The Tax Season Tech Support Scam

The Tax Season Tech Support Scam

Update (April 21): Shortly after this story ran and was picked up by WOWKTV I was contacted (“I need to speak to you”) through LinkedIn by the owner of both websites mentioned in this blog post. However, my replies have not been answered so far.


If you run a small business or are self-employed, you most likely have the tax deadline circled on your calendar (I know I do).

You may also need the services of an accountant, or perhaps, if you are filing directly using one of the popular accounting software, you still could use some assistance.

A company calling itself “Digital Accountants” seems to be the perfect solution. They provide a wide range of services and offer 24/7 support:


Accounting Service for Small Businesses

  • Support for Peachtree®/ Sage®
  • Support for QuickBooks®
  • Cloud hosting for small businesses
  • Bookkeeping outsourcing
  • Financial statements preparation outsourcing
  • Reconciliations of accounts outsourcing
  • Payroll and payroll tax outsourcing
  • Tax Return filings

The page looks completely legitimate and even displays a genuine Intuit Certified ProAdvisor stamp which validates that the site’s owner is a Certified QuickBooks ProAdvisor (even though the site clearly states “We have no affiliation with Intuit”).

Domain Name: DIGITAL-ACCOUNTANTS.COM Registrar URL: Registrant Name: Punit Jindal Registrant Organization: DigitalEco Name Server: NS1.DIGITALECO.COM Name Server: NS2.DIGITALECO.COM


However, before you do business with “Digital ECO LLC” you may want to read a little more about the experience I had.

It started with a tip I received about a company that claimed to be Malwarebytes’ support team. I immediately investigated the matter and found they had registered multiple domains including the one from above, as an accounting services company.

Offering dubious tech support services is one thing, but how would this translate into the accounting world?

I set up to place a call claiming I had issues with my Quicken software and needed help troubleshooting the problem. The site did offer this kind of assistance after all so I thought it was a legitimate reason to call.


Since there was actually no issue at all with either the software or my computer, I was pretty confident I would be told everything was fine and sent on my way.

But that’s not what happened at all. A technician remotely took control of my Mac and found the problem right away after looking at the Console, saying:

your computer is totally messed up!

The Console on a Mac is pretty much the equivalent of the Event Viewer on Windows, a tool which has long been abused by tech suppport scammers who make up all sort of stories involving critical errors and viruses.

In other words, it is perfectly fine to have events getting logged in there, and all computers have them, so it definitely was not a proper diagnostic.


The technician clearly did not know what he was talking about, first saying:

it is infected because I checked the console part

before claiming:

OK, a Mac computer can never get a virus, do you know that?

So what exactly was the problem then? Apparently I was

receiving the bugs from the internet

Pretty vague, isn’t it?

The technician urged me to fix the problems immediately before my computer crashed permanently.

Fixing the Quicken software would cost me $149.99 and “blocking the ways” on the Mac would come at a hefty $299.99


In addition to, the same person also owns


I decided to call this number to find out if the support would be legitimate.

This time around, the set up was slightly different: I was running Quicken on a Windows computer. Silly me, I couldn’t seem to recover the password I’d set up for one my data files. Could someone help me out?


Sadly, the technician wasted no time in saying my computer was infected (hence why the password was not working). He ran a directory listing command in the terminal before pasting a bogus message which included a beautiful typo:


On top of that, there were ‘foreign addresses’ that had hacked into my computer:


The situation was dire and needed immediate attention. They offered me a service that would ‘encrypt’ my IP address:


Regarding the password issue with Quicken®, they said I simply needed to send them the file and they would recover it for me. I’m not sure how I would feel about sending some very sensitive data to people that have just lied to me repeatedly.

There is a famous quote from Benjamin Franklin:

“In this world nothing can be said to be certain, except death and taxes”… and scams!

I reckon it’d be safe to add one more thing to it: scams.

Tech support scammers have diversified their area of ‘expertise’ or perhaps many companies that do  support for all sorts of software have become shady. After all, it’s a number’s game and the quickest way to convert a prospect into a customer is by using cheap tactics or worse, blatant lies.

Case in point, a qualified technician would have had to run a lot more tests, asked detailed questions, etc. all of which take time and expertise. When you have neither of those among your staff, there’s only one option left: to use scare tactics.

Long term, this is not a viable business model as the complaint reports are going to pile up, possible sanctions from advertising networks, or in this case Intuit are likely to come down.

But with a constant flow of new marks, customer satisfaction may not be the highest of priorities.



Jérôme Segura

Principal Threat Researcher