Tag Archives: Scam

Support Scammers

Jon Brodkin -Dec 5 2012

How Windows tech support scammers walked right into a trap set by the feds

When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn’t spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.


FTC press release 10/03/2012

FTC Halts Massive Tech Support Scams

Tens of Thousands of Consumers Allegedly Tricked Into Paying for Removal of Bogus Viruses and Non-Existent Spyware, and Allowing Scammers to Remotely Access their Computers

The Federal Trade Commission has launched a major international crackdown on tech support scams in which telemarketers masquerade as major computer companies, con consumers into believing that their computers are riddled with viruses, spyware and other malware, and then charge hundreds of dollars to remotely access and “fix” the consumers’ computers.

At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets.

“The FTC has been aggressive – and successful – in its pursuit of tech support scams,” said FTC Chairman Jon Leibowitz. “And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem.”



Unmasking fake Microsoft support scammers

David Jacoby
Kaspersky Lab Expert

I’m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced used that the output is actually showing that the computer is infected.

I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call ‘from Microsoft’ stating that there are some indications that your computer is broken or infected – please hang up!

Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.


Tech support phone scams
Technical Support
Fake Product Support

Tech support phone scams

Microsoft Safety & Security Center
Computer Security, Digital Privacy, and Online Safety

Avoid tech support phone scams

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.

Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Will Microsoft ever call me?

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.


Technical Support


In a recent interview with the Cyber Law department, Comantra officials carried out a quick recovery channel strategy in how effectively Comantra scams can be delimited. Microsoft in the meantime has agreed to provide advanced far end support to its trusted partner by offering quality benchmarks to Comantra based online computer tech support. Comantra as we all know has been a leading player in deployment of online technical support to a competitive global client base. This has faced a serious jolt in reputation management wherein future service disruption can be a major issue. Comantra scams, as is being cited by major news media worldwide has once again brought in the widespread notion of how effective online computer tech support is in view of fraudulent channels of web technology.



September 2011: Microsoft removes Gold Partner Comantra

Fake Product Support

Aghast at Avast’s iYogi Support

The makers of Avast antivirus software are warning users about a new scam involving phone calls from people posing as customer service reps for the company and requesting remote access to user systems. Avast is still investigating the incidents, but a number of users are reporting that the incidents followed experiences with iYogi, the company in India that is handling Avast’s customer support.

A follow-up investigation by KrebsOnSecurity indicates that Avast (among other security companies) is outsourcing its customer support to a third-party firm that appears engineered to do little else but sell expensive and unnecessary support contracts.

Complete article: http://krebsonsecurity.com/2012/03/aghast-at-avasts-iyogi-support/

Avast! Blog
iYogi support service removed

We had initial reports of this behavior a few weeks ago and met with iYogi’s senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs’ experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products. We believe that this type of service, when performed in a correct manner, provides immense value to users. As such, over the next weeks, we will work with iYogi to determine whether the service can be re-launched.

Re-launched? :-o

ESET Threat Blog
Fake Support, And Now Fake Product Support

I first became aware of the plague of Indian companies operating PC and anti-virus support scams because one of our competitors advised me that one of them was apparently carrying out unethical marketing on ESET’s behalf. (They weren’t, of course, anything to do with ESET: see this blog series and this paper.)

I recently learned from my colleagues at ESET UK that cold-callers from Mumbai have developed a new twist on this cold-calling scam, calling people in the UK and apparently claiming to offer paid support in response to problems that don’t exist,

Complete article: http://blog.eset.com/2012/03/15/fake-support-and-now-fake-product-support

Of interest
Microsoft MVP Troy Hunt’s Blog:
Anatomy of a virus call centre scam
Scamming the scammers – catching the virus call centre scammers red-handed


AOL Administration Center & Uniform Traffic Ticket Spammed Scams

“AOL Administration Center” spam comes from a spoofed email address this is a classic example of Canadian Pharmacy spam.

Full text of the bogus email, the # in the subject line changes.

From: “AOL Administration Center (R)”
Subject: AOL Administration Center Notification #73916

You have 1 notification (#73916) from AOL Administration Center
Please follow the instructions to continue.
The AOL Mail Team

Click here to opt out of receiving future promotional e-mail messages from AOL or go to AOL Keyword:
Email Preferences and unsubscribe. This screen name cannot respond to replies.

Click here for other Important Information about Commercial E-mail from AOL or visit http://about.aol.com/email_information.
AOL Email, PO Box 65627, Sterling, VA 20165-8805.

“UNIFORM TRAFFIC TICKET” spam has been around awhile and continues to do the rounds. The email has an attached file which contains a malicious Trojan horse.

Full text of the bogus email, the ID # in the subject line changes.

Date: Wed, 03 Aug 2011 12:42:23 +0530
From: “N.Y. State Department of Motor Vehicles”

New York State Department of Motor Vehicles


Local Police Code 5278


Time: 7:25 AM
Date of Offense: 10/10/2011

9690 Description of Violation

Shady Reshipping Centers

Krebs On Security offers readers a behind-the-scenes look at a organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics.

Shady Reshipping Centers Exposed, Part I

There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.


Rejected Federal Tax Transaction Scam

A malicious scam which continues to do the rounds with three caught by my spam filter, the transaction ID changes.

How does IRS e-file work?A. You or your tax professional, prepare your tax return. In many cases, the tax professional is also the Electronic Return Originator (ERO) who is authorized to file your return electronically to the IRS. Ask your tax professional to file your return through IRS e-file.You sign your electronic tax return by either using a Self-Select PIN for e-file for a completely paperless return, or by signing Form 8453, US. Individual Income Tax Transmittal for an IRS e-file Return.See ” If the return is electronic, how do I sign it?” for more information.After you sign the return using a Self-Select PIN or Form 8453,the ERO transmits the return to the IRS or to a third-party transmitter who then forwards the entire electronic record to the IRS for processing. Once received at the IRS, the return is automatically checked by computers for errors and missing information. If it cannot be processed, it is sent back to the originating transmitter (usually the ERO) to clarify any necessary information. After correction, the transmitter retransmits the return to the IRS. Within 48 hours of electronically sending your return to IRS, the IRS sends an acknowledgment to the transmitter stating the return is accepted for processing. This is your proof of filing and assurance that the IRS has your return information. The Authorized IRS e-file Provider then sends Form 8453 to the IRS.If due a refund, you can expect to receive it in approximately three weeks from the acknowledgment date – even faster with Direct Deposit (half the time as when filed on paper). If you owe tax, see “What if I owe Money?” for payment options available this year.

Internal Revenue Service,
Metro Plex 1,
8401 Corporate Drive, Suite 300,
Landover, MD 20785

Forbes. 6/23/2011