Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LOOK OUT! Solid Techies Phone Scam


  • Please log in to reply
10 replies to this topic

#1 saxdragon

saxdragon

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:10:53 AM

Posted 15 June 2017 - 02:44 PM

I just got a phone call from somebody claiming to be an employee of Solid Techies, a company that i had an account with until last month.  They're an anti-malware, computer clean-up company that I used for a year, after my machine got infected.  They did a good job of fixing my machine, and regaining access to a lot of files i'd been locked out of.  They use a remote app to take control of your machine to do that, and when i watched them do it, i noticed they basically used a lot of the tools and procedures that are listed here, so i decided not to renew my account with them.

 

Anyway - the caller told me the company was going out of business, and i was due a refund because of it.  I was suspicious immediately, but i went as far as opening a URL that he gave me, supposedly to download a form he told me i would fill out to get my refund.  The site connected me to that app that basically hands your computer over to another operator, and that's when i was pretty sure that i had a scammer on the phone.  I closed the browser without touching that app, and started quizzing him about what was going on.  I told him i wasn't going to hand my computer over to someone i didn't know who just called me on the phone, but he kept trying - in a very thick, hard to understand West Asian accent -  to explain it all away.  (He told me to call someone named "Jack Williams" at 631-479-2230...right!).

 

After arguing with him and trying to get some more information, i told him i'd call him back after talking to "Jack Williams", and hung up.  I immediately phoned Solid Techies and got one of their account salespeople on the phone.  I told them about the call, trying to give them a heads-up (although i figured they probably already knew about it.).  The account rep went into a high-pressure sales pitch, trying to get me to sign up with them again.  I had to refuse over and over while he implied that my machine was now infected because i opened that URL.  Finally he realized i wasn't going to sign up again and ended the call.

 

So, i'm pretty sure the scammer didn't get into my machine.  I didn't enter any information when the remote control app popped up, and i didn't give the scammer any info he didn't probably already have.  So, i probably didn't let any bugs in, right?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:53 AM

Posted 15 June 2017 - 06:01 PM

Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

These are a few examples.

The scammer may claim to be affiliated with Microsoft or Windows Support. However, there have been reports of scammers claiming to be affiliated with major computer manufacturers such as Hewlett Packard, Lenovo and Dell, familiar security vendors like Symantec, Panda, McAfee, etc. and even popular ISPs.

 

Not answering any questions and hanging up the telephone is the best way to deal with phone scammers...then report them to the appropriate authorities.

 

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rittenhouse

rittenhouse

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 24 June 2017 - 02:57 PM

i have been getting phone calls from Microsoft or at least some men with Indian accents. They want me to  go to a web site to help resolve some error messages.These phone calls are not even showing up on my phone logs. I suspect spybot may be the culprit or Malwarebytes, two programs that i recently installed.



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 24 June 2017 - 03:01 PM

i have been getting phone calls from Microsoft or at least some men with Indian accents. They want me to  go to a web site to help resolve some error messages.These phone calls are not even showing up on my phone logs. I suspect spybot may be the culprit or Malwarebytes, two programs that i recently installed.

 

Neither Spybot nor Malwarebytes trigger tech support scams.

 

Microsoft does not call people (unless you contacted them first) about tech support issues.

 

My personal policy on geting calls from unrecognized numbers is to let them go to voice mail.


Edited by jwoods301, 24 June 2017 - 03:03 PM.


#5 rittenhouse

rittenhouse

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 24 June 2017 - 03:03 PM

Does anyone  know if when you respond to an opinion or question on a web site and they ask you to enter the code below such as "KNGGTF" or any combination similar that you are in effect giving them a bridge into your computer similar to the codes requested by the LOGMEIN  rescue program?  For example, you see a video and you leave your comments, but you have to enter the captcha or letters listed in the box, does that link your computer?



#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 24 June 2017 - 03:05 PM

Captcha is way to prove that a human is using the site instead of a bot.



#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 24 June 2017 - 03:13 PM

Brian Krebs on the 3 Basic Rules for Online Safety...

 

https://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/



#8 rittenhouse

rittenhouse

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 24 June 2017 - 03:16 PM

Norton which never finds anything found cydoor, even when I had a trial version of malwarebytes they found cydor, both after i downloaded  a copy of spybot. it is almost impossible to even determine which site is legitimate or authentic.i remember that spyot advised me if i removed advertising programs the program might not respond. they install cydor themselves then warned me before removing it, but norton found another version of it.Scan Information:

  Virus Defs Version: 2017.06.21.008
  Virus Defs Seq ID: 185982
 
Scan Statistics:
  Scan Start:
   Local: 6/24/2017 12:45 PM
   UTC: 6/24/2017 4:45 PM
  Scan Time: 7,625 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 326,534
   - Files & Directories: 324,084
   - Registry Entries: 172
   - Processes & Start-up Items: 1,564
   - Network & Browser Items: 710
   - Other: 4
   - Trusted Files: 0
   - Skipped Files: 0
 
   Total security risks detected: 10
   Total items resolved: 10
   Total items that require attention: 0
 
Resolved Threats:
4 Tracking Cookies
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Tracking Cookies
 Status: Fully Resolved
 -----------
 4 Tracking Cookies
Cookie:new@microsoftsto.112.2o7.net/ - Deleted
Cookie:new@rubiconproject.com/ - Deleted
Cookie:new@m.webtrends.com/ - Deleted
 - Deleted
 
 
Adware.Gen
 Type: Compressed
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Security Risk
 Status: Fully Resolved
 -----------
 1 Infected File
 - Deleted
 
 
W32.Idyll
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
 - Deleted
 
 
Trojan Horse
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
 - Deleted
 
 
Hacktool
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
c:\users\\documents\wintool\password recovery\asterisks password\setuprevelationv2.exe - Deleted
 1 Browser Cache
 
 
 
Adware.Cydoor
 Type: Anomaly
 Risk: Medium (Low Stealth, Low Removal, Medium Performance, Medium Privacy)
 Categories: Adware
 Status: Fully Resolved
 -----------
 1 Infected File
c:\users\\documents\wintool\speedup\speedup downloading\flashget.exe - Deleted
 1 Browser Cache
 
 
 
Adware.Cydoor
 Type: Anomaly
 Risk: Medium (Low Stealth, Low Removal, Medium Performance, Medium Privacy)
 Categories: Adware
 Status: Fully Resolved
 -----------
 1 Infected File
c:\users\vo\documents\speedup\speedup downloading\flashget.exe - Deleted
 1 Browser Cache
 
 
 
 
 
Unresolved Threats:
No unresolved risks


#9 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 24 June 2017 - 03:22 PM

You can check a site's URL before visiting by going to VirusTotal.com, clicking on the URL tab, copy/paste the URL into the search box, and click on the blue Scan it! button.


Edited by jwoods301, 24 June 2017 - 03:26 PM.


#10 majmun

majmun

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 30 June 2017 - 04:41 PM

http://telephonenumbersinfo.com/

Check this site.

All telephone numbers with social data for each.

Find owner of any phone number.



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 30 June 2017 - 05:25 PM

http://telephonenumbersinfo.com/

Check this site.

All telephone numbers with social data for each.

Find owner of any phone number.

 

Didn't find anything on my phone number, so i guess that rules out "all telephone numbers".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users