Consumer Fraud Windows Tech Support Scam Revealed

Status
Not open for further replies.

windowsscam

New Member
Today I may have uncovered more about a true scam that is rather terrifying since it can affect unsuspecting people at home - the Microsoft Tech Support scam that uses TeamViewer remote support software to perpetrate the scam.

I was called on the telephone by a woman with a heavy Indian accent who said that she is calling from Microsoft Technical Support regarding a problem with my computer. She insisted my computer was infected with a problem and that my computer was sending out messages which alerted them to call me. I knew this had to be a scam because Microsoft tech support wouldn't be calling about this but I played along to see where it was going.

The Indian woman told me to run a command in the run the Windows Event Viewer by typing "eventvwr" into the box that appears when you click the Windows Start button. It launched and she led me to view all the spam and viruses and malware that Outlook had caught on my computer. The phony Microsoft technical support specialist told me that these were the bad things on my computer that were viruses causing my computer to send out messages to others that led Microsoft to call me about this serious problem.

She then told me to type "TeamViewer" and go to the TeamViewer home page and download the file marked "Join Remote Control Session." I knew what they were up to - she was then going to be able to see and control my computer while we were engaged in a remote session. At that point they could inject files into my computer, delete them and hold me hostage while they expected me to pay them for fixing my computer of a problem that never existed. Other searches online revealed that the "technical support" team fixes a problem that doesn't exist and then they get you to pay them. You can read more about the FTC's huge prosecution here: FTC Case Results in $163 Million Judgment Against "Scareware" Marketer which began in 2008 in "scareware" scam where scammers would call up unsuspecting people and falsely claim that scans had detected viruses, spyware, and illegal pornography on consumers' computers or that their computer was sending out messages requiring the tech support team to call. Court Halts Bogus Computer Scans, where the scammers would induce the fraud victims to buy computer security products for large sums of money.

windows eventvwr.jpg

I was able to get the phone number of the person who called me even though they tried to block their number. The number belongs to the company British Techs allegedly in Norwalk, California. Their phone number is (800) 088-5505 or (800) 516-0854 . It was difficult to stifle a laugh reading the company's tagline - Serving the Excellence.

I looked up the address listed for this company:

14812 Gridley Road, # 51
Norwalk, (CA) 90650

This is a picture of the headquarters for the company!

British-Techs-Windows-Tech-Support-Scam-HQ.jpg

The information about the domain name reveals that a person with an Indian name, Rahul Singh, owns the domain name. The registrant's address says it's in the United states but the address actually points to New Delhi, Delhi in India. This is a violation of the domain name agreement but it appears that GoDaddy is not aware of the incorrect address.

Domain Name: BRITISHTECHS.COM
Registrar URL: http://www.godaddy.com
Updated Date: 2013-05-12 09:38:53
Creation Date: 2013-04-07 10:04:33
Registrar Expiration Date: 2015-04-07 10:04:33
Registrar: GoDaddy.com, LLC
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant Name: Rahul Singh
Registrant Organization:
Registrant Street: B 1308 Shastri Nagar
Registrant City: New Delhi
Registrant State/Province: DL
Registrant Postal Code: 110052
Registrant Country: United States
Admin Name: Rahul Singh
Admin Organization:
Admin Street: B 1308 Shastri Nagar
Admin City: New Delhi
Admin State/Province: DL
Admin Postal Code: 110052
Admin Country: United States
Admin Phone: 7838801054
Admin Fax:
Admin Email: rahu4u@gmail.com
Tech Name: Rahul Singh
Tech Organization:
Tech Street: B 1308 Shastri Nagar
Tech City: New Delhi
Tech State/Province: DL
Tech Postal Code: 110052
Tech Country: United States
Tech Phone: 7838801054
Tech Fax:
Tech Email: rahu4u@gmail.com
Name Server: NS1.BLUEHOST.COM
Name Server: NS2.BLUEHOST.COM



I saw other complaints regarding this "British Techs" company recently but on a britishtechs.co.uk address. I found the following:

Domain name:
britishtechs.co.uk

Registrant:
British Technical Support

Registrant type:
Unknown

Registrant's address:
B 1308 Shastri Nagar
New Delhi
Delhi
110052
India

Registrar:
GoDaddy.com, LLP. [Tag = GODADDY]
URL: http://www.godaddy.com

Relevant dates:
Registered on: 04-Apr-2013
Expiry date: 04-Apr-2015
Last updated: 04-Apr-2013

Registration status:
Registered until expiry date.

Name servers:
ns1.bluehost.com
ns2.bluehost.com


This shows the same contract information and registrar, but this time the correct country of India and city of New Delhi.
 
I decided that I had heard enough and hung up. Later I had called back the phone number that I had. You can call British Techs at (800) 088-5505 or (800) 516-0854 . Someone answered but didn't identify themselves as British Techs. They answered in a thick accent that sounded like your typical English speaker in India:

"Hello and thank you for calling Technical Support my name is..."

It appears that Malwarebytes, a well known anti-malware site, had covered this Microsoft Windows Tech Support fraud. I took a look at the Brititishtechs.com website policies and saw what they sell -- removal of viruses and malware. The unsuspecting would have no idea that what they were viewing was not harmful. This is from the company's terms and conditions of what they are selling.

Upon purchase of the Service, Customer shall be eligible to receive the following services via remote, or phone support (e.g., over the phone or via the Customer's computer with a British Technical Support Executive logged into the Customer's computer):
Software installation
Software assessment and removal of viruses and malware
Memory installation
Operating system installation
Annual computer tune-up and operating system/software updates.
Hard drive data removal upon request

Service is on a per-customer basis and is restrained to two (Computer & printer) devices owned by the customer. There is a set fee to the services without any regards to usage (i.e., once the Customer has purchased the Service, there will be no refund of the fee even if the Customer does not use the Service thereafter). Customer must purchase the Service in one-year increments. Training of the services are not included in the Service, but are available at British Technical Support at a standard service rate.


Also interesting is that while the company is supposedly in Norwalk, California, their legal terms state the following:

These Service Terms shall be governed by and construed in accordance with the laws of Republic of India, excluding its conflict of law provisions. Customer and BTS agree to submit to the exclusive jurisdiction of the courts in New Delhi, India. If any provision(s) of the Agreement is held by a court of competent jurisdiction to be contrary to law, then such provision(s) shall be interpreted, as nearly as possible, to reflect the intentions of the parties with the other provisions remaining in full force and effect.

So I decided to keep digging. I went online to LinkedIn and discovered that this company had people entered into its profile as employees - one in California and one in India. The company profile it said that they had 100 employees! But these are the only two I could find.

British-Technical-Support-2-Employees.jpg


About British Technical Support

USA based organization just started with a project consisting 100 employees. Client dealings in terms of BD (Business Development). So eager to serve you an excellence with higher benefits and profits. Online instant resolution with perfection and complete dedicated hard work. Hope we could leave a BIG SMILE ON THE SAD FACES. Keep it up!

United Kingdom http://www.britishtechs.co.uk
USA/CANADA http://www.britishtechs.com

Specialties
Complete client Satisfaction, Serving the excellence in an excellent way, 24/6* Client Support, Free Diagnosis on call


Rahul S. - I am guessing that this is Rahul Singh, the registrant of the domain. He is supposedly located in California and has over 500 connections. Norwalk is the same city where the British company has its listed address. Perhaps it is a residential home but I will guess that it doesn't house even 10 employees, if any!

Rahul.jpg

Rahul appears to be Internet savvy and claims on his Facebook profile to be a search engine optimization expert. He has a Twitter profile @SEORahu and the company has a Facebook page too. On the company page I only saw two Likes and two shares - both by a Rahul Kumar Singh -- one in Norwalk, California and the other a public figure in Delhi, India - who is also listed as an owner of British Techs. Both of them say that Rahul lives in New Delhi, India and not in Norwalk, California. Further information matches the registrant information on file - Shastri Nagar, New Delhi, India 110052.

Mubashir is the only other employee for British Techs listed. He is located in New Delhi India.

Mubashir.jpg

So what I know is that someone at this company called me to perform "technical support" allegedly from Microsoft. And when I called them up, they answered the phone as "technical support." It reminds me of the "card services" scam where the call allegedly comes from the "card services" support section from your credit card company and that is all you hear.

So beware any of you who receive calls from Microsoft's Technical Support department. They will almost certainly never call you directly nor would they ask you to install a remote control software to connect with your computer. Beware of these terrifying scams. I hope this post helps some people who are unaware of this Microsoft Technical Support scam and prevents them from becoming fraud victims. Maybe the next step would be to call my state attorney general and have them look into what happened.
 
There are a lot of scams out there. A person certainly has to be careful what information, etc. that they give out when they are suspicious of a phone call, e-mail, letter...... (definitely don't send money!)
 
I notice you have a China IP address. I hope this isn't spam posted to advertise certain websites.
 
I notice you have a China IP address. I hope this isn't spam posted to advertise certain websites.
No, it's not an advertisement and the IP address is an open proxy server that anyone can use. This scam is unfortunately well documented and the article cited is actually well quoted on the Internet. The Microsoft Tech Support scam is frightening since it's just a numbers game. Make random calls to people's homes and hope to get reach those who are true PC newbies or a senior citizen who isn't savvy with computers and a good target to alarm. Then give them peace of mind for just $100-300 and they'll never know the difference.

Calling the state attorney general is one way. I'd probably call the FTC - I think there may be telephone numbers in the press releases cited. I would think they would be interested in compiling this information. You can also always call Microsoft's Technical Support department and I'm sure they'd be glad to use the information to shut down any impersonators!
 
Glad to hear it though it seems like some of the info might have been "spamming" such as deleted by army judge.

I was pretty sure it is an actual scam but wasn't sure of some of the info posted - if maybe posted for spam purposes & wasn't sure what all to delete (if any).

It does note recently reported forum spam source when checking IP address under open proxy server. (though I know anyone can use it) Is China. (foreign)
 
Last edited:
I have received calls from them a few times. We always screw with them by asking which computer it is. By being difficult they end up in a huddle trying to figure out how to get you to do what they want.
 
I sometimes tell them I don't have a computer.

That really baffles them....
 
Note - I restored the message because it was clear that a good part of it was obfuscated in the process. As part of being a Service Provider, our immunity is maintained by maintaining our status as a conduit of information, not censors and editors except under certain circumstances. We have a right to remove sensitive information which help us maintain the safety and security of our users and which we have a right to do so under our legal terms of use. We don't want to be a vehicle for any harassment, etc. We do need to make sure that we don't edit the text and make sure that it remains intact. I'm really so grateful to have all of you since your assistance is always right on target and you do what you've got to do. :)

FYI - All of the information posted is public information in the Internet Whois database and meant to be purely public. For those of you who don't know what this is, it's the same as corporations needing to make an address publicly available for contact and service of legal documentation when violations occur. There is also nothing threatening about the information, no deep digging done that anyone online wouldn't do in 2 minutes and puts the pieces together pretty well too. And look what I find: http://phoneowner.info/Number.aspx/8005160854

Caller said they were with Microsoft / Windows. They stated there was a problem with my Laptop and called to help fix the problem.

It is a scam. Do not call back. If you already did call them and they told you to run some software or visit a web site, find someone who knows computers and get your machine re-imaged.

The registrar is GoDaddy, which is one of the largest in the world. You can easily discover this by using any of many tools such as this one - where I'll look up Google:

http://whois.domaintools.com/google.com

Google Maps is one of the best methods to smoke out a scam. In the past I've had people try to sell me services and I looked up their business addresses, only to find out that it was located on top of a taxi stand in the middle of nowhere or obviously being the back room of a grocery store. What happens is that people in foreign countries, such as India, will ask a friend or relative to use their physical address just for the purpose of listing a business.

Last night I was called by a web designer that I have worked with many times in the past. He's Indian, great guy. He was concerned because he received a contract from someone who wanted to hire him for a full time job but it had some strange payment terms - net 30 days for development work. He desperately needs money to feed his family as work is slow so he's taken some very low paying work. I took a look at the agreement and laughed since it was someone's modification to a NDA (non-disclosure agreement) with a handful of terms placed in and some of the details didn't smell right and look off. I searched the addresses and it was no business address. I presumed that the person trying to hire the developer was probably some individual in the middle of the US trying to outsource the developer to a company. He lifted their company stationary and pretended to be a representative of the company.

The developer called the actual company the following morning. Lo and behold he confirmed what I suspected. They had never heard of this clown. They said they don't really care to deal with subcontractors and certainly not those who subcontract his work out. I'm guessing that my colleague would have worked for at least a full month and never see a dime of what was owed to him.
 
I was pretty sure it is an actual scam but wasn't sure of some of the info posted - if maybe posted for spam purposes & wasn't sure what all to delete (if any).
It does note recently reported forum spam source when checking IP address under open proxy server. (though I know anyone can use it) Is China. (foreign)
Very true. This is 99% the case. But the post doesn't read like spam and the IP is a proxy which could have passed through another proxy. When dealing with people online like this you sometimes want to avoid being the subject of retribution for doing what you feel is a good deed.

Anyways, I have faith in everyone here. BTW, I realized that I neglected to mention that I called the number late this afternoon and hung up after hearing the same.
 
Very true. This is 99% the case. But the post doesn't read like spam and the IP is a proxy which could have passed through another proxy. When dealing with people online like this you sometimes want to avoid being the subject of retribution for doing what you feel is a good deed.

Anyways, I have faith in everyone here. BTW, I realized that I neglected to mention that I called the number late this afternoon and hung up after hearing the same.

Agree. I didn't delete thread/posts as spam or delete any part since thread seemed to just be alerting people to a scam but just wasn't positive it wasn't spam (or that parts shouldn't be deleted) for reasons I noted. If OP was from China & definitely selling something or it was porn, then I would have deleted thread.
 
Army judge had the answer of the month with that one, lol.

Guess what? I received a call from another set of Microsoft Tech Support scammers. In fact, it's the same ones as in the article that was referred to above. It is incredible that they were not caught yet. Time to write an article and warn consumers. This is a frightening epidemic. I spoke to this clown for a short while to see what they wanted me to do. Of course I wasn't going to allow them to remotely connect to my PC. He had a very thick Indian/Pakistani accent and used the name "John McLaren." Yeah... he sounded very Irish! ROFL.

They wanted to charge me $50 for one or two viruses that the would find. Of course there would probably be more "work" that they would have to do. There was no work - I knew exactly what he was pointing out to me and lying so brutally. I asked a couple of really stupid questions and I could hear in his voice a hesitation to answer, to some measure pausing to think whether someone could be this stupid and then deciding that it could be the case and he doesn't care if he's lying.
 
Well i don't know who posted this he should check all the good reviews from all the customer. Our website clearly says that we are an independent organization which has nothing to do with big brand like Microsoft, Dell, HP any one can misuse your name, its just your own experience which makes you say all this which is 100% incorrect. This could be your personal opinion try together more facts. Than comment bed things about any organization. You don't have any ground to prove that British Technical Support scammed you. It could be your perception.
 
Well i don't know who posted this he should check all the good reviews from all the customer. Our website clearly says that we are an independent organization which has nothing to do with big brand like Microsoft, Dell, HP any one can misuse your name, its just your own experience which makes you say all this which is 100% incorrect. This could be your personal opinion try together more facts. Than comment bed things about any organization. You don't have any ground to prove that British Technical Support scammed you. It could be your perception.
May I assume that this is the owner of the company and that you don't know how any of these alleged activities are occurring? Have you confronted employees about the allegations I've seen now a couple of times? I'm not sure what to think. I've just taken a look at the britishtechs.com website and it is gone completely and features a stock Joomla installation. The home page says "Congratulations! You have a Joomla site! Joomla makes it easy to build a website just the way you want it and keep it simple to update and maintain." The britishtechs.co.uk website has a big graphic on it with a crane that looks like an "under construction" type of graphic. It would seem that the company's websites were taken down.
 
This Toll-Free Number 800-516-0854 doesn't belong to our organization any more (after august 2013) Due to change in google policies we stooped this support for new customer. After that this Toll-Free Number could have been use by any other organization. The website that we use to have clearly mentions the kind of independent support which was provided to the customer.

Know any one calling from this Toll-Free Number or any issue regarding this number has nothing to do with British Techs Organization. So Please be careful about it. The post which has been posted simply talks about (Month NOVEMBER 2013) when this organization winded up. so, this is a post where in we are not responsible. How did you allow someone to post pictures including our profile on your forum. Please take a quick action for this issue. Try to check who this Toll-Free belongs to if its not with our organization know. the website www.britishtechs.com, www.britishtechs.co.uk is not running from last 3 month. I hope this ans all questions about the post in your forum.
 
If you could check about this website. It doesn't exist anymore and not now from the past four months. You should research more who is running this work, and gather the information about Toll-Free. I accept i was the web designer who designed this website with proper terms and condition later i was the owner of website but due to a change in Google Policies 4 months back we stopped this project. It clearly indicate that there is a different work going on altogether on my name.
 
Army judge - This appears to be the owner posting the information about the posts made by someone who took time to report an alleged scam.

rahulsing4u - The poster said that there were 2 numbers that were used by the same company. You're claiming that you lost the use of one of them so that means that you were still using the 5505 number. I can see in the Internet archive that the BritishTechs.com website was up and with the 0854 phone number listed at least as late as October 2013. That's well past the August date you say that you no longer had the number. I remember looking at the BritishTechs.com website and it was fully operational, with that phone number listed. LinkedIn was current through November. So I looked in Google's cache. It looks like the British Techs Facebook page had a post on November 20:

http://webcache.googleusercontent.c...sts/511568985544785+&cd=4&hl=en&ct=clnk&gl=us

"Get HP support by British Technical Support and resolve technical issues. British Technical Support Call @ 0-800-088-5505 and avail technical support for HP computers and HP laptops instantly."

Back in November I called both those numbers on that day just to see whether it could be true. They both worked and appeared to be the same company and answered as "technical support." If the company is supposedly out of business, then those telephone numbers should not be operational.... are they? Well, if the company is out of business, then I guess there isn't anything more to talk about. Good luck with your next business.
 
I saw that, Professor.

I thought it to be very odd.

With all of the clutter on the WWW, finding our little bit of paradise must have been most time consuming.

Yet, with great sacrifice and persistence, it appears he found us.

The Bard penned, a marvelous play, "Much Ado About Nothing".

It wasn't his finest work, but it was pretty darned close.
 
Status
Not open for further replies.
Back
Top