James Wiseman

A few months ago I wrote about trying to counter-scam the Indian Windows Telephone Support Scammers, and it would seem that I have a champion in someone called Caliston.

Three hours, all told, is how long he claims to have kept them on the phone for, allbeit across several different calls, but that’s still impressive in my book. That’s three hours that they weren’t scamming someone else.

These criminals are motivated by greed, have no imagination (they follow a script), and prey on the vulnerable. But, fortunately, they are hopelessly stupid, so are easy to fool – especially if you give the impression that you are willing to pay.

Anyway, you can read about Caliston’s exploits on this journal entry: http://caliston.livejournal.com/20313.html. Hats off to you, sir, I salute you!

Other Articles

This is the seventh of an ongoing series of articles that I have written following this scam. You can find them under the following tag group:

http://www.jameswiseman.com/blog/tag/windows-support-telephone-scam/

And I was out! Dammit!

“We have noticed from our logs that you have been downloading lots of viruses”

My wife took the call, and politely declined, which is more than they deserved. I’ve got a nice counter-scam dreamed up as well (see This Post for my thoughts on this).

So, to all the criminals responsible for perpetrating the scam that are this. Please ring back, I REALLY want technical support, as my event viewer has lots of errors, and my prefetch folder is full of viruses!

Help!

Other Articles

I don’t know, and I’d like to.

I noticed a suspicious entry in my visitor logs from an IP in Calcutta looking at the last Scam post –  ’Scamming the Scammers’. My suspicions were confirmed when the IP linked back to one of the websites quoted by the fraudsters (http://onlinepccare.com/) . See this entry: http://www.robtex.com/cnet/203.200.180.html.

So it looks like the criminals are reading this. HELLO, Criminals!

After looking around a bit more, I found a forum post (http://www.dslreports.com/forum/r22222049-Scam-Supportonclickcom-scareware-scam~start=140) that lists a few more to be wary of:

www.supportonclick.com
www.onlinepccare.com
www.techmyhelp.com
www.comantra.net
www.gogreenpc.net
www.techisonline.com
www.techonsupport.com
www.fixonclick123.com
www.virtualpcdoctor.com
www.loginforcare.com
www.systemrecure.com

An Australian website has taken also  to recording info regarding this (http://forums.whirlpool.net.au/forum-replies.cfm?t=1485775). A further link from here to an article containing a response from Microsoft Australia is also an interesting read: (http://www.smh.com.au/technology/security/pay-up-or-your-pcs-toast-20100630-zm8i.html).

The Guardian, UK, carry an article linking OnlinePCCare.com to a company called Pecon Software based in – you’ve guess it – Calcutta  (or Kolkata if you’d prefer). Their customer relationship manager, Vikas Gupta strenuously denies any involvement and states that he has an email from Mahesh Shah, head of Pecon Software, in which he is told that the company has terminated its contract with “around 30 employees in last two years

It is interesting to note that Pecon Software still have a link on their front page to the (now shut-down) supportonclick.com through an employee login link.

So I guess it’s important to know who is actually accepting money for this, i.e. to which company is the money on the credit card being paid to? Or, put it another way, what is the name of the company that appears on the credit card receipt?

Any info, post here.

Other Articles

Have you heard of 419 Eater?

Well, this is a site set up specifically for the baiting of pretty much any internet scam. The name originates from the original Nigerian 419 Scam, known internationally as “4-1-9″ fraud after the section of the Nigerian penal code which addresses fraud schemes.

It has several hilarious examples of how the scammers have had the tables turned upon them and have themselves succumbed to an elaborate counter-scam.

The man in adjacent image has become something of minor celebrity, with his face now recognisable as the bungling criminal who was persuaded to put a fish on his head and bread in his mouth in a nefarious attempt to get a grieving church to pay him money.

Well, I have been waiting and waiting for a call from the Indian telephone scammers, my webcam poised! Why? Because I want to scam them back, and not just keep them on the phone for hours.

No, I want them to place various fruits or vegetables about their bodies, and then send me a picture. I then want them to call me, and record their reaction when they read the future blog post that has the picture emblazened with “HAHAHA YOU HAVE BEEN SCAMMED’ or something.

But it doesn’t have to be me! Why not try it yourself? Many folk are taking to wasting their time, but I say, take it further. These people are trying to rip off, con and embezzle your hard-earned money from you! They deserve everything they get.

So take some time to peruse the 419 Eater, and maybe concoct your own elaborate scheme.

Other Articles

As part of my continuing efforts to give prominence to this scam, I thought I’d provide a quick update. The Scam Tag on this blog contains the full list of posts regarding this.

Charles Arthur is continuing to investigate this  has recently covered this in a Blog posting: Those ‘PC virus’ phone call scams: the unanswered questions.

One of the unanswered questions that he highlights is how exactly are they getting this information? Several people have intimated that they give out spam-trap contact details whenever they are asked to provide them, so maybe this is a good long-term strategy to attempt to wheedle out the scammers.

Take this example. I am fortunate enough to have my own domain name (JamesWiseman.com). My email account is set up such that all mails sent to @JamesWiseman.com will end up in the same mailbox. So, think of a word, put it in front of @JamesWiseman.com, send me an email, and I will get it.

So, when I sign up for SomeService.com, the email address I give is ‘someservice@jameswiseman.com’. For anything that needs a credit card, or requests more sensitive information, I use something more obscure, but, nevertheless still identifies the company to whom I originally gave the address.

Obviously, not everyone has their own domain, but for email this can be overcome by signing up to multiple GMail or Hotmail accounts (hassle, granted). And what about physical address details? Well, if you never intend to receive mail, then you can always fake it, for example (again using the SomeService company name):

James Wiseman,
22 SomeService Road,
Gondor,
Middle Earth

But what if you do want to receive mail? Well, just pretend you have given your house a personalised name (like those ‘quaint’ Dunroamin house names you sometimes see)

So, your address might look like

James Wiseman,
SomeService,
999 My Real Road Name,
My Real Town
MY8 8PC

Granted, this isn’t going to obtain results quickly, but could well make it more difficult in the long run for scammers to operate effectively.

Other Articles

There are still plenty of reports coming in on the Microsoft Support Telephone Scam since I wrote the original article. A good repository for people’s experiences can be found here: http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam.

A number of people have been conned into letting the scammers in to control their PC. Firstly let me say that there is no shame in this whatsoever. It’s a convincing scam, playing on the fears of people, and hooking in even the most suspicious.

Secondly, don’t panic. There are a number of things you can do to safeguard yourself.

One of the respondents, Chrisalisuk gave some useful advice, which I’ll reproduce here:

For anyone who’s interested on the technical side of this – I run a small IT company and have had a couple of calls from puzzled customers who have been “caught out” by these pond lifers; mercifully, no money has changed hands, but I did have one guy who asked me to go and check security on his machine AFTER the “fix”.

I found evidence of iobit.com installation – “advanced system registry cleaner” plus a folder and a number of registry keys referring to logmein rescue. The folder was in the windows folder, called “LMI2.tmp”. Rather frighteningly, logmein rescue can now be set for reconnection WITHOUT user permission – so there is a RATHER LARGE security problem RIGHT THERE!

Some interesting stuff in the LMI2 folder! – the virtualpcdoctor registration for logmein. A quick call to logmein has blocked one small revenue stream for them at any rate! The guys there were happy to listen and help, and had prior knowledge of the scenario – they asked me to mail the relevant logs, and thanked me greatly for my time.

Chrisalisuk was also kind enough to give some advice as to what to do:

…if you look at the posting IMMEDIATELY before yours, you’ll find that I mentioned the lmi2.tmp folder nestling in the wndows folder – look for that. If you find AND DELETE it, you SHOULD be OK. If you aren’t confident doing this, I suggest that a factory reinstall is your best option “just to be sure” – unless you have a trusted local company that can have a look. Whichever way, it will probably cost you money, but you gain experience – which is priceless. Don’t feel bad – these bastards are GOOD at what they do (con and extortion). Live and learn!

Let’s look at this. A factory reinstall is quite draconian, but will fix the problem for sure. But, it’s quite simple to look for the lmi2.tmp file. Click on the Windows menu (normally this will be in the bottom-left of your screen). Under this you will see an option labelled ‘Search’ or ‘Find’. Go here and type in lmi2.tmp and perform the search.

If it finds something, click on the item and then hit the ‘Delete’ button. Gone…

Oh, and change ALL your passwords – REGARDLESS. I would also place a stop on ANY credit/debit cards you have EVER used on the internet on that machine (the companies will understand). Better that, than a negative bank balance.

One last thing – report the scums to the bizzies. It makes you feel as though you’ve done SOMETHING to get back at them, and hey – somebody just MIGHT do something about the problem if enough pieces of paper land on their desk.

Yeah, this is hassle, but I’d certainly recommend doing it. If nothing else, it will give you peace of mind.

One thing I would also add is to perform a full and comprehensive virus scan on you PC. If you have more than one virus scanner, then use both. Run any anti-spyware/malware tools you have as well. I’ve also heard good reports about Hitman Pro which seemingly downloads quickly and runs effortlessly.

Do all this, and you’ll have nothing to worry about. And, most importantly, tell everyone you know, and do it face-to-face or over the phone if you can. Some people are generally suspicious of email chains that warn of impending doom in some way.

UPDATE

The Guardian newspaper seem to be onto this. This commented was posted on the Digital Toast forum above on 29/06/2010:

If anyone has been caught by this scam, or knows someone who has, then I’d be grateful if you could tell me the name of the company *whose name appears on your credit card*. It’s clear this company uses loads of different sites and different names, but I suspect it’s the same one (or ones?) behind it. Email me please atcharles.arthur@guardian.co.uk

Charles Arthur, editor, Technology, The Guardian

Other Articles

If you have received a call anything like this, first Off: DON’T DO ANYTHING THEY ASK.

If you are nervous, hang up. Sometimes they stay the other end waiting, so leave the phone for 15 minutes. You can unplug your router if you are in any doubt as to whether they are conencted remotely to your machine.

Next: then go to this site: http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam

This came to my attention yesterday when I was contacted by a family friend who had recieved a cold call from “Windows Technical Support” and had proceeded to claim their machine was corrupt and virus-ridden.

I’ll embellish this article a little later, but just wanted to post something initially that could show up on search engines.

In the mean time, here’s a list of things NOT to do:

1. Don’t do anything they ask.
2. Don’t go to any website they request you access
3. Don’t let them access your PC remotely (you will be prompted before this happens)
4. Don’t give them any money

You might also like to try

1. Wasting their time by playing stupid
2. Recording the conversation
3. Do a Google search for key phrases they are using
4. Report it somewhere – even if it’s just leaving comments on a web page.

Generally if you do an internet search, you will come up with tons of results confirming that THIS IS A SCAM: Here are a few more links:

http://www.networkworld.com/news/2009/081009-windows-event-viewer-phishing-scam.html

http://www.computerhq.co.uk/content/warning-fake-tech-support-call-scam-windows-xp-service-provider

http://www.pcproblem.co.uk/?p=49

http://forums.moneysavingexpert.com/showthread.php?t=1424731

UPDATE

The Guardian newspaper seem to be onto this. This commented was posted on the Digital Toast forum above on 29/06/2010:

If anyone has been caught by this scam, or knows someone who has, then I’d be grateful if you could tell me the name of the company *whose name appears on your credit card*. It’s clear this company uses loads of different sites and different names, but I suspect it’s the same one (or ones?) behind it. Email me please at charles.arthur@guardian.co.uk

Charles Arthur, editor, Technology, The Guardian

Other Articles