Internet Tech Support Scams – From Our Interview With Erin Breen of KTVN

Today we did an experiment with an Internet Tech Support Scam that is reportedly being found online by many in the Reno Sparks area.  Below is a screenshot of what first appears when you happen upon the website at online-system-scan.net.

online-system1 More than likely you were redirected here by a malicious advertisement on another website or a redirect from a fake article; you know all those interesting top 10 articles that look too tempting not to click on, well some of them are not so innocuous.

This can't be good, right...  Whether you click "OK" or click on the "X" the same screen appears.

online-system2 Well this looks like things just went from bad to worse.  My Windows 7 license has expired?!? What?!?  My computer has been locked?!?!  What do I do - I guess I have to call that number.

Whoa, whoa, whoa hold your horses and definitely don't call that number!   (Although in all honesty we did call that number with KTVN Reporter Erin Breen, on a completely secure computer with a fresh install of Windows to show her what these scam artists attempt to do to unsuspecting victims.)

This also brings up an interesting turn in Microsoft's business model; Microsoft has been working to change as many people as possible over to a subscription based option for their Office products, however that does not apply to the Operating System.  Clearly these guys are hoping to play on people's confusion with having a subscription for Microsoft Office that does expire with the Operating System license that came with your computer.

The bottom of the above image shows a check box, "Prevent this page from creating additional dialogs." this only appears when using Chrome as your browser, if you're using IE closing the dialog box is a different matter.  This also gives a hint that English may not be the author's first language.

Here is the full image of the blue screen:

online-system3 Ok, so now it's a bit funny because it's actually calling itself "BSOD" Blue Screen of Death, which is more of an off hand term used to describe a PC with major issues than a real piece of diagnostic information.  But perhaps we've bantered around the term for long enough that is seems like a diagnosis in and of itself.

"Error 333 Registry Failure of Operating System" seems pretty serious, but is that really what an error 333 is?  Not so much.  Event ID 333 is a System event error log that occurs when the registry is unable to complete a flush operation to the disk; put another way error 333 is seen when the computer has too many things going on and as a result there is competition for access to disk space.

Ok so if the Error 333 is bogus what about the "Error 0X000000CE"?  This is a rather generic error that happens for a variety of reasons, normally it's from an old hardware driver needing to be updated, or it can be just the opposite and there is something wrong with the latest release of a driver. The error normally includes the file that failed which gives you more information on the exact file causing the problem.

Well now that we know the entire webpage is just scary mumbo jumbo how do we get out of it?

When the "X" in the corner doesn't work your next best bet is to right click on the task bar at the bottom and go to Task Manager, where you should be able to go under Applications, select the browser you were in and hit "End Task".  If the popups have your computer tied into so many knots that you can't do anything, hit the reset button on your computer.

As mentioned above we did call the tech support number listed with Erin Breen from KTVN.  We let her do all the talking with the tech who, somewhat unbelievably, did claim to be with Microsoft.  I've certainly heard of them doing this, but this is the first time I'd heard it for myself.

After the call we dug further into who this online-system-scan.net / 800-901-6142 company really is and found some interesting things.

First we looked into online-system-scan.net and found their IP address, which we then we to the American Registry for Internet Numbers to determine who owns that particular IP.  Turns out that IP address belongs to RackSpace, which is where the website is being hosted; what's unusual about this is that it's being hosted domestically, rather than in a foreign country.  Most of these kinds of scams are run from overseas as it is harder for law enforcement to shut them down as they did in the OMG Tech Help case out of Florida.

Next we looked into the domain registration history of online-system-scan.net; domain privacy is enabled so there's not a lot of information there other than it is a new domain, created June 12, 2015.  Whenever looking into these kinds of cases you nearly always find that the domain being used is less than 6 months old and will be blacklisted soon enough to be good only for a short amount of time.  Domain names themselves are so inexpensive that this is likely the smallest amount spent by scammers and as a result are easily disposed of and replaced once the blacklisting starts.

Having learned what we could from the domain we looked into the phone number and found an older likely abandoned, but not yet completely gone from the Internet website acting as a sub-domain under soup.io.  For all those who are curious .io is the top level domain county code for the British Indian Ocean.

online-system6 The page is mostly broken, but the interesting pieces are the handle at the top "casumyrco31" and the Dutch at the bottom. Unfortunately this handle takes us almost no where, the only other time it's found in use is also in Dutch selling some kind of Acai Berry something.

The next listing we found for the phone number actually comes with a name, TechPCdoc, too bad techpcdoc.com doesn't exist, but hey it's a step towards a name of some kind.

online-system9 The last listing we found showing the tech support number is also offering tech support, only this person is doing it repeatedly through different forums.  See below where it is being used in response to a Skype question and again this comes with an interesting handle.

online-system8 That is not a legitimate Skype's support number either.  It actually appears to most recently be a debt collector.

Looking up information on the handle krazeeme612 yields a lot more interesting results.  For one, this person answers a lot of online questions on a whole variety of subjects.  On the same website above this person has answered things from tech support to getting baptisms.  Being a unique name it is unlikely there is more than one person using the handle; however unless you are Leroy Jethro Gibbs I suppose we must say that a coincidence is possible.  I say that because the one listing I found using this handle with identifiable information in it is below.

online-system11

Is it possible it's a different person? I will have to say yes.  Is it highly unlikely?  I'm going to go with another yes on that one.  It obviously doesn't answer who krazeeme612 is, or why she / he is specifically suggesting people call in to the tech support at 800-901-6142.  What we do know is that the offending website is hosted domestically and this person lives in the US and is suggesting people call what may or may not be TechPCdoc.  That's certainly a place for law enforcement to start and it would be a great victory for the public to take down another tech support scam company.

What should you do if you believe you've been scammed?

There are several things you should do:

First if you’ve found this article and are still on the line with them hang up now and cut off their remote access.  If you’re unsure how to cut their remote access, the sure fire way is to unplug your computer from the Internet and/or disconnect the wifi. If you're unsure of how to do this quickly holding the power button on your computer until it shuts down completely also works. As many of the remote support software programs automatically reconnect after a reboot it's best to take it to a professional or be sure the computer will not connect to the Internet when you turn it back on.

If you’ve already had this happen, called them, given them access to your computer, paid them money or not, there are several places you should report them to.   File complaints with the FTC, Fraud.Org the National Consumers League, your local Attorney General, and if you’ve been defrauded of money your local law enforcement as well.  Fraud.Org is an especially good one to file with as they work to share information with many jurisdictions.  Local law enforcement is harder as they really only deal locally and scams like this work on a global scale not a local one.

You will also want to have your computer checked out by a local technical company in case anything malicious was installed on your computer during the so-called technical support.

It is always advisable to do business with a local computer company, you never know what you’re going to find on the other end of that Internet / phone connection!

Additional reading on Tech Support Scams -

Read more...

Great News In The Battle Against Tech Support Scams

  • Published in Security

November 10, 2014 the Federal Trade Commission along with local Delray Beach Florida law enforcement raided the facilities of OMG Tech Help and Vast Tech Support; effectively closing down these and related businesses for engaging in deceptive business practices by running “a multi-million dollar computer repair scheme that exploits consumers’ fears about computer viruses, malware and other security threats.”

This is a huge win for consumers who, as the TRO Motion makes clear, have been bilked out of millions of dollars by fraudsters tricking people into paying for unnecessary tech support services or software. Included in the TRO is “an asset freeze” to allow for “equitable relief” for those victimized by this scam.

Tech support scams have been a growing industry in the past few years and we’ve written about them several times. Our advice has always been the same, take your computer or server to someone local, don’t trust the calls, emails or popups you receive.

For more information on how these scams are perpetrated read our article Tech Support Scams - Don't be a Victim. 

In the case of OMG Tech Help and Vast Tech Support the scam works through a free downloadable program called PC HealthBoost (see above image); the software was developed by and is maintained by Boost Software of Massachusetts and they are included in the TRO. The software is marketed, if you can call it that, through paid for ads and popups on websites.

pc-healthboost Screenshot of PC HealthBoost software scam.[/caption]

From the FTC, “Upon downloading a free version of the product, the product automatically initiates a bogus computer system scan that invariably detects hundreds or thousands of purported “errors ” in need of repair. PC HealthBoost’s bogus free scan falsely identifies innocuous and helpful files as “errors”. The Boost Defendants then offer consumers the opportunity to “fix” these errors by downloading the paid version of the software for $29.97. After duping consumers into purchasing the paid version of PC HealthBoost, the software instructs consumers to call a toll free phone number to activate the product.”

For details on some of the innocuous items identified as errors, as well as how the remote access section of the scam works see our article.

It is through the need to activate the product that the scam transitions from Boost Software to OMG Tech Help and Vast Tech Support. Now you’re in the hands of the next step of the scheme to “extract additional money from unsuspecting consumers”.

As a part of the activation the telemarketer finds a way to get you to allow them to have remote access. Once remote access was gained to the intended victims’ computers they “tricked consumers into believing that their computers are riddled with problems and in imminent danger of crashing, the telemarketers then pitch the services of technicians, including repairs and long-term maintenance programs. The Vast Defendants recommend and charge for repairs even when computers are in good working order and have no issues. Through the course of the scheme, the Boost and Vast Defendants have caused more than $22 million in consumer injury.” (emphasis added)

Vast is reported to have operated under multiple dbas including OMG Tech Help, OMG Total Protection, OMG Back Up, dowloadsoftware.com and softwaretechsupport.com.

To put that $22 million in consumer injury into perspective, consider the President of OMG Tech Help Jon-Paul Vasta’s LinkedIn Profile.

Vast Vast_Experience

That's $22 million in not even 3 years of running this scam.

Near the end the TRO gives us another encouraging bit of information, “Before founding Vast, JP Vasta worked for Inbound Call Experts, another computer repair scheme operating out of Boca Raton subject to an FTC and State of Florida enforcement action filed simultaneously with this case.”

While it is good news that it appears a second computer repair scheme is also out of business the damage caused by Inbound Call Experts dba Advanced Tech Support, appears to be even larger than OMG Tech Help. Consumer’s reported paying $150 – $500 for each phony repair, coming to a total of nearly $100 million in revenue from consumers.

Employer review site GlassDoor.com may offers a glimpse at what Inbound Call Experts was all about. From September 2, 2014 “Former Employee…you feel like you are taking money from people who don’t have it for things they don’t need.”

The related companies in the Inbound Call Experts case are coast to coast, from Advanced Tech Support in Florida to PC Cleaner, Inc. and Netcom3, Inc. in California. The combined defendants had approximately 150 domains that they would use to lure victims in. The domains include:

  • freetechsupport.com
  • advancedtechsupport.com
  • malwareexperts.com
  • pcmri.com
  • pcmriforlife.com
  • superpcsupport.com
  • pcvitalware.com
  • fix22.com
  • fixme1.com

These defendants would “partner with computer security software companies to purportedly provide technical support for particular software. In those instances, unbeknownst to the consumer the defendants pay for the phone number that appears on the software partner’s website. When consumers call the software company for assistance with a particular product, rather than reaching that software developer, they reach ICE/ATS.”

One of the downloadable programs offered specifically by PC Cleaner, Inc. which claims to show infections, but instead uses false information to trick the victim has been downloaded by users more than 450,000 times between 2011 and 2013 per the FTC filing.

This is great news for consumers everywhere! But remember these two aren't the only companies working this scam online. It’s always best to take your computer to a local trusted company!

Top Speed Computer Service's South Reno Office Top Speed's South Reno Office

Read more...
Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

800 South Meadows Parkway

Suite 600

Reno, NV 89521

Log in or Sign up