Have you been locked out of an account due to entering the wrong password too many times? That was rhetorical; unless your password is "password" (and it better not be) everyone has managed to lock themselves out. Even someone using "password" can manage it if they don't realize Caps Lock is on. But here's the real question - why don't hackers get locked out when attempting to get into their victim's accounts?

If you've been watching USA's new serious Mr. Robot you might be under the belief that, like Elliott, hackers research you and then using a well thought out plan they try passwords that include information about your birth date, family, pets, sports teams, nicknames, address/phone numbers, etc until they find the magic combination to your password.  That scenario doesn't hold water when you look at the facts of an account lockout - it doesn't matter if it's you or a hacker if the lockout says 5 tries and you're locked out, that's what's going to happen.  Even the few variables listed above amount to thousands of options.

So how do hackers do it?

One way is to get your system infected with spyware that steals your usernames and passwords and send them back to the hacker.  Typically the person stealing the passwords will not be the person using them, although in Orange County California in 2008 a student used spyware to steal administration usernames and passwords in order to change his grades.  More often the person stealing them plans on selling your usernames and passwords to others for use later.  In this case the hacker is dependent on people to get infected with their spyware hence the number of usernames and passwords they acquire can be hit or miss, less passwords equates to a smaller payday.  To assure themselves of a larger number of passwords to sell they employ the next method.

The second mothed is what is called an offline attack.  You have an online account, your account information along with thousands of others is stored on that company's server; that company is taking proper security measures and all the stored account information is encrypted.  Along comes a hacker who steals that encrypted file.  Once the hacker has the encrypted file he begins using a variety of tools against the encryption.  This process has absolutely nothing to do with a trial and error process of figuring out your password.  The hacker patiently waits as his tools work away on those passwords until they are revealed.  The longer it takes for the original company to discover the breach, then the theft of the file, followed by the disclosure to their users, the longer the file has value.  From there the hacker will work to sell his ill-gotten information and move on to the next breach.

So there it is in a nutshell and once again TV and movies have steered you wrong when it comes to the real life of a hacker. But how fun would it be if they showed the reality of a hacker who starts his computer working against the encrypted file then walks away for a while - not exactly must see TV.

Today we did an experiment with an Internet Tech Support Scam that is reportedly being found online by many in the Reno Sparks area.  Below is a screenshot of what first appears when you happen upon the website at online-system-scan.net.

More than likely you were redirected here by a malicious advertisement on another website or a redirect from a fake article; you know all those interesting top 10 articles that look too tempting not to click on, well some of them are not so innocuous.

This can't be good, right...  Whether you click "OK" or click on the "X" the same screen appears.

Well this looks like things just went from bad to worse.  My Windows 7 license has expired?!? What?!?  My computer has been locked?!?!  What do I do - I guess I have to call that number.

Whoa, whoa, whoa hold your horses and definitely don't call that number!   (Although in all honesty we did call that number with KTVN Reporter Erin Breen, on a completely secure computer with a fresh install of Windows to show her what these scam artists attempt to do to unsuspecting victims.)

This also brings up an interesting turn in Microsoft's business model; Microsoft has been working to change as many people as possible over to a subscription based option for their Office products, however that does not apply to the Operating System.  Clearly these guys are hoping to play on people's confusion with having a subscription for Microsoft Office that does expire with the Operating System license that came with your computer.

The bottom of the above image shows a check box, "Prevent this page from creating additional dialogs." this only appears when using Chrome as your browser, if you're using IE closing the dialog box is a different matter.  This also gives a hint that English may not be the author's first language.

Here is the full image of the blue screen:

Ok, so now it's a bit funny because it's actually calling itself "BSOD" Blue Screen of Death, which is more of an off hand term used to describe a PC with major issues than a real piece of diagnostic information.  But perhaps we've bantered around the term for long enough that is seems like a diagnosis in and of itself.

"Error 333 Registry Failure of Operating System" seems pretty serious, but is that really what an error 333 is?  Not so much.  Event ID 333 is a System event error log that occurs when the registry is unable to complete a flush operation to the disk; put another way error 333 is seen when the computer has too many things going on and as a result there is competition for access to disk space.

Ok so if the Error 333 is bogus what about the "Error 0X000000CE"?  This is a rather generic error that happens for a variety of reasons, normally it's from an old hardware driver needing to be updated, or it can be just the opposite and there is something wrong with the latest release of a driver. The error normally includes the file that failed which gives you more information on the exact file causing the problem.

Well now that we know the entire webpage is just scary mumbo jumbo how do we get out of it?

When the "X" in the corner doesn't work your next best bet is to right click on the task bar at the bottom and go to Task Manager, where you should be able to go under Applications, select the browser you were in and hit "End Task".  If the popups have your computer tied into so many knots that you can't do anything, hit the reset button on your computer.

As mentioned above we did call the tech support number listed with Erin Breen from KTVN.  We let her do all the talking with the tech who, somewhat unbelievably, did claim to be with Microsoft.  I've certainly heard of them doing this, but this is the first time I'd heard it for myself.

After the call we dug further into who this online-system-scan.net / 800-901-6142 company really is and found some interesting things.

First we looked into online-system-scan.net and found their IP address, which we then we to the American Registry for Internet Numbers to determine who owns that particular IP.  Turns out that IP address belongs to RackSpace, which is where the website is being hosted; what's unusual about this is that it's being hosted domestically, rather than in a foreign country.  Most of these kinds of scams are run from overseas as it is harder for law enforcement to shut them down as they did in the OMG Tech Help case out of Florida.

Next we looked into the domain registration history of online-system-scan.net; domain privacy is enabled so there's not a lot of information there other than it is a new domain, created June 12, 2015.  Whenever looking into these kinds of cases you nearly always find that the domain being used is less than 6 months old and will be blacklisted soon enough to be good only for a short amount of time.  Domain names themselves are so inexpensive that this is likely the smallest amount spent by scammers and as a result are easily disposed of and replaced once the blacklisting starts.

Having learned what we could from the domain we looked into the phone number and found an older likely abandoned, but not yet completely gone from the Internet website acting as a sub-domain under soup.io.  For all those who are curious .io is the top level domain county code for the British Indian Ocean.

The page is mostly broken, but the interesting pieces are the handle at the top "casumyrco31" and the Dutch at the bottom. Unfortunately this handle takes us almost no where, the only other time it's found in use is also in Dutch selling some kind of Acai Berry something.

The next listing we found for the phone number actually comes with a name, TechPCdoc, too bad techpcdoc.com doesn't exist, but hey it's a step towards a name of some kind.

The last listing we found showing the tech support number is also offering tech support, only this person is doing it repeatedly through different forums.  See below where it is being used in response to a Skype question and again this comes with an interesting handle.

That is not a legitimate Skype's support number either.  It actually appears to most recently be a debt collector.

Looking up information on the handle krazeeme612 yields a lot more interesting results.  For one, this person answers a lot of online questions on a whole variety of subjects.  On the same website above this person has answered things from tech support to getting baptisms.  Being a unique name it is unlikely there is more than one person using the handle; however unless you are Leroy Jethro Gibbs I suppose we must say that a coincidence is possible.  I say that because the one listing I found using this handle with identifiable information in it is below.

Is it possible it's a different person? I will have to say yes.  Is it highly unlikely?  I'm going to go with another yes on that one.  It obviously doesn't answer who krazeeme612 is, or why she / he is specifically suggesting people call in to the tech support at 800-901-6142.  What we do know is that the offending website is hosted domestically and this person lives in the US and is suggesting people call what may or may not be TechPCdoc.  That's certainly a place for law enforcement to start and it would be a great victory for the public to take down another tech support scam company.

What should you do if you believe you've been scammed?

There are several things you should do:

First if you’ve found this article and are still on the line with them hang up now and cut off their remote access.  If you’re unsure how to cut their remote access, the sure fire way is to unplug your computer from the Internet and/or disconnect the wifi. If you're unsure of how to do this quickly holding the power button on your computer until it shuts down completely also works. As many of the remote support software programs automatically reconnect after a reboot it's best to take it to a professional or be sure the computer will not connect to the Internet when you turn it back on.

If you’ve already had this happen, called them, given them access to your computer, paid them money or not, there are several places you should report them to.   File complaints with the FTC, Fraud.Org the National Consumers League, your local Attorney General, and if you’ve been defrauded of money your local law enforcement as well.  Fraud.Org is an especially good one to file with as they work to share information with many jurisdictions.  Local law enforcement is harder as they really only deal locally and scams like this work on a global scale not a local one.

You will also want to have your computer checked out by a local technical company in case anything malicious was installed on your computer during the so-called technical support.

It is always advisable to do business with a local computer company, you never know what you’re going to find on the other end of that Internet / phone connection!

Additional reading on Tech Support Scams -

• Tech Support Scams - Don't Call That Number
• Research Report On Ad Injectors
• Do You Know What Malvertising Is?
• Social Engineering Leaves Everyone Vulnerable