Phone scammers
Today I received a call at about 10:05 to my home landline. I rapidly realised it was some kind of computer based scam and decided to have some fun seeing what they would try and do.
I had great fun doing this but I think that someone who does not understand computer could have easily been taken in.
As in many such scams they claimed to be a company working for Microsoft and offering this free service of finding out what is wrong with my computer as they detected that it was downloading lots of junk files from the internet which were slowing it down. Now our old Windows XP desktop is indeed old and slow and this is quite possibly due to junk. However it was obvious that they were making all this up. So they wanted me to turn my computer on – now obviously I wasn’t going to risk following any instructions on the real computer so I booted my XP VM on my laptop instead (which I will subsequently need to wipe).
Having booted the XP VM and possibly being passed onto a different call centre person. I was given a series of instructions the purpose of which was to prove that the computer had a problem. This involved going to the event viewer in computer administration (Start -> right click on “My Computer” -> Manage -> Event viewer and then to both Application and System. With a little sorting for effect we get a screen something like the following:
I suppose many people might find that quite scary but I have previously looked at such screens and it was what I expected to see.
Having ‘proved’ that there was something wrong with my computer they then proceeded to try and get me to provide greater access to them. This was done by getting me to visit www.logmein123.com and use the code 807932 (which they really didn’t want me to reveal to anyone).
They then got remote access to my computer and went and installed a fake scanner from http://majorgeeks.com/Advanced_WindowsCare_v2_Personal_d4991.html This proceeded to produce some fake results:
They then wanted to see if my “software warranty” had expired as this would be why my computer was “downloading junk files which can’t be removed by anti-virus”.
This was done by opening cmd and doing
cd \ tree
and while tree was running typing “expired.” so that it would appear at the bottom.
At this point they went in for the kill and opened up a form and claimed that “it is a timed http form so we can’t look at it” and that it would “automatically go in 8 minutes so you need to fill it in quickly”.
Obviously I wasn’t going to fill this form in so at that point I revealed that I knew that they were scammers. They denied this and got progressively more angry and incoherent and when I asked to be put through to their supervisor they hung up.
Follow up
Now obviously it is my duty to try and prevent this kind of thing from happening again.
So my first step was to try to find out the number which was used to call me using 1471 but unfortunately this did not work. I then tried the local police but they could not be of any help and they advised me to contact BT unfortunately BT could not help either as it was an international call with no number given.
I then reported relevant URLs to google and the exe to Stop Badware.
I contacted the company behind logmein123.com which seems to be a legitimate company telling them that their services are being abused and requesting comment from them about this. I received a very positive response: “Thanks for the heads up on this. We take this stuff very seriously and will investigate immediately. Any misuse of the product or trials for the purpose you describe is a violation of our terms and immediate grounds for termination of the service. Thank you for sending the PIN as it helps us not only track this down to end their service, it also gives us information we need should we decide to press legal action. …”
Now looking to see whether anyone else has discovered this gogreenpc.net scam I found that they have. So gogreenpc.net is a big scam site. Now I need to work out how to take them out. :-D
The people on #cl on irc.srcf.ucam.org were helpful in providing advice on follow up.
Tags: cold calling, CompSci, con, fraud, gogreenpc.net, logmein123.com, phishing, phone, remote pc access, scam, tech support, virus
July 8th, 2010 at 09:39
Hi,
Was pointed to your article on phone scammers today. In it you referred to http://majorgeeks.com/Advanced_WindowsCare_v2_Personal_d4991.html as a fake scanner.
Bugger. I have had that on my computer for a couple of years. No harm as far as I know but are you telling me it does no good either? It seems to be on free download from many of the recognised software sites.
Are you sure it’s fake?
Nigel
July 8th, 2010 at 09:51
Hello Nigel,
I am fairly sure it is fake: it reports thousands of spurious errors.
I don’t think it does any active harm either.
Daniel
July 9th, 2010 at 22:45
I have not heard of this in the US… yet… but i’m the one guy in the family who is the computer expert. i could see people being taken by this.
thanks
jack
July 31st, 2010 at 07:17
Thanks for that useful info Daniel, i was also contactedat the start of July by a chap called Steven Carter allegedly from Global Cumputer Maintenance Dept. on 020 331 89416 (No no longer works). H esaid that they had been contacted by Microsoft (one of their clients) about an error message that had been sent to them. He wanted to know what operating ystem I had. I was lready quite suspicious by now anyway. He took me through most of the stuff you allude too in your blog. He asked me to run a file called eventvwr and to click on system tab and he asked me to count all the files that said error(there were approx 250 bad files). He then asked me to look at the security tab which showed about 65 failed files, by this time hw expressed his concern about the no of bad files. He said i had a leakage in security. he then wanted me to run a programme called http://www.tedmviewer which enables them to get remote access. i was already suspicious from th start and said i was busy and took his direct no 020 331 82692 (still works). I also asked him if they had a website and he gave me http://www.gogreenpc.net
incidentally the website still says 2009.
He said I could contact him between 9am and 3pm on a Saturday. In fact i call 31st July at 7am but the first number i was given didnt work and when i tried the second no a lady answered sayimg Global Computer Maintenance etc and i heard a little girl in the background!!!
July 31st, 2010 at 14:52
Many thanks Daniel – I googled them on a hunch and found your blog along with several others – they had no accreditation which made me very suspicious.
However I do have a lot of bad files. Any advice on the best way to deal with this? My laptop has got a lot slower recently. Yes it’s old but used to work pretty well.
Thanks again!
July 31st, 2010 at 22:16
Hello Chuck,
With regard to the ‘bad files’ that they found in general these are completely spurious and are in fact perfectly normal files. Now if you look at the ‘Event Viewer’ which they will probably have asked you to do and which will show lots of ‘error’s intermixed with lots of ‘warning’s which could be quite scary if you didn’t know that this is perfectly normal behaviour for a computer. They may also have opened a terminal (black window with white text) and said that this showed lots of ‘bad files’ however when they did this to me then they ran the command ‘tree’ which simply lists all the files that there are on the computer as a tree drawn in text.
So the best way to deal with this problem is to check that you are currently using a good anti-virus and anti-spyware program (I am assuming windows here) and to run a scan on that.
To deal with problems from the computer being slower than it used to be (which tends to happen with windows computers over time and is not completely reversible) you can try de-fragmenting the disk drive. You may also want to go through and uninstall any programs you are no longer using. If you are feeling adventurous then you could try going to Run and typing ‘msconfig’ and then using that tool to reduce the number of things which run all the time. However that is quite DANGEROUS and it is quite easily to leave your computer in a state where it is completely broken by making a mistake with that tool. You might also want to get or use a program to clean your registry but again this is very easy to get wrong in a bad way and is not something which I have personally tried.
Adding more RAM to a computer tends to speed it up a bit: at least temporarily.
I hope this helps,
Daniel
August 26th, 2010 at 10:21
Thanks for putting all this together. My mum phoned me this morning and had been partially taken in. Fortunately she got suspicious once they asked her to pay and refused. Of course now we can’t trust her computer, from this it does sound like the computer should be OK but I’m not going to take the chance. Time for a full re-install before she is allowed to turn it back on!
Great idea doing all this on a VM though.
Thanks again!
November 1st, 2010 at 19:19
I deleted Austin’s post above because it was misleading to the extent of possibly being malicious – I suspect it was written by a phone scammer.
Austin, I am afraid you are greatly mistaken. These people are not phoning because people have problems with their computer, there is no way that these people can know whether or not people have problems with their computer. They are maliciously trying to con people out of their money by falsely giving the impression that there is an existing problem with their computer which this company can fix/prevent.
Daniel
November 18th, 2010 at 06:42
Daniel, thank you for posting this blog. This is what the internet should be used for — the transfer of information to help others — not spamming, scamming, and whatevering.
April 1st, 2011 at 14:14
Hi Daniel,
Thanks for this article! You are like a cyber guardian angel. I’ve been contacted remorselessly recently. Of course I suspected it was a scam but it’s nice to have someone who ‘knows their stuff’ confirming it in articles like this.
Incidentally, the last company to phone me called themselves ‘World PC Tech’ & gave the tel no 020 3026 2098. I don’t know if this is any use to you in your noble quest.
Keep up the good work!
Brea
July 28th, 2011 at 19:41
Hi Daniel,
I am writing an article for Which? looking (rather belatedly) into this scam.
Would you be willing to have a chat about it to warn readers about what to look out for and the potential dangers? Happy to call at your convenience any time over the next week.
Fingers crossed and thanks in advance,
Stewart
July 28th, 2011 at 21:17
Stewart: I have sent you an email. Good luck with your article.
September 21st, 2011 at 02:27
I allowed remote access, but didn’t pay for anything or give any banking info. #1 what is the name of the program they might have installed? #2 what harm might it have done?
September 24th, 2011 at 13:10
I don’t know what the name of the program might be if it was the same as the one I encountered then I doubt it will have done much harm – but I can’t be sure of that.