Internet threat level: 1
Home→Blog→Events→November 21 2012→Return of the Indian phone scammers!
The title of this blog reminds me of the old zombie horror movies back from the 80-ies, but what im going to write here is more like a comedy. Some of you guys have probably read my blog post about the time when i tricked them into accessing websites under my control, which led to me collecting alot of information about the callers.
After that blog post i didn’t receive any calls... until today. I was sitting in my home office, drinking my daily smoothie and writing on my paper for the Virus Bulletin magazine, and suddenly i hear the phone ringing. I don’t care about that anymore, because i hear that my wife answers the phone, but after a few minutes she enters my room and tells me that "they" are calling again.
As always, i booted up my VMware image with a totally FRESH installation of Windows XP and start talking to the scammers. For you who are not familiar with the scam, please read my other blog post which can be found below because i won’t cover it in this post. http://www.securelist.com/en/blog/208193750/Trying_to_unmask_the_fake_Microsoft_support_scammers
This time the scammers where using some different methods trying to convince me that my compute where infected with some malware. They even gave me the name "Frozen Trojan", and went to Google and tried to look it up for me. But they only ended up on results talking about the bird flue and other biological viruses which i thought was quite entertaining.
What is new is that the scammers are now using a search function within the indexing services for Microsoft Windows to trick victims. They are telling me on the phone that my Software License Service is not working, and thats why my security is failing. They then have me search for the keywords "software warranty", and i do get up a error message saying "Service is not running".
After this they transfer a file to my computer, which they say is the "state of the art" security scanning software. The software is called "Advanced Windows Care 2 Personal", and when they scan my freshly installed Windows XP, not FRESHLY INSTALLED computer they still find tons of problems.
The scammers they continue, just as last time that they can offer me the best solution. They even tell me that if i don’t fix this problem, this virus can infect my printer, camera and other devices which are connected. But the solution is not far away, if i only pay for a "Subscription Fee", everything will be fine! The program is for free, but i need to pay for the subscription. The prices they told me are very high.
- 2 years for 245 eur
- 3 years for 345 eur
- 4 years for 445 eur
- 10-15 years for 501 eur
Finally, they want to go through with the payment, and we visit their landing page, which this time looks like this:
At this time i also play along, and tell them that my credit card is not working, but i have a backup on my webserver, and i try to access this file. Once again the file only contains the string: "Permission Denied, you are trying to access a restricted file via a proxy! Try from another computer!", and after about 20 minutes i get the scammers to try from their side, and i get their IP number... *AGAIN*
115.xxx.xxx.xxx - - [21/Nov/2012:10:19:18 +0100] "GET /xxx/
All information has been sent over to law enforcement. I just think its strange that they keep calling. I want to ask everyone who is reading this post to tell their relatives and friends about this, so they are aware that they phone scammers are still calling people.
2012 Nov 21, 20:11
|
|
2012 Nov 21, 20:20
Maybe this is the problem Army strengthens ties with Native American tribes |
|
2012 Nov 21, 22:50
Good trap!I mean trick shown above. :) It is always dilema to share publicly, because they are simple and effective. |
|
2012 Nov 22, 11:02
India. Courtesy : Google |
|
2012 Nov 22, 14:23
If they know Virtualization Video Device: VMware SVGA II |
|
2012 Nov 27, 02:18
these are nigerian scammers i am sure these are Nigerien scammers not Indian . In india they get arrested for these scams usually now then . |
|
2013 Feb 04, 07:17
Frauds are Alive well in US using Western Union! Police DONT CARE! They got me! I tried to file a police report but they really dont care said nothing they could do!! They had my router name, secure (or what I thought was secure computer information) and led me through the same set of steps to show me that my computer was over 96% infected despite having latest Kaspersky Lab, etc. They said my Hi-Def anti virus s/w had expired that's where the virus's had entered even though I dont download, etc. Only thing I do is Facebook and maybe play a couple slot machine sites. Using a site that I checked 3 times that seems like a real Microsoft Windows site. After they scare you into signing up for their service and go into your computer (still havent figured out what they did-- which terrifies me bc I granted them access!) and charge you via Western Union, thus starts the scam-- they re-charge and recharge your account until you figure it out! Thankfully, I caught on the 2nd charge before they could pick it up-- which obviously PISSED them off bc they then went into my email sent out viruses to my entire contact list! Western Union told me they have done this to close to 100,000 people I have changed all my passwords, etc. Hoping Kaspersky will protect the rest. Reloaded it crossing fingers. DONT BELIEVE ANYONE WHO CALLS EVEN IF THEY SAY THEY ARE FROM MICROSOFT/WINDOWS have your account information!! Here is a hint too... they will have a fake extension on end of the Windows page you go to select their protection program much like the email address they used to send all the viruses from my account: |
|
2013 Feb 19, 18:26
frozen trojan Hi David Jacoby |
|
2013 Feb 19, 19:10
best vmware hi David, |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.