I have done some research and found out that this organization has been at it for quite a while. When there is enough awareness about their scam they change their name. Their last business name was Consult PC Experts (www.consultpcexperts.com). If you have a look at the web site screen shots below you can still see lots of references to the old Consult PC Experts site. On a side note I was looking for site registration information for the old domain and guess what, the domain name expired 2 months ago and was never renewed. I wonder who could be the new owner of consultpcexperts.com.
To keep my equipment safe I have setup a VM (virtual machine), this VM has no way to interact with any of the computers on my network so they can mess around all they want in this sandbox and are not able to do any harm. The VM is just an image I had handy, it is a very old virgin install of Window XP which works fine but is old. What they should have immediately done is spot this and install the hundreds of Windows updates that this system needs. During their playing many pieces of software don’t install, I believe that this is because this is an old version of Windows XP (pre SP2).
At the beginning I was just going to have a short bit of fun with these jokers but they didn’t catch any of the blatant clues I left for them. I changed the DNS server setting to Open DNS, the first time they asked me for my credit card details they took me to a payment page on swreg.org which is a legitimate payment site. I configured Open DNS to block swreg.org, when blocked it would display their phone number as the technical assistance phone number and their company name in logo form. It wasn’t their real logo though as I didn’t know about their real website at that point. I thought as soon as they saw this they would have some choice words and that would be the end.
As it turned out they were not very swift and just kept the payment carrot laser focused as their main goal.
When they took me to another payment site I also entered that domain into Open DNS block list but it takes 10 or 15 minutes for a block to take effect so it worked for a long time before it also got blocked.
The names I have been given by the agents are: Sam, Jack Morris, David Smith, Alex Murphy, Jason, James Parker.
Their phone numbers are: 646-867-3751 , 718-593-4198 , 07 – 3040 – 0210
The service email address they use is: firstname.lastname@example.org
0:08:15 – 0:27:00 They log onto my computer and attempt to load the payment page which I have blocked.
0:27:01 – 0:32:19 They attempt to load Google Chrome to load their payment page. Failed because of missing updates.
0:40:10 – 0:59:00 They load a new payment page to attempt to get their payment.
0:59:20 – 1:00:30 They say that they are having some problems with their main server and will fix the computer today and collect payment tomorrow!
01:01:00 – 01:10:00 A system restore point is made, they clear some cache, turn off logging of their famous errors and warnings, run the disk cleanup utility, add some junk icons to the desktop, attempt to install antivirus but can’t since Windows needs updating. They install Registry Easy and clean the registry on my fresh VM.
1:10:55 – 1:13:25 They return to the second payment website and now the Open DNS block has kicked in so it is also blocked.
1:16:05 – 1:53:00 They try to fix cause of their payment sites being blocked.
1:53:46 – 1:56:50 They load up their third payment site which isn’t blocked.
2:04:30 – 2:05:30 Failed attempt to install another AV program.
2:30:20 – 2:42:05 Poking around changing security settings. Taking another crack at installing AVG.
2:46:10 – 2:47:00 They finally figured out how to remove the DNS entry that is doing the blocking. I wish I could have made the DNS change in my router but because of my digital TV service I need to keep it the way it is.
2:50:00 – 3:07:50 They have me fill out the main payment form so they can get paid. When that fails they provide me with wire transfer instructions.
3:11:30 – 3:13:10 More failed attempts at installing some AV software.
3:19:09 – 3:24:48 They attempt to “Upgrade the computer to Windows 8″ by installing a skin pack. If this worked it would make the XP installation look similar Windows 8.
3:24:52 – 3:29:30 The skin pack did something that corrupted this old version of XP. It is now stuck in an endless boot loop. He calls me at 3:25:55 and obviously doesn’t know how to troubleshoot the state of my computer. He said he will call back but instead goes home.
3:29:50 – 3:33:10 A new technician Jason calls back but doesn’t know about my looping boot issue. He just wants me to walk me through the payment procedure… He eventually just hangs up
3:33:20 – 3:44:40 This is the funniest call ever, it’s after hours and it seems like there is just one drunk guy manning the phones. After he hangs up I get him again at 3:37:02
3:44:41 – 4:42:00 Call after I have had my boot issue resolved (I copied a new copy of the VM file which takes about 1 minute). I fill out their payment form again. I pretend to call the bank to see why my card doesn’t work for online purchases, of course since this is the weekend the fake bank needs me to go to my branch when it opens on Monday.
4:42:01 – 5:15:30 They go over a new support icon that has been installed and install a bunch of software again since my OS is virgin again.
5:16:12 – 5:56:30 They call a few days later to get the payment now that I had a chance to see the bank. I just give them a hard time since they have already done the work. I poke holes in some of the claims they make. I make them explain some of the things like how I can get unlimited free movies, games and software as soon I renew the maintenance warranty.
5:56:31 – 6:16:28 I finally show him the part 1 Hacked Gadgets article, at 6:01:45 I tell them that this is my site, his reaction is priceless.
The video is a little over 2GB. I think it took about 2 hours to upload to Youtube, I am not exactly sure since I just left it alone while it was uploading and returned later. What took a very long time was the Youtube processing time. This was something like 6 hours.
I did not watch the whole video, but I did read both articles and watch the end of this video where you pull up the hackedgadgets site. I have to wonder, do you think the guy on the phone is really a scammer (that is, he knows he is performing bogus work for too much money), or do you think he is just some cheap labor with basic computer skills that was handed a script? Many of the things you mentioned (installing AVG, attempting to clean the registry, running disk clean up) are the sort of things a genuine, but inexperienced “technician” might do. In fact, I have even seem legitimate (and by that, I mean GeekSquad style companies, so I use the term loosely) not understand the Windows Eventlog and think all those “errors” are major problems.
Anyhow, I’m not trying to defend the company, but I do have to wonder if this isn’t really just one or two guys paying cheap foreign labor to do their dirty work (which the workers think is legitimate)?
I think the truth is somewhere in between that. I am sure all of the people on the phones are aware that they are up to no good because of the way they contact clients, telling them that their computer has been sending them errors and warnings.
But I am sure they are just doing the job for exactly the same wage as their friend who might be working a few floors up at a Dell help center.
Of course it could have been much worse. The programs that they were attempting to install could have been full of malware but I don’t think they would have been. I think they are instructed to quickly do a few things then collect the payment.
It would have been interesting to see what would have happened if a payment was made and service was requested a week later. Do they just tell you to get lost? Or do they keep you happy until you are no longer able to reverse the credit card charge.
In their procedure of getting the credit card they will always have a opportunity to take a screen capture of all the information needed to use that card for other purchases. This could be sold or used by them. Who knows the card number and details might be biggest part of the scam.
I had only a quick look at scam.com. I think it is TOO MUCH. 40 000 threads? Half million comments?
Also, I clicked on one thread just by random, and the original poster had to say he was only impatient and everything was OK with the given company. But the thread is still there, not removed, not flagged as OK, ….
But anyway, maybe this may show the overall possibility of such a service to be very impressive and useful.
Like “independent product quality reporting” services are also not a big business as far as I know.
Sure did get their IP address. It’s in the video at 6:06:10.
At first they say they are in New York. Then when I suggest they are in India he says that he is in the Philippines. After I stopped the screen capture recording I pasted a link to the Hacked Gadgets article in their chat box. After about 5 or 10 seconds I got a hit from their India IP address to that page.
Good job! My wife just got a phone call and so did one of my customers! I’m reposting this on my blog and linking your page! My favorite and most brilliant part was using OpenDNS to block their payment page! BRILLIANT!
The only way I can think that would have made this better, is if at the end when you were talking to them, you went to the bathroom while on the phone.
There’s always that “what’s he doing? What’s that noise… is he?…..” then the revelation comes when the toilet flushes.
That’s just extra insult.
I’m betting, and I’d bet my house on this, that these guys have set up a “system” where they think they’re performing some “minimum legal” requirement to not go to jail.
In other words, the average person would go to them for help, they’d get some minimum assistance, for a price. Then if their machine that got fixed, great, pay us. If not, hey, we worked on it, pay us.
And that average person, under threat of lawsuit or collection, would pay up. And these guys do virtually nothing.
Are they are the top of the heap? I doubt that, but they know what they’re doing, is phony baloney, plastic banana good time rock and roll rip off.
Alan, the silence you heard (when the video says “he doesnt have much to say anymore”) was the sound of his soul being wounded by the realization that what he was doing was wrong. You’ve done a good work in this persons life and maintained your composure throughout. Well done.
Alan; great job. I want you to know that you’ve helped me save a lot of people a lot of money on this scam. I found all kinds of information about this scam but yours is by far the most comprehensive expose. If you notice early on in the video it looks as though they go in and disable eventlog from start up which would be key for their “success” – if they disable the log, event viewer will be blank …AFTER they install their software. Illusions
Sadly, Nobody was permanently injured during the course of this call.
I think I may have made a few people cry, though. I’m amazed at how slow these monkeys are to catch on. The last five minutes of the call were nothing but me insulting his mother and describing in detail what his daddies do with the cows when nobody is looking. Yet he persisted to excitedly continue to explain to me how important it was to get this windows problem taken care of immediately. WTF?
This is the first time I’ve received a call from them, but I’m already planning out the next one. I’m not geeky enough to set up a VM; but I think I’ll take my old laptop out of retirement, reinstall windows, and plug it into my home network.
Is there any danger of them messing with my *real* computer on the same network if I let them in?
I plan to have a hard drive full of gay fetish porn and some snuff films. It will be fun to roll that video while they’re busy poking around. What else would be considered mortally offensive to an indian?
Absolutely brilliant Alan, they seem to be at this all over the globe. We’re located in Scotland, UK. We had 3 PC’s dropped in yesterday,after the scammers had called and taken the credit card details they locked the PC’s down with a windows start up password.
we had quite a few people fall for the same thing last year but then it seemed to die down, but they must be making a fortune from it as they are back again.
I’ve put a link to your page (hope you don’t mind) on my our linked in page. Hopefully warn other people about this scam.
Keep up your good work, it kept me amused for hours last night.
A friend of mine who has Hindu in-laws tut-tutted one of these cold callers with “You will never dwell in the house of Krishna”, which upset the poor chap enough that he hung up, and someone else phoned back with some concern in their voice.
I appreciate most the dignity with which you talked to and treated the men on the phone, without judgments or undue criticisms–sadly becoming more and more rare among people today. Incredible detail and patience. Comment 31 by Mike probably truly explained some of the pauses and silences by the final man on the phone. It makes you wonder the conditions of people’s lives to be involved in such things–the base employees who may see but ignore signs of corruption and not pursue or rationalize away the truth and the corrupt management who sets it all up and may or may not train the base employees in a knowing manner. And you compassionately, non-judgmentally guided him, in the case he possibly could be an employee trained by others in an unknowing manner and not management, to look critically at things. Hopefully it will be an important thing in his life that you gave him this dignity and respect. My hat is off to you, I commend this work by you, and thank you for sharing it.
My e-mail to post this is false, by the way–I’m too busy personally to follow follow-up comments and was out of priority (procrastinating other things) to be here anyway and I don’t want any automatic recording of my address. I was called by these people today. However, if you take interest I would be happy for any personal contact with you, [my first name]bhf at yanoodle daught come. I know you can figure that out if desired. I’m not much for long-distance loyalty to friends–usually just focus on local friends and neighbors, trying to be an influence for good though I’m as flawed as anyone. I’m really a nobody without much to offer (a dad, remarried, and a mess of a personal life) and am not offering anything specific, call me weird, but this entire project you did and posted just stuck out as so rare to me that I’m putting this out there. I welcome associations with people like you. This world needs more people like you. Thanks again.
what a great job you have done here although it hasn’t stopped them continuing to rip people off. I have just attended a client’s house here in Australia where she paid $789.99 to these scammers last week after they cold called her and told her that her system was about to fail. It was virtually identical to the scenarion in your Part 1 video.
In this instance they are calling themselves Hitech PC Support and I have included a copy of the email that they sent to her after she had paid the money. I thought you may be interested. Keep up the good work!!
By the way the invoices that they issued are from Minnesota, MN
From: HITECH PC
Sent: Tuesday, September 04, 2012 11:20 AM
Subject: Welcome Letter
Thanks for joining us, now your Computer is our responsibility.
Below are just the general features that are available for you apart from all minor to major support that we would be providing you.
The product & services available from our end is the cheapest as you don’t have to pay anything for the tenure that you have enrolled in.
The general products that you have enrolled in are as below :-
PC Speed Up
Anti Virus & Spyware
Data Back Up
MS-Office Set Up
Printer & Scanner
Mp3 & iPod
Internet Set Up
Windows 7 Upgrade
Supported Brand & Softwares
Operating System Support
PC Peripheral Support
Windows 7 Migration Support
Please note that the subscription that you have enrolled in includes a Life Time Software Support Warranty of your PC.
You would also receive a regular checkup phone call from our support team to clean up & fasten you PC.
Do you have any experience with http://globalpcexpert.com/ Is this the same type of thing? The set up is similar. I called AVG support to try and figure out how to fix some setting changes that downloading AVG secure search toolbar had created. They told me that there was no way to fix those changes without cleaning up my computer, but that they had a service that could do that. I gave them my credit card information and he started working on my computer. It wasn’t until I got a call back confirming the price that I started to worry, because they told me at that point that they were not affiliated with AVG or Microsoft. Why would someone from AVG support offer me a service from another company without making it clear that it was a different company?
The person who helped me had and Indian accent, but the person who called me had a Russian accent. The number that they gave me to call back is the same as on that website, thought the website says it is based in 6458 VALIANT HTS, MISSISSAUGA, ONTARIO, L5W1E2.
Also, I am worried because the name is really similar to the names you mention here. And in the end, he fixed the problem by removing the toolbar, which I could have done without his help.
I am worried because the name is close to the names you give here.
You have lot of patience! I am surprised how the caller kept on with you and not get angry and actually apologized. It may be he was a very low level employee and really was made to believe that he was helping people. After all, you cant assume he knew everything about computers.
Not much difference between the caller and the person working at McDonald who unknowingly poisons hundreds every day. The only difference is that in this case, someone handed him the call after calling you. With McDonald, people go up to the counter willingly.
In any case, I hope your words stay with him and have an impact.