Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Beware of phone telephone scammers calling on behalf of Google


  • Please log in to reply
16 replies to this topic

#1 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 40,186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 AM

Posted 15 May 2012 - 09:06 AM

A new phone scam is underway where people are receiving phone calls by people who state that they calling on behalf of Google. These callers state that they received your name and number from the Google Database and that Google had detected that your computer was infected or had a problem. They further stated that they worked for Gooseberry Tech, who has a partnership with Google to offer a free remote troubleshooting evaluation of your computer. If you agree to this evaluation, they will have you download TeamViewer and will then use it to take remote control of your computer. They will then proceed to poke around your computer, look at event viewer, and check your programs. While doing this they will point out "serious" and "alarming" problems on your computer. When they are done scaring you, they go in for the kill by trying to sell you a one-time fix, for $100, or a maintenance contract for $199.

This is not the first time phone scammers have pretended to be from large companies and offering free troubleshooting services. In the past, phone scammers were calling people and stating that they were from Microsoft who had detected that their computer had a problem. They would then offer to remotely fix their computer for a fee. Eventually Microsoft caught wind of this scam and warned about these scammers on their Windows blog.

I was first alerted to this when a friend said they were infected with the Smart HDD rogue anti-spyware program. They were concerned because they thought the Smart HDD warnings were legitimate and entered their credit card information and phone number. The credit card did not go through, so I alerted him to contact his credit card company and if he chose to keep the same credit card number to at least keep an eye on any charges. The next day, he received a phone call from 321-329-5304 on the same mobile number that he entered on the Smart HDD screen. He told me that the person calling had an Indian accent and was telling him that that they were calling on behalf of Google because it appears that he had a computer infection. He then tried to have him install the TeamViewer software so that they could remotely connect to their computer. Thankfully, my friend realized that something did not sound right, hung up the phone, and called me.

I did a little research on the number and saw that he was not the first person who has had a call from these people. In fact there were other complaints regarding this number and a company called Gooseberry Tech. I started up a Windows XP virtual machine, infected myself with Windows ProSecurity Scanner and gave them a call. A man with an Indian accent named John answered and I explained that I received a phone call from them a few days ago and decided I still needed help. I explained that I think I was infected and he had me go to the site http://www.gbdl.tk/ where I was asked to download and install TeamViewer.

Once TeamViewer was installed, they remotely took control of my computer and started poking around. It was fairly obvious from the beginning that John had absolutely no idea what he was doing. He couldn't understand why Windows ProSecurity Scanner would open when he attempted to run Internet Explorer or Windows Task Manager. I sat there for about 5 minutes watching him continue to try and open these two programs repeatedly until I hinted that it was probably the virus interfering. He then proceeded to look over the Windows Event Viewer where he would point out innocuous messages and state that they indicated I had a a severe problem on my computer. After a while, they went in for the kill and asked me to pay for a support contract, which was quickly declined. They said if I still wanted help I could reach them at 1-800-501-0335, 650-204-4405, or 321-329-5304.

When you visit their web site, www.gooseberrytech.com, you can see how they are really pushing a Google affiliation. There are Google logos everywhere and the Gooseberry logo has a very Googly feel to it. In small print under the Gooseberry logo it states that their parent company is iHorse Technologies, which is a remote support company based out of Toronto, Canada. Furthermore, the company phone number listed on the Gooseberry site is the same that I was given, 1-800-501-0334 and 1-800-501-0335. When you do a Google search for 1-800-501-0335, the first search result is for iHorse Technology.

Gooseberrytech.com Screen shot
Gooseberrytech.com Web Site


One alarming thing I have noticed is a connection between these phone calls and the rogue anti-spyware program called Smart HDD. In comments found online, a common theme is that people who have become infected with a rogue like SMART HDD, and who may have possibly purchased it or attempted to contact the malware developers, will then receive a phone call from Gooseberry Tech. This will not be the first time that we have suspected rogue developers are working both sides of the fence. There have been hints of rogue developers not only infecting people for profit, but also creating actual removal blogs in order to generate ad revenue and affiliate commissions from the removal of their software.

At 800notes.com, a popular site used by people to report phone numbers used by scammers, there is a topic about the 650-204-4405 number where many people complain about these scammers. One of the replies to this thread is supposedly from the iHorse president in which he states their company is not involved. I have called and emailed iHorse Technologies but have not received any comment back from them.

With this said, beware of any phone calls from people who state that they are calling on behalf of large companies like Microsoft and Google. Microsoft and Google will not call you to offer free phone support or to tell you that your computer is infected. If we receive these calls, promptly hang up and report it to the FCC or other government authority.



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:59 AM

Posted 15 May 2012 - 02:33 PM

Once TeamViewer was installed, they remotely took control of my computer and started poking around. It was fairly obvious from the beginning that John had absolutely no idea what he was doing. He couldn't understand why Windows ProSecurity Scanner would open when he attempted to run Internet Explorer or Windows Task Manager. I sat there for about 5 minutes watching him continue to try and open these two programs repeatedly until I hinted that it was probably the virus interfering.

You made my day with that. :lmao:

It is really sad though that companies go this far to "attract" new customers.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#3 James Litten

James Litten

    Ԁǝǝ˥q


  • BC Advisor
  • 1,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:59 AM

Posted 15 May 2012 - 07:08 PM

Thanks for this.

I just contacted an elderly client who fits the profile of the people who would get one of these calls. I asked them to politely decline and to let me know the number on their caller ID if they receive one of these calls. I'll post the number here if they do get a call.

James

#4 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:12:59 AM

Posted 15 May 2012 - 10:45 PM

I went to check out Gooseberry Website (I was curious) and then went to their download page, and on their download page is Team Viewer Listed. Well I placed my cursor on Team Viewer Link (Picture 1 - Look at link in the bottom left hand corner above the start button) and then clicked the link on a work machine (Picture 2). My company see's that download as Adult Material and got blocked. I find that funny and thought I would share this.


Picture 1

Posted Image


Picture 2

Posted Image
Posted Image

#5 Sani-T-Capt1

Sani-T-Capt1

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:01:59 AM

Posted 16 May 2012 - 08:23 AM

You can Add Chase Bank Scammers to this also but via Phone and on the Internet. Fortunately, the official Chase website has a warning issued about the potential of a pop-up claiming to be from them asking for your information to assist you in accessing your account. My sister received the phone call version of the scam and promptly hung up :thumbup2: . Chase does not ask you about ANY personal info, especially your P I N number. :angry:
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#6 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:10:59 PM

Posted 16 May 2012 - 09:50 AM

I had a customer report a similar situation to me about two months ago, she received a call from a company claiming her ISP (Cox Communications) said she was infected with a virus and the same yadda yadda. She allowed the remote connection, they poked around, ran mbam, atf, and a few other random tools, then pitched a one-time fee for the fix and a service contract. When she said she wasn't satisfied with their service they got really nasty and threatened to sue. Eventually they stopped calling back.

I received a call on my cell phone at one point as well but did not answer, and I found it one of those phone number sites afterward. I had suspected play on both sides but that really ties the two together!
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!" | If I am helping you and have not responded within 48 hours, please send me a PM. | Vi Veri Veniversum Vivus Vici | Proud member of UNITE

Simple and easy ways to keep your computer safe and secure on the Internet
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

#7 tturbod2007

tturbod2007

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 17 May 2012 - 11:12 PM

:thumbup2: Thanks Grinier, with so many scams going on. It helps to stay informed. A well written Article. I want to thank you for your time.

#8 wayne937

wayne937

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 19 May 2012 - 07:24 AM

I also want to thank Grinler for his excellent service. All of us computer users are more safe if we follow his advice. Keep up the good work, Grinler. It is much appreciated.

#9 Kondo

Kondo

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 PM

Posted 19 May 2012 - 11:16 AM

Whenever I receive something from somebody I do not know, I immediately reject it.

Anyway, good read.

Thanks for the heads up!

#10 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:05:59 AM

Posted 21 May 2012 - 04:54 PM

Thanks for the information and your research on these unscrupulous people Grinler :)
Posted Image
Hug someone today and get on their nerves!

#11 stanleyrocks

stanleyrocks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 29 May 2012 - 02:04 PM

Thanks for bringing this up, Grinler. I'm afraid I'm new to this and I admit it's the first time I've heard of such a scam. I didn't know that any website can claim affiliation to another website without the latter's approval and they're not even from the same company. Hmm...

I'm not much into technical issues but I find this post very informative and I appreciate this article being posted and made readily available online. Since almost everybody uses a computer, this warning is very helpful so people don't get misled and tricked into disclosing sensitive information. Scammers are just out there, so we should always be very careful.

Edited by stanleyrocks, 29 May 2012 - 02:06 PM.


#12 stanleyrocks

stanleyrocks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 29 May 2012 - 02:18 PM

I read something about bogus Microsoft techs doing the same thing, too. From the report I found here, http://www.callercenter.com, scam artists call random phone numbers and tell the victim that a virus has been detected by Microsoft on the victim's computer. Then they go about asking access to the computer by using computer programs such as Teamviewer and Logmein. But be aware that it's a ploy designed to steal the victim's information and money.


Wow! All these happenings and I wasn't even aware. Hmm... Forgive me but I'm totally surprised. Good thing I never got a call like that because if I did, I just might have learned about all this the hard way.

#13 CB54

CB54

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Worth, TX
  • Local time:11:59 PM

Posted 09 October 2012 - 01:00 AM

Thanks for the dedication to the betterment of the IT world Grinler. Appreciate the time and effort it takes to put together the detailed report that you presented. Thanks so much. We are not worthy....:-)

#14 carl97

carl97

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 19 September 2013 - 09:23 AM

Tel. 0203 634 2052  14:20 17th September 2013  GMT. UK
Scam Caller posing to be from Google. I am Ex-directory and on the mailing preference list UK.
When i asked who it was and why are they calling the guy with a scouser accent became extremely abusive and vindictive.

They are now calling my kids number time and time again several times a day and threatening with sexual and abusive language and they dont seam to stop.

Please Help us.

Carla Simmons xx



#15 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:05:59 AM

Posted 19 September 2013 - 03:42 PM

Tel. 0203 634 2052  14:20 17th September 2013  GMT. UK
Scam Caller posing to be from Google. I am Ex-directory and on the mailing preference list UK.
When i asked who it was and why are they calling the guy with a scouser accent became extremely abusive and vindictive.
They are now calling my kids number time and time again several times a day and threatening with sexual and abusive language and they dont seam to stop.
Please Help us.
Carla Simmons xx

Hello Carla,
Sorry to read that you are experiencing this problem. I have copied some advice from the Ofcom website for you which I hope helps to stop the calls.

"Abusive calls
Malicious, abusive or threatening calls, whether from people you know or from strangers, are a criminal offence.
Immediately call your phone company and ask for their nuisance or malicious calls team.
If the caller is making direct threats to you or your family and you believe those threats to be real and immediate, you must call 999 straightaway.
If you believe that the threats made are not immediate, then you should call your local police station (101 from any landline or mobile phone)."

It's worthwhile contacting ActionFraud (their number is 0300 123 2040) and your local citizen advice bureau should be able to give you guidance. From my own experience of abusive callers I would not engage in any conversation with them and if you can, save their number and write down as much detail as possible about the time, and who the caller identifies themselves to be. If the scammers are calling your children several times a day, I suggest contacting the service providers tell them of the problem and get them to change their numbers. Best wishes and good luck,
Carri
Posted Image
Hug someone today and get on their nerves!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users