You may recall a post I wrote back in April about fake Microsoft phone support calls. I had received a call from scammers whose job was to trick me into buying a bogus program for 'only' $299. When they saw I was not willing to pay, they got mad and deleted documents and pictures off my (virtual) machine before cutting me off in a very rude way. Well, this time we meet again, but on different terms: I am the one calling them and I make sure I'm collecting as much evidence as possible before waving good bye.
Update: GoDaddy has taken action to remove ownership of that domain name.
It all started with a pop up, warning me that my computer was infected. I decided to call to find out more about this scam. Unfortunately, I got a voice mail and was a little disappointed. I still left a few messages so perhaps they would call me back. Anyway, the next morning I tried again and got through that time. The man on the phone was quite nice (all things considered) and did not even bother with the sales pitch: just what I like, straight to the point. Our first step was to launch a legitimate program (TeamViewer) so that he could remotely take control of my PC and run a program to scan for viruses. I'm really excited to see what it's going to find!
To say these are false positives is an understatement. These entries are made up since I am running a clean system (Virtual Machine). Also, this was the fastest scan(m) ever only taking 2 seconds: clearly not a good sign. The guy had me where he wanted as he's about to get me to pay. I know this is a critical step and he's probably going to destroy evidence of the bogus program he just installed and ran. Before he does that, I take control and terminate the TeamViewer session in a hard way:
Secondly, by having Terms and Conditions that basically say this is indeed not real. Mind you, they are quite hard to read (tiny black font on blue background):
So here they are in full:
"Terms and Conditions: We are not affiliated in any way with Microsoft, all registered trademarks of their respective owners. All trademarks on this web site whether registered or not, are the property of their respective owners. The authors of this web site are not sponsored by or affiliated with any of the third-party trade mark or third-party registered trade mark owners, and make no representations about them, their owners, their products or services. It is important to note that this site and the image depicted above are to be used as an illustrative example. This website and any page on the website, is based loosely off a true story, but has been modified in multiple ways. Thus, this page, and any page on this website, is not to be taken literally or as a non-fiction story.Allonlinemedia.com distributes advertisements from third party software, toolbars, browser add-ons, game applications, pop-up and other types of applications."
What about the technician’s analysis? The program he was using to scan my computer is not terribly sophisticated to say the least:
One thing is for sure, it is very lightweight and will not use much CPU. However, its database is stuffed with false positives which aren’t just accidents, but clearly used to add some drama. At the end of the road there goes the same PC support plan with a cost of $179.99 in this case:
All of their websites are using private registration to mask their identify and location:
Besides the fake virus ones, you will find those "work from home" quick money schemes: