Categories

Tech Support Scams – Help & Resource Page

open quoteHello, we are calling from Windows and your computer looks like it is infected. Our Microsoft Certified Technician can fix it for you.

Orange Man Telemarketing or Phone SupportSound familiar? Whether you have just been scammed or simply want to find out more on the topic, you have come to the right place.

Tech support scams are a million-dollar industry and have been around since 2008. Every single day, innocent people are tricked into spending hundreds of dollars on non-existent computer problems.

There is no sign of these scams slowing down despite several actions taken by the Federal Trade Commission.

Perhaps even worse, companies right here in North America are now pulling the same tricks and taking advantage of existing and prospect customers replying to online ads.

Since we wrote our very first blog post on the subject and subsequent articles (A look behind the curtain, Turning the tables), we’ve received much feedback and many people have shared their own experiences. We believe tech support scams are despicable and need to be exposed for the greater good.

The purpose of this page is to gather all the information we have collected over time into one place which you can use as a goto resource when you need it.

  • How it all begins

    • Cold call
    • Calling for assistance
  • Remote access

  • Tricks of the trade

    • The Event Viewer (eventvwr)
    • The System Configuration Utility (msconfig)
    • The Task Manager (CPU ‘spikes’)
    • The System Information (msinfo32)
    • The Prefetch files
    • The Temporary files (%temp%)
    • The fake scanners
    • The dir and tree commands
    • The custom Virus message
    • The red Command-Line Terminal
    • The ‘ping’ (on Mac OS X)
    • The netstat command
    • The online glossary or wikipedia trick
    • The Network Access Protection (NAP)
    • The notepad trick
    • The Power Efficiency report (powercfg energy)
    • The (value not set) registry trick
    • The Process Explorer error
    • The digital certificates
  • Getting help (damage control)

    • If you already let them in
    • If you already paid
  • Fighting back

    • Report the scam
    • Shut down their remote software account
    • Spread the word
    • Investigate
  • List of reported scammers

  • Related articles

How it all begins

Cold call

phoneUsually from India and operating out of boiler rooms, these scammers call people in the U.S, Canada, the UK, and Australia whom they find in the phone directory.

The scam is straightforward: pretend to be calling from Microsoft, gain remote control of the machine, trick the victim with fake error reports and collect the money.

If you ever get a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is simply hang up. Scammers like to use VoIP technology so their actual number and location are hidden. Their calls are almost free which is why they can do this 24/7.

As per Microsoft: “There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

Calling for assistance

Located in India but also in the US, these companies heavily advertise on popular search engines as well as websites with high traffic. People call them for assistance and get fooled with similar techniques employed by Indian cold callers.

Another source for these companies comes from some of their existing customers or customers of parent companies sent to them. The remote technician upsells the customer who only came to activate their software but ends up forking hundreds of dollars on “Windows support”.

If you decide to call in for remote computer assistance, you need to be very careful about which company you are going to deal with. Simply picking the top ad on a search results page could end very badly.

Unfortunately, the company/technician being from the US is no longer a guarantee for honest service. Many businesses here in the US are using the same dirty tricks to take advantage of people.

If you don’t feel comfortable doing this online, brick and mortar computer repair shops are a good alternative.

bing2

Fake pop ups claiming your computer is infected (reminding of FakeAV) are a good way for scammers to reel in innocent victims:

fakewarning

 A new trend shows that crooks are using phishing scams as a ruse to get people to phone in, not only stealing their credentials but also claiming their account was suspended:

suspended


Remote access

The ‘technician’ requests to have remote access to your computer (taking control of it) and may use one of the following programs. Note that these applications are perfectly legitimate and used daily for good reasons. However, it is important to remember that if you run remote login software you are effectively giving a complete stranger total control of your computer.

This slideshow requires JavaScript.

>> Report fraudulent use of remote login software.

There are too many other applications that are used for remote support to list them all here. They pretty much do the same thing which is to provide direct access to your computer from anywhere in the world.

Tricks of the trade

Once logged into your computer, the remote technician will attempt to trick you by fabricating errors or even viruses on your computer. They like to use the default Windows tools and turn them against you, hoping you’ll get scared and follow up their directions.

The Event Viewer (eventvwr)

even on Windows 8:

eventwin8

falseThese errors are viruses or serious damage to the backend of your PC. If not taken care of immediately, you will lose your computer.

trueThe Event Viewer is an application that aggregates all of the log files from your computer. It is traditionally used by system administrators to diagnose certain errors. However, most events are harmless notifications.


The System Configuration Utility (msconfig)

falseThere are many programs that are stopped, indicating some serious damage to the backend of your computer and poor performance.

trueIt is perfectly normal to have services that are stopped. In fact, you can actually speed up the boot time of your PC by disabling unneeded start up programs.


The Task Manager (CPU ‘spikes’)

cpu

falseThese spikes are dangerous for your PC’s health. Just like your heart rate, they should not go up. Your PC could suffer some irreparable damage.

trueWhen your PC is active, you will see the CPU usage go up and down constantly. What would not be good is if the CPU was pegged at 100% utilization all of the time. This is not the case here.


The System Information (msinfo32)

msinfo32

falseThese are critical “Windows Errors”. You need to buy the software warranty to fix them.

trueAgain, error logs (which all computers have) should not be translated into poor performance or malware without actually reviewing them one by one.


The Prefetch files

falseThese are damaged programs that cannot be deleted or even worse, viruses! You need to clean up your PC now!

trueThese are files that correspond to applications you often use. Windows saves them in there so that next time you launch those applications they start faster.


The Temporary files (%temp%)

access_denied

falseThese are infected files with worms, trojans and viruses. The disk is full of them.

trueSimply because a temporary file cannot be deleted does not mean it’s a virus. It could be in use by any currently running application.


The fake scanners

falseThis scan shows several viruses that were found by our security scanner. They have infected your registry.

trueThis program is essentially a fake antivirus, stuffed with made up detections meant to alarm you.


The dir and tree commands

dir

tree

falseThese two commands perform a full virus scan on your computer and will report any infected file.

trueThese are DOS commands that list directory contents and paths. They have absolutely nothing to do with scanning for malware.


The custom Virus message

zeus

falseFollowing the scan, we found 42% of your files are infected, including a Zeus Trojan. Windows is at high risk.

trueThis message was typed by the scammers and then pasted on the command prompt. It is totally fake.


The red Command-Line Terminal

falseLook at all these malware infections in red. All of your files have been compromised and will be destroyed.

trueThe Windows Terminal can be customized to have different font colors as well as background colors. Red looks scary…


The ‘ping’ (on Mac OS X)

ping_mac

falseWe tested the protection on your Mac and found that there isn’t any. You need to buy our antivirus right now because you are going to get infected.

trueThis is an abuse of the ‘ping’ command, something meant to check if you are properly connected to the Internet or see if a website is responding. It has nothing to do with protection on your Mac.


The netstat command

hackers

falseHackers have infiltrated your computer, they are stealing your files doing cybercrime!!

trueThis is a command to display network connections (incoming, outgoing) but you can’t necessarily deduce these are “hackers”.


The online glossary or Wikipedia trick

liutilities

wiki

falseIt’s not just me saying that there are viruses and trojans on your computer. Check these online resources as well.

trueLeveraging glossaries or reference sites is a clever trick to borrow legitimacy to certain claims. If such or such site says it’s true then it must be… or not.


The Network Access Protection (NAP)

NAP

falseYour network protection is disabled. All the hackers are already inside your computer.

trueThe Network Access Protection is a feature that mostly applies to PCs that connect to a domain. It ensures they adhere to safety standards. If this is your one and only computer, NAP should be left Off.


The notepad trick

alienwords

falseCan you read this? Does this make sense to you? No. The computer cannot understand this file. It is like alien words.

trueCertain files are not meant to be read with notepad. In particular, executable files need special tools to read their ‘sections’. Therefore, it is perfectly normal that this files cannot be read as ‘text’.


The Power Efficiency report (powercfg energy)

energy

falseYour computer’s battery is going to fail very soon. It might even catch on fire if you don’t do something about it right now! 

trueThis command can generate a report to help users optimize their battery (useful on a laptop) and detect non optimal settings to save power, etc..


The (value not set) registry trick

value

falseYour network is not working properly as you can see it says: value not set and default. 

trueThe network is working just fine. Scammers will use the registry editor to show empty keys and conclude your security is at risk.


The Process Explorer error

procexp

falseWe need to manually remove the infected entries and delete all the error files from your computer

trueThis [Error opening process] label happens because the user ran Process Explorer with limited privileges. It has nothing to do with errors on the computer.


The digital certificates

certificates

false ”Do you see the untrusted publishers? These are trying to compromise each and everything.

true These are normal and although the ‘friendly name’ is deceiving, those revoked certificates are used by your browser to protect you from untrusted sites.


Getting help (damage control)

Getting scammed is one of the worst feelings to experience. In many ways you feel like you have been violated and are really angry to have let your guard down. Perhaps you are even shocked and scared and don’t really know what to do now. The following tips will hopefully provide you with some guidance.


If you already let them in

  • Revoke remote access (if unsure, restart your computer). That should cut the remote session and kick them out of your PC.
  • Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats.
  • Change all your passwords (Windows password, email, banking, etc).

In some cases (you did not pay or called them names), scammers will seek revenge on your machine. Here are some things they might try and what to do to recover from them:

  • Master password lock out

There are various ‘hacks’ to reset that password. One method is to use a Linux boot CD to mount Windows and then use the chntpw utilty. It is described here.

  • Missing software drivers

First, try to do a System Restore. If it fails, you should be able to reinstall them by going to the manufacturer’s website and download the appropriate driver.

  • Missing files

First, try to do a System Restore. If it is not available, check for backups you may have made and stored somewhere else. As a last resort, there are programs that can scrape your hard drive and attempt to recover the missing files.


If you already paid

  • Contact your financial institution/credit card company to reverse the charges and keep an eye for future unwanted charges.
  • If you gave them personal information such as date of birth, Social Security Number, full address, name and maiden name you may want to consult the FTC’s website and report identity theft.


Fighting back


Report the scam


Shut down their remote software account

  • Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
  • LogMeIn: Report abuse

Spread the word

You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.


Investigate

While hanging up is the safest thing to do when you get a cold call, some people have gone on a mission to expose those scammers. While we don’t endorse this behaviour, if you do have information to share, please let us know and we will update this page with any new relevant details.


List of reported scammers

(This list is being updated on a regular basis)

  • 24/7 PC Guard | 247pcguard.com | 1-888-855-7953
  • 365 Tech Help | 365techhelp.co/bng/slow-pc, fastsupport.com | 1-866-539-8804
  • Speak Support | speaksupport.com, 121usa.com | 1-800-806-0768
  • PC Smart Care | pcsmartcare.com, pcsmartcare.us | 1-855-569-5945
  • PC Mask | pcmask.com | 1-877-385-1667
  • My Tech Gurus | mytechgurus.com | 1-866-587-1775
  • MegaITSupport | megaitsupport.com | 1-888-939-3618
  • Click4Support  | clickforsupport.net, webtechmasterhelp.com, techsupportcenter.org
  • PC Toolkit Pro | pctoolkitpro.com | 1-855-803-1370
  • Compute My PC | computemypc.com | 1-800-356-7697
  • iGennie | igennie.net | 1-888-239-4339
  • TechFix Pro | techfixpro.com | 1-888-768-0082
  • iMax Support | imaxsupport.com,fix247.org | 1-800-247-0830
  • Affiliated Help | affiliatedhelp.com | 1-800-565-7782

(video recordings for proof are available upon request)


Related articles


About the author:

I am senior security researcher at Malwarebytes where I specialize on tracking down malicious websites, general online threats as well as scams.

I first got interested in the Microsoft Tech Support Scams when I received a cold call back in April 2013 while working remotely from home.

Since then I’ve been documenting the various tricks crooks use and exposing companies involved in scamming innocent people.

While law enforcement has taken actions with some success many times before, I still believe the best solution to this problem is awareness.

At the same time, as more people know about these scams, there have been an increasing number of pranks played on the cold-callers. Beside the funny aspect and the fact it is well deserved, it has made scammers eager to seek revenge and be even more aggressive.

Beyond the technological tricks which can be amusing, there remains a human element and deep socio-psychological factors at the core of this scam, all of which I find quite fascinating.

You can follow me on Twitter @jeromesegura


81 thoughts on “Tech Support Scams – Help & Resource Page

  1. Operatingsystem OS says on December 29, 2013 at 6:53 pm :

    reported scam: mitechmate.com

  2. Operatingsystem OS says on December 29, 2013 at 6:54 pm :

    they seem like a scam to me, please, malwarebytes, investigate asap

  3. Jerome Segura says on December 31, 2013 at 12:50 pm :

    Thanks for reporting this.
    Their live chat is currently not available and nobody is answering the phone. Will try again later.

  4. Stan naz says on January 3, 2014 at 9:40 am :

    Just allowed a ‘techinician’ from maxpccare.com into a Virtual Machine, told him it was running slow. He did the old Event Viewer trick, then did the tree command and typed “network not secure- infections found on pc”. I can 100% confirm this site and organisation is a scam.

    Domains: maxpccare.com
    Phone number: +1-855-763-0457

  5. Stan naz says on January 3, 2014 at 9:51 am :

    Found suspicious website http://megaitsupport.com/ – Will probably call them later and see if they are legitimate or not. Please investigate.

    Domains: megaitsupport.com

  6. Stan naz says on January 3, 2014 at 9:53 am :

    Found suspicious website http://www.techicode.co.uk/ – Will call these guys too, see if they’re legitimate. Another thing I noticed was they have a UK domain but they have an american number on their website?

    Feel free to investigate.

    Domains: techicode.co.uk
    Phone number: +1-888-4074554

  7. Stan naz says on January 3, 2014 at 12:26 pm :

    To “Operatingsystem OS” – I agree, the website does seem suspicious, I agree, however I let them into a Windows 8.1 Pro 64bit machine, and they said it was clean, no virus. They appear to be legitimate, but don’t bet on it, may be worth further investigation with a more cluttered machine.

  8. Jerome Segura says on January 3, 2014 at 1:56 pm :

    Thanks for all the info Stan. Will check back on these guys and update the page accordingly.

  9. Stan naz says on January 3, 2014 at 2:29 pm :

    Thanks a lot to you to for helping investigate and making more people aware of these scams. I’m here to help anytime, equipped with unlimited landline calls worldwide on Skype, Windows 1, Windows 98, Windows XP, Windows 7, Windows 8.1 Pro Virtual Machines, and a VPN so my IP can’t be targeted for any reason or for advertising.

  10. Jerome Segura says on January 9, 2014 at 4:32 pm :

    Hi Stan,

    This: megaitsupport.com is a scam, called them and pulled tricks before wanting $399. Will update the list with this at a later point.

  11. Stan naz says on January 12, 2014 at 7:15 am :

    Hi, thanks for investigating. Rang PC Mask again just for fun, after finding out me and a friend were messing with them, they proceeded to delete the WHOLE of the C:\ drive. Screenshot can be found

  12. Stan naz says on January 12, 2014 at 7:15 am :

    Here: http://ss.stn.so/pcmaskdestroyingpc.png the <a href didn't work.

  13. Jerome Segura says on January 12, 2014 at 8:00 pm :

    Hi Stan,

    What they did doesn’t really surprise me… Some scammers are particularly vicious when they don’t get what they want.
    Personally, I never taunt them or anything like that (and I don’t condone these types of actions ;-)) although that thought has crossed my mind a few times. I just like to let them do their thing and then politely leave. But even if you are nice, it doesn’t mean they will let you go easily. On one occasion, the scammer stole several personal (albeit fake) documents from my computer before saying “thank you and good bye”.
    I have a few upcoming blog posts and one in particular about what kind of work they really do if you do pay (I did not give them a dime or anything, just managed to get them to start the work while I searched for my missing credit card). You will be surprised to see what their definition of ‘fixing’ a computer for $399 is….

    Stay tuned :)

  14. Debbie Perret says on January 13, 2014 at 4:17 pm :

    Hi…

    I was just an ‘almost victim’ of this scam. I feel very silly and gullible. They didn’t get very far before I hung up. I asked for a call-back number, was given two. I was told to ask for Logan. The numbers are 818-813-6174 and 800-516-0854. I am just sending in case it is helpful for someone else.

    Thank you for what you do.

  15. Jerome Segura says on January 13, 2014 at 6:37 pm :

    Hi Debbie Perret,

    Thanks for sharing your experience and providing these numbers.

    I think most people who aren’t prepared and receive such a call may actually fall for this scam. Although we know how to be careful in certain situations, most of us tend to trust others within our daily social interactions.
    Unless you’ve been through it before or know enough about computers to realize this is nonsense, the well rehearsed scam script tends to be quite effective.

    I see you mentioned the name ‘Logan’.. I had someone who pretended to be ‘Max’. All these little details immediately raise red flags for me. When that same person is speaking with a very thick foreign accent, it just doesn’t really add up.

  16. Stan naz says on January 15, 2014 at 11:59 am :

    Hello Jerome, looking forward to that next post with their “fixing” – it’s the only thing I’ve not been able to find out so far. I will continue to report organisations I find to be scams or very suspicious here as I’m still surprised at how the same, 10 year old technique is still being successful. It makes me angry. Again, thanks for what you do, and I’m here to help push these scamming companies further downhill.

    Good to hear Debbie that you realised they were a scam. Makes me happy everytime someone beats them, even if it means they chargeback a credit card payment.

  17. krumike says on January 17, 2014 at 1:35 pm :

    It is shameless that some people do this. From cold calls to targeted Google ads… from Windows PCs to Macs and smartphones. They will take advantage of everyone and anyone without fear or favour. Of course, the more vulberable the target person is, the easier for the shameless scammer.
    I’ve had a number of these calls over the years. No matter if I hang up straight away or follow through (but never give control of my machine) there is always a feeling of helplessness as they can simply hang up the phone themselves and move on to the next victim without blinking.
    That is… until I realised there was something that I could say that MIGHT make a difference to the scammer/caller. They often sound like they’re in or come from a spiritual country so now I string them along for a while then when I’m convinced they are indeed aware of their actions I simply say, “God will punish you” and then no matter what they say next (and they usually get defensive) I repeat it with emphasise on different words. “God WILL punish you.” “God will PUNISH you.” “God will punish YOU” and somethimes they still stay on the phonne so I start to include their family too. “God will punish you and your family.” Etc. Etc. Eventually they give up but hopefully it gives them something to think about.
    I used to think that maybe they too are a victim; an innocent call-centre worker with a script and without an understanding of the lies they are saying. But I don’t any more.

  18. Operatingsystem OS says on January 18, 2014 at 1:45 am :

    Hello again
    http://Www.securebitin.com
    There is a video

  19. Operatingsystem OS says on January 18, 2014 at 1:49 am :

    http://www.myphonesupport.com
    Never contacted any, but keep up the great videos!

  20. Stan naz says on January 18, 2014 at 2:12 am :

    I found SecureBitin too.. tried calling them, and they said they didn’t work in the area of computers anymore? Is that what they do when one of the employees can’t be bothered to do their job? When I went to question it or talk at all, they simply hung up. Looks like they’re a scam, and a bad one at that.

  21. Imanol Avila says on February 15, 2014 at 1:51 pm :

    There’s another company called Comantra (indian based) that has been found thanks to Youtube user Troy Hunt (uses Max Zorin to trick them)
    Video:

  22. Imanol Avila says on February 15, 2014 at 1:52 pm :

  23. Imanol Avila says on February 15, 2014 at 1:52 pm :

  24. Andrew Wijenathan says on February 18, 2014 at 2:01 pm :

    I was almost scammed. I let them have remote access. An when they asked me to make a paypal account I knew something was wrong. Without really knowing what to do I quickly shut down my computer. Now when I try to turn on my computer it won’t take let me. I can’t restore it either. What should I do? Should I take it in for repair?

  25. Jerome Segura says on February 19, 2014 at 12:28 pm :

    Hi Andrew Wijenathan,

    It sounds like they may have put an admin password to prevent you from logging in. It’s not uncommon that scammers retaliate when people don’t pay up.

    There are methods to recover such passwords using advanced techniques (if that is what the problem is). Before attempting a reinstall of the system, you may want to attempt to recover your data or have a professional do that for you.

  26. Operatingsystem OS says on February 27, 2014 at 12:41 am :

    1-866-612-4220
    I went on one of their websites and let them in to an infected VM via live chat, they used a registry cleaner and said that the scan results are “malware”. they have many websites if you google that number. Thanks

  27. Benjamin Stambaugh says on March 3, 2014 at 11:25 am :

    A slight twist on the “Cold Call” method:

    My wife’s uncle fell victim to this scam a few months back. He got the usual call from “MS Tech Support” saying his computer was the source of hacks against some popular web site. I cannot recall which sites were mentioned. The rest of the story is the same.

    However, instead of the normal cold call this was a bit more targeted I believe. I don’t have much prof and it could but a total coincidence but earlier that day he was asked by a complete stranger to use his cell phone. He gave them the phone and they went around the corner for “privacy.” I think they were either calling a number to have his phone number recorded in caller ID or they were scrolling through his address book to get his and other’s numbers. After his wife called me about what happened I had to break the news they were victims of a scam. I told them to go the police and report what happened.

  28. Donna Raagas says on March 3, 2014 at 7:09 pm :

    The people I called when I thought I was getting YouTube support had me open TeamViewer8; other icons on my desktop are “Cleaner” (That picture of a large and small gear), “IPC System Optimizer”, and a “Warranty services” screen shot for support@instantpccare.com. 1-800-565-7782 and 1-800-848-1897.

    The voice of the man who talked with me sounded just like the man who talked to you in your video, and my “tech” was especially polite too, calling me ma’am.

  29. Operatingsystem OS says on March 5, 2014 at 6:07 pm :

    http://www.youtube.com/watch?v=flLcGNS5mVs&feature=youtu.be
    I made a video, i let them into a VM and they found out soon

  30. arlene says on March 5, 2014 at 6:14 pm :

    My 83-year-old mother is getting scammed as I write this. I told her about this scam just days ago but she got warnings about her computer being infected. Because AOL no longer has tech support you are left on your own and she googled up tech support. She was CERTAIN they were part of the AOL because “AOL is in their name.” (Yeah…after a backslash.) We aren’t sure what to do. Cut them off and risk problems, or let them finish and then spend MORE money trying to fix the computer. By that time we might as well buy a new computer! Worse…this company isn’t on the list above…so how do you know the good support companies from the bad ones? This one is http://www.gotoassistance.com Phone 800-664-7520. Can anyone tell me if they might be legit????

  31. Jérôme Segura says on March 5, 2014 at 8:14 pm :

    Hi arlene,

    I haven’t had a chance to check this company out but if you feel uncomfortable about it, you have a full right to ask for a complete refund or reverse the charges from your credit card.

    The list of known scammers above only represents a fraction of all companies and websites involved in this kind of fraud, making it hard to keep up with.

    Looking for a support company online is tricky… scammers know that and buy ads quite aggressively.

    If the technician used any of the tricks mentioned in this article, it is not a good sign and you should stay away from that company. It’s something you can use as a reference anyway.

  32. arlene says on March 6, 2014 at 5:08 am :

    Thanks Jerome…but I wasn’t there when it happened. My mom just happened to mention when I called her that someone was working on her computer. She knows so very, very little about computers that she couldn’t explain to me what they were doing. Like she’ll say “my computer” instead of “my email”…she said the tech showed her that people in Florida and Texas were using her “computer.” And she kept insisting that because she somehow stumbled on this web address– https://www.gotoassistance.com/email-support/aol-email-support/ –with the AOL in the URL they were part of the AOL company. The only way I could get her to understand was by telling her that it has to be right after the www’s. So we let them finish. I phoned the number and heard a big call center in the background and they insisted they were in partnership with AOL. I suspect it is all a lie…so what I would like is if anyone here finds out that they are indeed scammers to please post that…I doubt it but maybe she happened across a company that didn’t do more than overcharge her. Also, how do we find the kind of tech that will be capable of finding whatever keystroke recorders, hidden malware, trojans, or alternate passwords they added so they could shut down the computer if we do reverse the charges. I’d want to clean out the computer before we reverse the charge. Does an everyday tech at a big box computer store have the knowledge to do that? I’m just so freaking angry…she paid $300! For a bit more (or equal to that “repair” and the cost of the additional repair plus getting her signed up for an identity monitoring service) we could have bought a new computer. This is a woman who saves for months just for that $300 and we, her kids, aren’t in worse financial situation than she is. They had her send them an email when they were done, confirming that they fixed her computer…so I suspect they are willing to battle any reversal of charges.

  33. Jérôme Segura says on March 6, 2014 at 10:00 am :

    Hi arlene,

    “I would like is if anyone here finds out that they are indeed scammers to please post that”
    >> I tried to call them today but it did not answer. I will keep them on my checklist though. If you have an alternate number (different from the one of their website) please post it here.

    “she said the tech showed her that people in Florida and Texas were using her “computer.”
    >> That sounds very much like “hackers have infiltrated your computer” scare tactics…

    “Also, how do we find the kind of tech that will be capable of finding whatever keystroke recorders, hidden malware, trojans, ”
    >> You can download our own Malwarebytes anti-malware free of charge and run a full system scan. If anything is found the program will let you clean up the computer without asking you to register or pay the product. http://www.malwarebytes.org/free/

    “Does an everyday tech at a big box computer store have the knowledge to do that?”
    >> Yes, most likely and by going with a well known name at least you reduce your chances of being scammed. However, their services can be costly, so you should ask about fees before.

    ” I’m just so freaking angry…she paid $300!”
    >> I’m really sorry to hear that. All is not lost though and time is of the essence if you want to reverse charges.

  34. Jérôme Segura says on March 6, 2014 at 10:05 am :

    Thanks for the tip Operatingsystem OS, I’m also primarily using Virtual Box but I’ve made some changes to my set up so it doesn’t show it anymore.

  35. arlene says on March 6, 2014 at 3:40 pm :

    Thanks Jerome. I have no other number. I called them around 8pm eastern time last night and someone picked up. Really weird. Thanks for trying!

  36. Operatingsystem OS says on March 7, 2014 at 7:11 pm :

    Hi Jerome,
    Please contact 247computersupport.net sometime soon. They seem very suspicious, please do not let them find out you are on a VM, but trouble will arise when they open msinfo32 and see it says virtual box, I don’t know what they would do afterwards. BTW they don’t have a phone number on their site and identify themselves based in India

  37. Operatingsystem OS says on March 7, 2014 at 7:16 pm :

    There is also an ‘assoc’ command trick, they instruct you to type that BEFORE they gain remote access and lOok at the bottom string and say it’s your unique Windows license ID or something when it’s not unique at all

  38. alizacarvor says on March 7, 2014 at 11:13 pm :

    Information you shared which is get secure alarm in advance for all users. I uses some them to fix myself slow performance of PC
    The System Configuration Utility (msconfig)
    The Temporary files (%temp%)

    Thank You
    Fix My Computer Dude

  39. Operatingsystem OS says on March 12, 2014 at 11:28 pm :

  40. operatingsystemos says on March 16, 2014 at 11:39 pm :

    http://techfixpro.com/microsoft-support.html
    I went on that website and called them, they connected me to a MyTechGurus “technician” in my VM with Logmein and I think they might be related

  41. Eduard Serra Ros says on March 19, 2014 at 12:25 am :

    Dear Jérôme, thanks for this blog on this particular type of scams.

    I’m sure you are already aware, but in case you are not, we are receiving these scams in France as well.

    I live in the Haute-Savoie, in France (next to Geneva), and somehow they “know” that we speak English at home (I’m Spanish and my wife French/British). They keep calling every now and again… it didn’t bother me until today, when they called at 7.00 am (!!!).

    Some other English-speaking friends living in France have also received this type of calls…

    Do you know who we could contact in France to report this scam?

    (on commence a n’avoir marre!)

    Thanks again for your good job (and of course for malwarebytes software!)

    ps. One day I was playing their game… to get rid of them, nothing simpler than telling them I use Linux, which I don’t… then they asked about a million times if I had a Windows or a Mac computer… another solution is speaking to them in French or Spanish… :P

  42. Jérôme Segura says on March 19, 2014 at 12:52 am :

    Salut Eduard Serra Ros,

    Thanks for your comment. I wonder if it’s a mistake or not (I had never heard of someone from France being targeted), but evidently the language barrier has been keeping scammers from venturing too much out of non English speaking countries.

    I’m not sure who to contact in this case because the perpetrators are from outside of France. So if you were on a “do not call list”, it most likely would not fix this issue.
    If you were defrauded, you could file a complaint with the usual orgs, but again there’s the extra territory issue…

    What you could do (if you have the time) is find out a little more about who’s calling: what is their website, company name, etc? That information can be helpful for those of us that go on an investigative mission. Not only can we gather info on scammers but in some cases we can also have their sites shutdown.

    By the way, beautiful region you live in :) I was born in the region nearby and still have family there.

  43. Jérôme Segura says on March 19, 2014 at 1:03 am :

    Thanks operatingsystemos for reporting these two sites :)

  44. operatingsystemos says on March 19, 2014 at 11:19 pm :

    Jerome, I have shared many site with you, and why haven’t you contacted them or added them to the list of reported scammer ;-)
    Heres another suspicious one
    https://www.imaxsupport.com/

  45. Jérôme Segura says on March 20, 2014 at 9:02 am :

    Hi operatingsystemos,

    I appreciate your sharing all these sites here and I am looking into them. As you may imagine I have many things going on at the same time (I do other security research too) and mostly I want to make sure that everything is well validated before I publish it. As it happens I am currently working on another scam company at the moment that has been taking me a week to track and that I plan on exposing perhaps next week once I’ve made full disclosure with a big name company involved.

    Anyway, your info is valuable and does not go unnoticed. :)

  46. operatingsystemos says on March 25, 2014 at 6:39 pm :

    Where are the links to the videos gone. And are there any new videos?

  47. Jérôme Segura says on March 25, 2014 at 9:10 pm :

    operatingsystemos, the links were removed but the videos that were used in blog posts are still available on our YouTube channel.
    Other videos where the only purpose is to identify new companies involved in scams are not public. The idea is that there is no need to give scammers a full view of the tools and techniques we use. An awful lot of information can be learned from watching the videos (oh he’s running this setup, with these icons, this Windows license key, etc…) and yes, some scammers have been watching and learning from that.
    Since you last posted about the VirtualBox detection, I’ve had 3 different companies check that first thing when they remotely connect to make sure this was a real computer and not a virtual machine. They check the tray icons, and then do a msinfo32 to see the information from the BIOS.
    In other words, they are being a lot more cautious. While documenting with videos is great and is proof of unethical activities, it also gives the bad guys too much insight into how they can be tricked.
    All the recordings are archived though, in case a company wanted to contest being listed on the “reported scammers”, it’d be easy to show them footage of an interaction with a technician.

  48. operatingsystemos says on March 27, 2014 at 12:16 am :

    I made a comment befor and it didn’t show up, so once again, please email me links to the scammer videos at operating{NOSPAM}system121@yahoo dot com, I will only store them for personal use and nothing else

  49. Dawn Harrison says on March 30, 2014 at 4:21 am :

    I just got a new Dell Inspiron 15 7357 laptop a few days ago. 2 days after receiving it my browser started looking like a yahoo browser. I was unable to get into any Web page after clicking a link from Google search result (my domain advisor was blocking it). It would also drop wireless (a fault in the design I believe). Anyway a few hours later I receive a phone call from my ‘tech team’ saying they were monitoring my equipment as part of my broadband package. I asked if they were from Virgin & they said yes. They instructed me to get Teamviewer but my laptop wasn’t allowing that either. So they said to go to my pc & do it from there. I did as instructed & they searched for a file & said the files on screen were infected & I was passed on to a specialist. The specialist was discussing my problem & mentioned a 9year protection package. It was at this point that I realised it was a scam. I demanded to know the name of their company & they hung up on me. Turned off my pc & ended their link with it.
    My worry is that they knew I was having an issue & were able to get my phone number to call me within hours of the issue starting. I absolutely do not think it is a mere coincidence.
    I installed spybot & malwarebytes which sorted the issue. My domain advisor is off & I believe the issue is directly tied to that programme which came pre installed with my laptop.
    The experience has been reported to the police & internet crime squad as well as my bank in case they got sensitive information. I suggest people share this experience because of the way in which is developed.

  50. Jérôme Segura says on March 30, 2014 at 12:16 pm :

    Hi Dawn Harrison,

    That’s not the first time I hear about these ‘coincidences’.
    It’d be interesting to find a relationship (if any) between people buying new devices or experiencing issues and these calls.
    Thanks for sharing your experience.

  51. John Harpold says on April 4, 2014 at 4:56 am :

    I recently received a cold call from a group know as “Smart Tech Guru”. I didn’t engage with them but took down a phone number and said I’d get back with them. Ever heard of them and if so what can you tell me?
    John

  52. Jérôme Segura says on April 4, 2014 at 10:36 pm :

    Hi John Harpold,

    I’ve never heard of this company before. A quick look up on the domain name shows they’re using some anonymizing services from registrar bigrock (which I’ve noticed was used in very similar fashions by other scam companies).

    http://whois.domaintools.com/smartechguru.com

    Thanks for passing it along, I’ll investigate.

  53. Marx Xiong says on April 6, 2014 at 9:59 pm :

    Hello

    I recently was called by a man with an indian accent, he said he was a microsoft tech and that i had my pc had been sending out tons of error messages to microsoft, that my pc had alot of virus. I really wish i had my guard at its best but i was stupid enough to listen and believe him, i downloaded the programs he told me about(tvi.name and showmypc etc.) and gave him remote access.i honestly wish i hadnt done any of this. But after he started telling me to type in my card info name email etc i knew it was a scam. I only wished i had realized that as soon as the phone rang. I had alot of my important personal information on my pc, such as; social security number, passwords and phone info. I am wondering if he can harm me in any way with that information. I have ran microsoft essential security 2 times both full runs and tried to my best delete all that he told me to download. Im not sure if anything is left but the pc will probably end up being smashed. Please respond!

  54. Derrel Allen says on April 8, 2014 at 7:24 am :

    I am curious as to why Google allows this type of advertising. I think they should be reported. I’m fairly sure their ads violate the TOS. Surely Google doesn’t need their $$ that much.

  55. Theresa Retz says on April 8, 2014 at 3:05 pm :

    Have you considered an article on scams that manage to put out TV and radio ads? The station I listen to at work is currently running an ad for “speed counts” which looks to me a lot like this kind of scam. Unfortunately, the fact that it’s gotten airtime tends to make it seem more legitimate to folks who might not know how to spot scams.

    The parent company of ‘Speed Counts’ is “USTechSupport”. I would test them myself but I don’t have a spare PC or virtual PC to use as bait and I don’t want to risk it.
    From what I can tell (they recently changed the site to remove any listing of what they actually do, when I looked them up last week before warning the radio station they were a scam, it listed things like “removing registry errors” and “defragmenting” as a way to speed up the PC) they don’t do anything that you can’t do yourself with default windows tools.

  56. Jérôme Segura says on April 8, 2014 at 3:14 pm :

    Hi Theresa Retz,

    Thanks for passing this on. Although most people assume these scams are run by Indian-based companies, it also happens in the US. TV and radio ads might cost significantly more than adwords but perhaps they reach out to a better audience. May I ask which radio station these were aired on?

  57. Jérôme Segura says on April 8, 2014 at 3:18 pm :

    Hi Derrel Allen,

    Yes, it is quite frustrating to see major search providers involved in this. I would be very interested to know how ad accounts work, especially whether or not it is easy to create countless new accounts. I imagine if Google or Bing shuts down a particular, say, adword account, the scammers are most likely going to open up a new one.

  58. Jérôme Segura says on April 8, 2014 at 3:19 pm :

    Hi Marx Xiong,

    Unfortunately you need to assume the worst. Certain scammers will steal data from you and quite possibly attempt identity fraud. You should contact your bank / credit card provider and let them know what happened.

  59. operatingsystemos says on April 8, 2014 at 3:26 pm :

    Also, please add the syskey trick that they use to lock you out, I learnt that from your video:

  60. Ellen Gaynor says on April 8, 2014 at 7:35 pm :

    A friend of mine called me to tell me these people had been calling for a long time, but she finally talked to them today. The woman told her she was with Axis PC Help (of course there’s an axispchelp.com website with glowing reviews). She got my friend to install Techinline so the “technician” could connect remotely. After a while of this woman pointing out problems, my friend asked if this was going to cost money. That is when the call ended.

    I told her to download malwarebytes and scan her PC. I need to call her back and tell her about the possibility that they stole her info while they were poking around.

    axispchelp.com was registered by someone who goes by the handle kddacraker. Very interesting google search results for this name.

  61. Marx Xiong says on April 8, 2014 at 10:07 pm :

    Hi jerome

    Thank you for responding. I just turned 18 not so long ago. I dont have any bank account at the moment and I am not associated with any credit card providers either. Ive changed all of my passwords already. Is there anything i should do now? Would the scammer be able to use my ssn to apply for a credit card or cause some sort of trouble?

  62. operatingsystemos says on April 8, 2014 at 10:48 pm :

    http://online-tech-support-review.toptenreviews.com/
    They all seem to be scams to me, no matter what that website says

  63. operatingsystemos says on April 8, 2014 at 10:53 pm :

    https://www.google.com.au/search?q=1-855-292-4094.
    These guys are OmniTech, I contacted them a while ago and they have registered many domain names. They might also be illegaly selling “Systweak Advanced System Optimizer” AFAIK, that is a legitimate registry cleaning software

  64. Jérôme Segura says on April 9, 2014 at 1:27 pm :

    Hi Marx Xiong,

    It depends how and where your personal information was stored on your computer, as well as how long they had access for. So, it’s pure speculation on what they could possibly do.
    You can still report the fraud to your local authorities etc with a formal complaint.

  65. Jérôme Segura says on April 9, 2014 at 1:30 pm :

    Hi Ellen Gaynor,

    Thanks for sharing this information, this is valuable to investigate further. Hopefully your friend recovers from this without too much damage done.

  66. Marx Xiong says on April 9, 2014 at 3:52 pm :

    Hello again jerome,

    Thank you again for responding, the programs they told me to run were running for about 10 – 15 minutes or less i believe. And well as for some of my information, i was dumb enough to have it sitting on the desktop screen. I just always thought that what are the chances of me becoming a victim of a scam like this. Is it possible for those programs to have transferred my files secretly and files of other accounts on my pc within 10 – 15minutes?

  67. Jérôme Segura says on April 9, 2014 at 4:09 pm :

    Hi Marx Xiong,

    If that was their intent to scrape everything, then yes it is possible. That happened to me not long ago:
    http://blog.malwarebytes.org/fraud-scam/2014/02/netflix-phishing-scam-leads-to-fake-microsoft-tech-support/
    http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/filetransfers.png

    You mentioned they used a program called shomypc? I’m not familiar with it but perhaps you could find log files for that program? Within these you may be able to find activity traces. I say ‘may’ because sometimes they make you install a “standalone” version of the remote software which does not leave logs.

  68. John Reddy says on April 15, 2014 at 11:15 pm :

    Thanks for a very interesting blog . I agree with your blog and i will be back to check it more in the future so please keep up your work, You have done a great job [edit from author: <--- thanks for spamming the link, will investigate! /end of edit]

  69. angeljg1091 says on April 20, 2014 at 5:59 am :

    Here’s one I found searching the internet: http://www.teesupport.com/
    Here’s the original page I found: http://blog.teesupport.com/get-rid-of-generic26-bhdv-trojan-manually-uninstall-generic26-bhdv-completely/

Leave a Reply

Subscribe to our YouTube Channel