Some time ago we described how to spot tech support scam – a typical computer access fraud that the IT community is talking about more and more these days. Sadly, scamming affects both users’ private data and vendors’ reputation, as most fraudsters tend to present themselves as well-known software providers. We’ve been following all the ongoing discussions about this issue and recently finally got a call from one of our customers that helped us start an in-depth investigation to find and penalize the criminals.
We’d like to share this story and hope that our customers and other businesses might find it helpful in fighting back against “Tech Support” scams.
One day a user received a pop-up browser message from a supposed “Microsoft tech support” company stating that his computer was infected with a virus and asking to call Microsoft immediately at +18446661375. Upon calling the number, the user was directed to a tech support agent that instructed him to run the Techinline FixMe.IT tool in order to allow remote access to his machine. The tech support agent claimed that he would be able to remotely fix any issues that existed on the machine. Luckily, the user spotted that something was quite phishy and played along without granting full access to their machine. He was smart enough to grant only partial access in order to collect the “tech’s” IP address and then disconnected the remote session at a point where no real harm could be done.
The user then contacted us and provided the IP address and phone number of the company that tried to scam him. As soon as we received this information, we decided to run an expose on these impersonators. Having looked through the relevant system logs, we found that the IP was linked to one of our paying subscribers – a company that operated in our records under the name of “BrainBro”. The scammers had an actual working website at the time and, furthermore, they had 4 monthly FixMe.IT licenses to put their fraudulent schemes to commercial use.
Upon doing some online research, we also found that the callback number provided by “Microsoft” was already reported as fraudulent and a number of users had shared similar experiences in dealing with this company. When one of our team members contacted this number, the “agent” asked him to grant access to his computer via GoToAssist – imagine how surprised he was at the moment!
Apart from that, if you do a quick search of “BrainBro”, you’ll realize that these people can mess with any type of services or devices, including Apple products. It can prove two things: this is a mass fraud that utilizes multiple tools at once, and we cannot possibly know how many well-known software products they actually use. Besides that, scamming techniques have become more and more sophisticated to a degree when your computer is infected by malware that sends messages directly onto your screen.
The conversation with BrainBro was quite short. We immediately discontinued all of their subscriptions, as our Terms of Services prohibit the use of FixMe.IT for the purpose of misleading or misinforming end users for financial gain.
Nevertheless, scammers are still out there: users pay for the services they don’t get, and then they can’t make head or tail of it, as the company they got a call from doesn’t exist anymore. These fraudulent businesses easily change names, phones, addresses, but on the bright side having conducted this investigation, we now understand one of such schemes and hope that this valuable information can help spread the word and prevent others from getting affected.
Remember to check the following before letting any unknown company access your computer:
- Search their phone number on the web – chances are, other users have already been contacted by this firm and have reported their negative experiences
- Ask for the agent’s name, employee ID, and any other information that can help you identify if the company’s real, or if it’s a fraud
- Use tech support services that you know and trust
- If you see any suspicious on-screen messages on your computer, immediately get in touch with a tech support company you trust
- Be sure to run a cleanup on your machine, as it might be infected with a malware program
Please don’t confuse Techinline FixMe.IT or any other remote desktop service provider with fraudsters who user this software to connect to your computer. If you got a scam call or a message from a company that presents itself as a software vendor, try to get as much information as possible, and pass it to the vendor. Together we can do more, and this will help deal with scammers more effectively.