English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Return of the Indian phone scammers!

David Jacoby
Kaspersky Lab Expert
Posted November 21, 12:25  GMT
0.2
 

The title of this blog reminds me of the old zombie horror movies back from the 80-ies, but what im going to write here is more like a comedy. Some of you guys have probably read my blog post about the time when i tricked them into accessing websites under my control, which led to me collecting alot of information about the callers.

After that blog post i didn’t receive any calls... until today. I was sitting in my home office, drinking my daily smoothie and writing on my paper for the Virus Bulletin magazine, and suddenly i hear the phone ringing. I don’t care about that anymore, because i hear that my wife answers the phone, but after a few minutes she enters my room and tells me that "they" are calling again.

As always, i booted up my VMware image with a totally FRESH installation of Windows XP and start talking to the scammers. For you who are not familiar with the scam, please read my other blog post which can be found below because i won’t cover it in this post. http://www.securelist.com/en/blog/208193750/Trying_to_unmask_the_fake_Microsoft_support_scammers

This time the scammers where using some different methods trying to convince me that my compute where infected with some malware. They even gave me the name "Frozen Trojan", and went to Google and tried to look it up for me. But they only ended up on results talking about the bird flue and other biological viruses which i thought was quite entertaining.

What is new is that the scammers are now using a search function within the indexing services for Microsoft Windows to trick victims. They are telling me on the phone that my Software License Service is not working, and thats why my security is failing. They then have me search for the keywords "software warranty", and i do get up a error message saying "Service is not running".

After this they transfer a file to my computer, which they say is the "state of the art" security scanning software. The software is called "Advanced Windows Care 2 Personal", and when they scan my freshly installed Windows XP, not FRESHLY INSTALLED computer they still find tons of problems.

The scammers they continue, just as last time that they can offer me the best solution. They even tell me that if i don’t fix this problem, this virus can infect my printer, camera and other devices which are connected. But the solution is not far away, if i only pay for a "Subscription Fee", everything will be fine! The program is for free, but i need to pay for the subscription. The prices they told me are very high.

  • 2 years for 245 eur
  • 3 years for 345 eur
  • 4 years for 445 eur
  • 10-15 years for 501 eur

Finally, they want to go through with the payment, and we visit their landing page, which this time looks like this:

At this time i also play along, and tell them that my credit card is not working, but i have a backup on my webserver, and i try to access this file. Once again the file only contains the string: "Permission Denied, you are trying to access a restricted file via a proxy! Try from another computer!", and after about 20 minutes i get the scammers to try from their side, and i get their IP number... *AGAIN*

115.xxx.xxx.xxx - - [21/Nov/2012:10:19:18 +0100] "GET /xxx/.txt HTTP/1.1" 200 422 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11".

All information has been sent over to law enforcement. I just think its strange that they keep calling. I want to ask everyone who is reading this post to tell their relatives and friends about this, so they are aware that they phone scammers are still calling people.


12 comments

Oldest first
Threaded view
 

Donna J.Marn

2012 Nov 21, 20:11
1
 

They Never Went Anywhere

These people don't leave,unless they are arrested,and put in prison.

Reply    

Donna J.Marn

2012 Nov 21, 20:20
1
 

Maybe this is the problem

Army strengthens ties with Native American tribes
November 15, 2012...Maybe this is the Problem!

Reply    

fp

2012 Nov 21, 22:50
1
 

Good trap!I mean trick shown above. :)

It is always dilema to share publicly, because they are simple and effective.

Reply    

sachinr

2012 Nov 22, 11:02
1
 

India.

Courtesy : Google
kolkata.quikr.com › Jobs › BPO - Call Center - KPO › Gariya
14 May 2012 – Company Name: SOUTHEND PC SOLUTION. Function: Customer Service / B... Designation: Customer Sales Execu... Education: Class 12 ...

kolkata.quikr.com › Jobs › BPO - Call Center - KPO
5 Jul 2012 – Company Name: SOUTHEND PC SOLUTION. Function: Customer Service / B... Designation: Customer Sales Execu... Education: Class 12 ...

On the same IP : creativesolutionsonline.net

Reply    

mustu

2012 Nov 22, 14:23
1
 

If they know Virtualization

Video Device: VMware SVGA II

If the scammer knows a little bit about Vmware he can be alerted by seeing it's a VM. No one uses a VM as primary OS.

Reply    

joand

2012 Nov 27, 02:18
1
 

these are nigerian scammers

i am sure these are Nigerien scammers not Indian . In india they get arrested for these scams usually now then .

Reply    

westiesrus

2013 Feb 04, 07:17
1
 

Frauds are Alive well in US using Western Union! Police DONT CARE!

They got me! I tried to file a police report but they really dont care said nothing they could do!! They had my router name, secure (or what I thought was secure computer information) and led me through the same set of steps to show me that my computer was over 96% infected despite having latest Kaspersky Lab, etc. They said my Hi-Def anti virus s/w had expired that's where the virus's had entered even though I dont download, etc. Only thing I do is Facebook and maybe play a couple slot machine sites. Using a site that I checked 3 times that seems like a real Microsoft Windows site. After they scare you into signing up for their service and go into your computer (still havent figured out what they did-- which terrifies me bc I granted them access!) and charge you via Western Union, thus starts the scam-- they re-charge and recharge your account until you figure it out! Thankfully, I caught on the 2nd charge before they could pick it up-- which obviously PISSED them off bc they then went into my email sent out viruses to my entire contact list! Western Union told me they have done this to close to 100,000 people I have changed all my passwords, etc. Hoping Kaspersky will protect the rest. Reloaded it crossing fingers. DONT BELIEVE ANYONE WHO CALLS EVEN IF THEY SAY THEY ARE FROM MICROSOFT/WINDOWS have your account information!! Here is a hint too... they will have a fake extension on end of the Windows page you go to select their protection program much like the email address they used to send all the viruses from my account:

Reply    

Janelle R.

2014 Mar 13, 21:03
0
 

Re: Frauds are Alive well in US using Western Union! Police DONT CARE!

This just happened to me this morning.. They have been calling for months....

Reply    

mark117

2013 Feb 19, 18:26
0
 

frozen trojan

Hi David Jacoby

very entertaining and interesting read,
i did read your last post also about the other scammers,
the bit in this one about frozen Trojan lol
i don't know how you kept a straight face/voice in your case,
the reality is very real as a friend of mine had the same thing happen to
them about 2-3 months ago, all they really did was to clean up the
temp folders to speed up his PC,
mad thing is he paid them for this service, and the only reason he was alerted
to the scam was because they tried to obtain 1 more payment out of
his account about a month later, and the bank phoned him to let him know that
someone was trying to authorize another payment, he blocked it, "good of the
bank though" i could have cleaned up his system as it was running slowly,
hence that's how they convinced him to let them remotely connect, from now on
though i have told him to ring me, and to NEVER accept help over the phone
from anybody claiming to be Microsoft and the like...
mark117

Reply    

mark117

2013 Feb 19, 19:10
0
 

best vmware

hi David,
would you be able to advise us on the best vmware that we can use free or paid for
i have heard that oracles virtual box is OK too, but any input you can give would be really appreciated,
im currently running an
Amilo Li 2727 notebook,
500GB hard drive sata
3GB RAM
ON
Windows 7 Ultimate x86 (32-Bit) retail purchased and legit
Windows 7 Ultimate x64 (64-Bit)
you see you get both discs when bought out shop x86 x64
thank you and any advice help appreciated
also running yearly subscription to
Kaspersky PURE 2.0
mark117

Reply    

David Jacoby

2013 Oct 11, 13:18
0
 

Re: best vmware

Hi Mark,

I dont think it really matters which one you use.

Reply    

Janelle R.

2014 Mar 13, 20:58
0
 

They just called me today...

12-312-345-6789 / 1980 / 121-277-7326 / These numbers pop up when they call me, they called this morning. THey have been calling me for months now... The first time they called I totally fell for their tricks. But not since then. But because I was not willing to pay for the program, I think that is why they keep calling.

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share