question them. Unsurprisingly, those guys have an answer for everything, including how honest their business is and that they are located in the US:

certified

address

This is rather curious because most of their website’s traffic comes from… India:

india

So has Helen been lying to me all that while? Well, there’s one way to find out by asking the $1M question:

man

The reason I asked that is because when I first called, the technician was a male with a heavy Indian accent. He told me to hang up and that Helen would continue working with me over the chat program, thus confirming the technician and Helen are the same person.

I continued talking to Helen for a little bit more and found out she/he was quite busy at the moment helping – ahem scamming – other customers.

Sadly, tech support scams are still going strong and robbing many people of their money. Throughout my investigations, I’ve come to learn about many victims who already have financial difficulties and feel completely devastated after it’s happened to them.

Our fight continues and we encourage everyone to report each incident. We have created a guide for victims that describes the variations of scams and what to do in each case.

It may seem like a never-ending battle, but at the end of the day, if we’ve managed to save even just one person, then we can feel confident we’re doing the right thing.

A video capture of the scam in progress can be found here.

_________________________________________________________________

Jerome Segura (@jeromesegura) is a senior security researcher at Malwarebytes.


4 thoughts on “Tech support scammers spam YouTube with robot-like warnings

  1. suranjitpaul says on December 12, 2013 at 7:40 pm :

    Thanks for explaining this kind of scam.

    - Suranjit

  2. Gilda Sanchez says on December 13, 2013 at 1:05 pm :

    This is so important for educating the public. During your investigations, were you using a WinXP computer without AV and Advanced Firewall protection? Is that how the infection injected itself? Was the company “myTechGurus” the creator of the infections? I’d sure like these scammers to be caught. Thanks Jerome!

  3. Jerome Segura says on December 13, 2013 at 1:22 pm :

    Hi Gilda,
    There was no real infection, they simply use “tricks” to make you believe there are.
    This was a Windows 7 with AV protection and fully patched… just to be sure ;)

  4. Stan naz says on January 3, 2014 at 3:13 pm :

    I know who I’m calling when I want a laugh.

Leave a Reply

Subscribe to our YouTube Channel