Hacked Gadgets Forum

November 23, 2011

Hacked Gadgets corners Scammers called Global IT and Global PC Protection – Part 2

at 10:31 am. Filed under Funny Hacks

global_pc_protection_are_scammers_2


If you haven’t seen part 1 you should watch some of that video to get caught up.

This is part 2 of Hacked Gadgets following the techniques that computer scammers called Global PC Protection use. Part 1 was called Hacked Gadgets has fun with Computer Scammer called Global IT because at that point they were just calling themselves Global IT but through this investigation they revealed their main website. Their main website is www.globalpcprotection.com.

I have done some research and found out that this organization has been at it for quite a while. When there is enough awareness about their scam they change their name. Their last business name was Consult PC Experts  (www.consultpcexperts.com). If you have a look at the web site screen shots below you can still see lots of references to the old Consult PC Experts site. On a side note I was looking for site registration information for the old domain and guess what, the domain name expired 2 months ago and was never renewed. I wonder who could be the new owner of consultpcexperts.com. :)

To keep my equipment safe I have setup a VM (virtual machine), this VM has no way to interact with any of the computers on my network so they can mess around all they want in this sandbox and are not able to do any harm. The VM is just an image I had handy, it is a very old virgin install of Window XP which works fine but is old. What they should have immediately done is spot this and install the hundreds of Windows updates that this system needs. During their playing many pieces of software don’t install, I believe that this is because this is an old version of Windows XP (pre SP2).

I am using some test credit card numbers from a coding site, these credit card numbers would normally be used when testing credit card validation scripts. The numbers on the site are random valid numbers based on the Luhn formula.

At the beginning I was just going to have a short bit of fun with these jokers but they didn’t catch any of the blatant clues I left for them. I changed the DNS server setting to Open DNS, the first time they asked me for my credit card details they took me to a payment page on swreg.org which is a legitimate payment site. I configured Open DNS to block swreg.org, when blocked it would display their phone number as the technical assistance phone number and their company name in logo form. It wasn’t their real logo though as I didn’t know about their real website at that point. I thought as soon as they saw this they would have some choice words and that would be the end.

As it turned out they were not very swift and just kept the payment carrot laser focused as their main goal.

When they took me to another payment site I also entered that domain into Open DNS block list but it takes 10 or 15 minutes for a block to take effect so it worked for a long time before it also got blocked.

The names I have been given by the agents are: Sam, Jack Morris, David Smith, Alex Murphy, Jason, James Parker.
Their phone numbers are: 646-867-3751  ,   718-593-4198   ,   07 – 3040 – 0210
The service email address they use is: support@globalpcprotection.com


Update (December 8, 2011): See part 3 where they made a fresh cold call.


Video Timeline

  • 0:00:00 – 0:08:14  Introduction
  • 0:08:15 – 0:27:00  They log onto my computer and attempt to load the payment page which I have blocked.
  • 0:27:01 – 0:32:19  They attempt to load Google Chrome to load their payment page. Failed because of missing updates.
  • 0:40:10 – 0:59:00  They load a new payment page to attempt to get their payment.
  • 0:59:20 – 1:00:30   They say that they are having some problems with their main server and will fix the computer today and collect payment tomorrow!
  • 01:01:00 -  01:10:00  A system restore point is made, they clear some cache, turn off logging of their famous errors and warnings, run the disk cleanup utility, add some junk icons to the desktop, attempt to install antivirus but can’t since Windows needs updating. They install Registry Easy and clean the registry on my fresh VM.
  • 1:10:55 – 1:13:25  They return to the second payment website and now the Open DNS block has kicked in so it is also blocked. :)
  • 1:16:05 – 1:53:00  They try to fix cause of their payment sites being blocked.
  • 1:53:46 -  1:56:50  They load up their third payment site which isn’t blocked.
  • 2:04:30 – 2:05:30  Failed attempt to install another AV program.
  • 2:30:20 – 2:42:05  Poking around changing security settings. Taking another crack at installing AVG.
  • 2:46:10 – 2:47:00  They finally figured out how to remove the DNS entry that is doing the blocking. I wish I could have made the DNS change in my router but because of my digital TV service I need to keep it the way it is.
  • 2:50:00 – 3:07:50  They have me fill out the main payment form so they can get paid. When that fails they provide me with wire transfer instructions.
  • 3:11:30 – 3:13:10  More failed attempts at installing some AV software.
  • 3:19:09 – 3:24:48  They attempt to “Upgrade the computer to Windows 8″ by installing a skin pack. If this worked it would make the XP installation look similar Windows 8. :)
  • 3:24:52 – 3:29:30  The skin pack did something that corrupted this old version of XP. It is now stuck in an endless boot loop. He calls me at 3:25:55 and obviously doesn’t know how to troubleshoot the state of my computer. He said he will call back but instead goes home.
  • 3:29:50 – 3:33:10  A new technician Jason calls back but doesn’t know about my looping boot issue. He just wants me to walk me through the payment procedure… He eventually just hangs up
  • 3:33:20 – 3:44:40  This is the funniest call ever, it’s after hours and it seems like there is just one drunk guy manning the phones. After he hangs up I get him again at 3:37:02
  • 3:44:41 – 4:42:00  Call after I have had my boot issue resolved (I copied a new copy of the VM file which takes about 1 minute). I fill out their payment form again. I pretend to call the bank to see why my card doesn’t work for online purchases, of course since this is the weekend the fake bank needs me to go to my branch when it opens on Monday.
  • 4:42:01 – 5:15:30  They go over a new support icon that has been installed and install a bunch of software again since my OS is virgin again. :)
  • 5:16:12 – 5:56:30  They call a few days later to get the payment now that I had a chance to see the bank. I just give them a hard time since they have already done the work. I poke holes in some of the claims they make. I make them explain some of the things like how I can get unlimited free movies, games and software as soon I renew the maintenance warranty.
  • 5:56:31 – 6:16:28  I finally show him the part 1 Hacked Gadgets article, at 6:01:45 I tell them that this is my site, his reaction is priceless.










 

Buy online a about and erectile medicines best price cialis uk next day de . Get the look our with cost...


Related Posts

Hacked Gadgets gets another cold call from Scammers called Global IT and Global PC Protection – Part 3
Hacked Gadgets on Podnutz Show talking about the Global IT / Global PC Protection Scam
Hacked Gadgets has fun with Computer Scammer called Global IT
Robot uses Kinect for Mapping
Write for Hacked Gadgets
Joe Pitz – Hacked Gadgets Author
Happy Halloween from Hacked Gadgets
Hacked Gadgets Holiday Contest – Last Chance

 


 

49 Responses to “Hacked Gadgets corners Scammers called Global IT and Global PC Protection – Part 2”

  1. JJ Says:

    Good job Alan! Keep up the good work!

  2. Alexander Says:

    Oh you sneaky trickster you… Buying up the domain under them… That’s thinking like a Raptor right there.

  3. Andre Says:

    You should hand ended with this is Chris Hansen from dateline NBC. lol

  4. Stan Says:

    You have way more patience, and are far nicer than I would have been..;) You really had them chasing their own tail! Way to go!

  5. Erik Says:

    Alan, chapeau!

    This guy has PATIENCE with you! It just took him a lot of time to realise what he was up to and still then he sticked to his version of truth… He should work on a real helpdesk.

    Internet is just like the real world, only bigger :)

  6. Akos Says:

    There should be people payed for this kind of job.
    I mean Alan’s job.

    And a website with full reports like this.

    And not only in this domain… PC is not the only area where people are got scammed…

  7. Frank Says:

    Sorry for the unrelated question, but how big is that 6 hour video and how long did it take to upload?

  8. Alan Parekh Says:

    Thanks JJ!

  9. Alan Parekh Says:

    LOL Andre, I love the way the Chris Hansen gets the guys squirming. :)

  10. Alan Parekh Says:

    Hi Erik and Stan,

    Didn’t take too much patience since I was having lots of fun along the way. It was hard not to burst out laughing at points.

  11. Alan Parekh Says:

    Akos,

    I would put money into an organization like that!

  12. Alan Parekh Says:

    Hi Frank,

    The video is a little over 2GB. I think it took about 2 hours to upload to Youtube, I am not exactly sure since I just left it alone while it was uploading and returned later. What took a very long time was the Youtube processing time. This was something like 6 hours.

  13. Akos Says:

    Alan,

    Me too.
    Should make a nice website with nice blog-sphere coverage whenever a bigger issue is hit.

    Well, not paid job. That would twist the whole concept a bit.
    More like Wikipedia way.

    How about Kickstarting it?
    Anyone with some spare time?

  14. Andre Says:

    Akos, they have a forum for things like that, scam.com

  15. Ryan Says:

    I did not watch the whole video, but I did read both articles and watch the end of this video where you pull up the hackedgadgets site. I have to wonder, do you think the guy on the phone is really a scammer (that is, he knows he is performing bogus work for too much money), or do you think he is just some cheap labor with basic computer skills that was handed a script? Many of the things you mentioned (installing AVG, attempting to clean the registry, running disk clean up) are the sort of things a genuine, but inexperienced “technician” might do. In fact, I have even seem legitimate (and by that, I mean GeekSquad style companies, so I use the term loosely) not understand the Windows Eventlog and think all those “errors” are major problems.

    Anyhow, I’m not trying to defend the company, but I do have to wonder if this isn’t really just one or two guys paying cheap foreign labor to do their dirty work (which the workers think is legitimate)?

  16. Alan Parekh Says:

    Hi Ryan,

    I think the truth is somewhere in between that. I am sure all of the people on the phones are aware that they are up to no good because of the way they contact clients, telling them that their computer has been sending them errors and warnings.

    But I am sure they are just doing the job for exactly the same wage as their friend who might be working a few floors up at a Dell help center.

    Of course it could have been much worse. The programs that they were attempting to install could have been full of malware but I don’t think they would have been. I think they are instructed to quickly do a few things then collect the payment.

    It would have been interesting to see what would have happened if a payment was made and service was requested a week later. Do they just tell you to get lost? Or do they keep you happy until you are no longer able to reverse the credit card charge.

    In their procedure of getting the credit card they will always have a opportunity to take a screen capture of all the information needed to use that card for other purchases. This could be sold or used by them. Who knows the card number and details might be biggest part of the scam.

  17. spiralbrain Says:

    Good work Alan,
    Did you get hold of any IP addresses? I wonder where they are based and if they can be reported to Police.

  18. Akos Says:

    Andre,

    I had only a quick look at scam.com. I think it is TOO MUCH. 40 000 threads? Half million comments?
    Also, I clicked on one thread just by random, and the original poster had to say he was only impatient and everything was OK with the given company. But the thread is still there, not removed, not flagged as OK, ….

    But anyway, maybe this may show the overall possibility of such a service to be very impressive and useful.
    Like “independent product quality reporting” services are also not a big business as far as I know.

  19. Alan Parekh Says:

    Hey Spiralbrain,

    Sure did get their IP address. It’s in the video at 6:06:10.

    At first they say they are in New York. Then when I suggest they are in India he says that he is in the Philippines. After I stopped the screen capture recording I pasted a link to the Hacked Gadgets article in their chat box. After about 5 or 10 seconds I got a hit from their India IP address to that page.

    Their IP address is 1.22.239.190

  20. Hacked Gadgets has fun with Computer Scammer called Global IT - Hacked Gadgets - DIY Tech Blog Says:

    [...] Update: See part 2 where the scammers named Global PC Protection work on the computer and I tell the… [...]

  21. Jeremy Lane Says:

    Good job! My wife just got a phone call and so did one of my customers! I’m reposting this on my blog and linking your page! My favorite and most brilliant part was using OpenDNS to block their payment page! BRILLIANT!

  22. deriuqer Says:

    If you have it in a virtual machine why not just bridge it through your actual machines connection and do the DNS blocking in there?

    Well anyway, excellent work! I love the site, and this whole series is just wonderful.

    Keep up the good work!

  23. ALERT! Computer Scammers By Phone? | FastLane Technologies Says:

    [...] and the second part is (my favorite) where he calls the “technician” out on his scam: http://hackedgadgets.com/2011/11/23/hacked-gadgets-corners-scammers-called-global-it-and-global-pc-p… (6+ hours of [...]

  24. George Johnson Says:

    The only way I can think that would have made this better, is if at the end when you were talking to them, you went to the bathroom while on the phone.
    There’s always that “what’s he doing? What’s that noise… is he?…..” then the revelation comes when the toilet flushes.
    That’s just extra insult.

  25. George Johnson Says:

    Ryan, you’re too nice.

    I’m betting, and I’d bet my house on this, that these guys have set up a “system” where they think they’re performing some “minimum legal” requirement to not go to jail.

    In other words, the average person would go to them for help, they’d get some minimum assistance, for a price. Then if their machine that got fixed, great, pay us. If not, hey, we worked on it, pay us.

    And that average person, under threat of lawsuit or collection, would pay up. And these guys do virtually nothing.

    Are they are the top of the heap? I doubt that, but they know what they’re doing, is phony baloney, plastic banana good time rock and roll rip off.

    But an honest gig? No way.

  26. Koen Says:

    LOVE IT (=

  27. Koen Says:

    but didn’t he see the vm hardware in the device manager 0.o ?

    kind regards,

    Koen

  28. Alan Parekh Says:

    Hi Koen,

    If he had his eyes open he would have seen that. The name of the computer was even something like VM XP.

  29. Koen Says:

    lol (= if you scam do it right=P

  30. Parmin Says:

    LOL
    Alan you have infinite patience to draw out these fraudsters.
    I wish I got 6 hours free to listen to it all.

    Thanks for the comedy :)

  31. Mike Says:

    Alan, the silence you heard (when the video says “he doesnt have much to say anymore”) was the sound of his soul being wounded by the realization that what he was doing was wrong. You’ve done a good work in this persons life and maintained your composure throughout. Well done.

  32. Ed G Says:

    Alan; great job. I want you to know that you’ve helped me save a lot of people a lot of money on this scam. I found all kinds of information about this scam but yours is by far the most comprehensive expose. If you notice early on in the video it looks as though they go in and disable eventlog from start up which would be key for their “success” – if they disable the log, event viewer will be blank …AFTER they install their software. Illusions

  33. Jenny Tull Says:

    Okay, I have one on the line right now. what shall I do?

  34. Jenny Tull Says:

    Woo, 42 minutes. And while I was on the line, I taught myself some nasty things to say in indian. Madar Chhod!!

  35. Alan Parekh Says:

    Hi Jenny,

    Let us know how it went!

  36. Jenny Tull Says:

    Sadly, Nobody was permanently injured during the course of this call.

    I think I may have made a few people cry, though. I’m amazed at how slow these monkeys are to catch on. The last five minutes of the call were nothing but me insulting his mother and describing in detail what his daddies do with the cows when nobody is looking. Yet he persisted to excitedly continue to explain to me how important it was to get this windows problem taken care of immediately. WTF?

  37. Jenny Tull Says:

    This is the first time I’ve received a call from them, but I’m already planning out the next one. I’m not geeky enough to set up a VM; but I think I’ll take my old laptop out of retirement, reinstall windows, and plug it into my home network.

    Is there any danger of them messing with my *real* computer on the same network if I let them in?

    I plan to have a hard drive full of gay fetish porn and some snuff films. It will be fun to roll that video while they’re busy poking around. What else would be considered mortally offensive to an indian?

  38. Alan Parekh Says:

    Hi Jenny. That is great. :)

    You can let them play with a junk computer just be sure that it can’t access any of your other computer hard drives on your network.

  39. deriuqer Says:

    Offend an Indiana?

    Cow beastiality and slaughter house film footage ought to do the trick.

  40. Linda Craig Says:

    Absolutely brilliant Alan, they seem to be at this all over the globe. We’re located in Scotland, UK. We had 3 PC’s dropped in yesterday,after the scammers had called and taken the credit card details they locked the PC’s down with a windows start up password.
    we had quite a few people fall for the same thing last year but then it seemed to die down, but they must be making a fortune from it as they are back again.
    I’ve put a link to your page (hope you don’t mind) on my our linked in page. Hopefully warn other people about this scam.
    Keep up your good work, it kept me amused for hours last night.

  41. Ritchie Says:

    A friend of mine who has Hindu in-laws tut-tutted one of these cold callers with “You will never dwell in the house of Krishna”, which upset the poor chap enough that he hung up, and someone else phoned back with some concern in their voice.

  42. Joe Says:

    Hi Alan,

    I appreciate most the dignity with which you talked to and treated the men on the phone, without judgments or undue criticisms–sadly becoming more and more rare among people today. Incredible detail and patience. Comment 31 by Mike probably truly explained some of the pauses and silences by the final man on the phone. It makes you wonder the conditions of people’s lives to be involved in such things–the base employees who may see but ignore signs of corruption and not pursue or rationalize away the truth and the corrupt management who sets it all up and may or may not train the base employees in a knowing manner. And you compassionately, non-judgmentally guided him, in the case he possibly could be an employee trained by others in an unknowing manner and not management, to look critically at things. Hopefully it will be an important thing in his life that you gave him this dignity and respect. My hat is off to you, I commend this work by you, and thank you for sharing it.

    My e-mail to post this is false, by the way–I’m too busy personally to follow follow-up comments and was out of priority (procrastinating other things) to be here anyway and I don’t want any automatic recording of my address. I was called by these people today. However, if you take interest I would be happy for any personal contact with you, [my first name]bhf at yanoodle daught come. I know you can figure that out if desired. I’m not much for long-distance loyalty to friends–usually just focus on local friends and neighbors, trying to be an influence for good though I’m as flawed as anyone. I’m really a nobody without much to offer (a dad, remarried, and a mess of a personal life) and am not offering anything specific, call me weird, but this entire project you did and posted just stuck out as so rare to me that I’m putting this out there. I welcome associations with people like you. This world needs more people like you. Thanks again.

    = )
    Josiah

  43. Patrick Enright Says:

    Hi Alan,
    what a great job you have done here although it hasn’t stopped them continuing to rip people off. I have just attended a client’s house here in Australia where she paid $789.99 to these scammers last week after they cold called her and told her that her system was about to fail. It was virtually identical to the scenarion in your Part 1 video.
    In this instance they are calling themselves Hitech PC Support and I have included a copy of the email that they sent to her after she had paid the money. I thought you may be interested. Keep up the good work!!

    By the way the invoices that they issued are from Minnesota, MN

    From: HITECH PC
    To: XXXXXX@bigpond.net.au
    Sent: Tuesday, September 04, 2012 11:20 AM
    Subject: Welcome Letter

    Dear Customer,

    Thanks for joining us, now your Computer is our responsibility.

    Below are just the general features that are available for you apart from all minor to major support that we would be providing you.

    The product & services available from our end is the cheapest as you don’t have to pay anything for the tenure that you have enrolled in.

    The general products that you have enrolled in are as below :-

    Products
    PC Speed Up
    Anti Virus & Spyware
    Data Back Up
    MS-Office Set Up
    Parental Control
    Printer & Scanner
    Mp3 & iPod
    Internet Set Up
    Mail Support
    XP Installation
    Vista Upgrade
    Windows 7 Upgrade
    Wi-Fi Support
    Supported Brand & Softwares
    Computer Help
    Internet Support
    Email Support
    Operating System Support
    PC/Laptop Security
    Computer Optimization
    PC Peripheral Support
    Windows 7 Migration Support

    Please note that the subscription that you have enrolled in includes a Life Time Software Support Warranty of your PC.

    You would also receive a regular checkup phone call from our support team to clean up & fasten you PC.

    Kindly Acknowledge the receipt of the mail & get back to us anytime you need us at support@hitechpcprotection.com .

    Thanks
    HITECH PC SUPPORT
    Contact: – 2-8005-7751

  44. Alan Parekh Says:

    Hi Patrick,

    Sorry to hear that your customer got taken…

  45. Kelsha Says:

    Do you have any experience with http://globalpcexpert.com/ Is this the same type of thing? The set up is similar. I called AVG support to try and figure out how to fix some setting changes that downloading AVG secure search toolbar had created. They told me that there was no way to fix those changes without cleaning up my computer, but that they had a service that could do that. I gave them my credit card information and he started working on my computer. It wasn’t until I got a call back confirming the price that I started to worry, because they told me at that point that they were not affiliated with AVG or Microsoft. Why would someone from AVG support offer me a service from another company without making it clear that it was a different company?

    The person who helped me had and Indian accent, but the person who called me had a Russian accent. The number that they gave me to call back is the same as on that website, thought the website says it is based in 6458 VALIANT HTS, MISSISSAUGA, ONTARIO, L5W1E2.

    Also, I am worried because the name is really similar to the names you mention here. And in the end, he fixed the problem by removing the toolbar, which I could have done without his help.

    .

    I am worried because the name is close to the names you give here.

  46. RG Says:

    Two men with a LOT of patience ;) Really admirable (almost) the guy keeps up acting if they’re a real deal. Btw, they started calling me since this morning, CET (“Global IT Support”, 0014259053074).

  47. Ron Says:

    Very nicely done. I am glad you posted this, now, I am aware of this, I am totally blind, and I will know not to fall for it. I know alot about computers though. very nicely done once again.

  48. Jon Says:

    Lol at when the “technician” googled globalitprotection.com and the 3rd and 4th result said scam! XD

  49. vk Says:

    You have lot of patience! I am surprised how the caller kept on with you and not get angry and actually apologized. It may be he was a very low level employee and really was made to believe that he was helping people. After all, you cant assume he knew everything about computers.

    Not much difference between the caller and the person working at McDonald who unknowingly poisons hundreds every day. The only difference is that in this case, someone handed him the call after calling you. With McDonald, people go up to the counter willingly.

    In any case, I hope your words stay with him and have an impact.

Leave a Reply

Internal Links:

Categories:

Search:

Google
Hacked Gadgets
Web

Site Sponsors:

Nuts and Volts Electronic Labs Trossen Robotics Free Technical Publications Blue LED

 

Recent Comments:

Site Rating:

More RSS Feed Options

Site Sponsors:

 

Interesting Sites:

Site Videos:

Incoming Links: