You think these scammers from Global PC Protection (they often call themselves Global IT) would have me on their do not call list after the fun we had with them in Part 1 and part 2. I figured that would be the last we ever heard of them. Well to my surprise I got another cold call from one of their agents warning me that my computer has once again been sending them errors and warnings.
I just had a bit of fun with them before I again told them who I was. Guess what, they were not very pleased about this and they started to delete a bunch of system files, browsed to a porn site and attempted to format my hard drive. I guess they still didn’t realize that they were just playing around in a VM.
The video is quite long, here are the highlights.
0:00 Initial description of problem.
13:09 Peter Anderson tries to convince me that he is calling from New York.
15:46 Peter Anderson with a new voice answers my call.
17:00 The first Peter Anderson calls back.
35:30 Virtual Machine setup shown.
18:10 They once again try to make up junk about what the Support Connection Code is for.
20:39 VM hard drive issues, for some reason the virtual hard drive isn’t automatically growing as it should.
26:30 Cleaning the old VM was talking a long time, I just made a new copy of the VM image to start with a fresh copy.
29:30 They connect to my system using Team Viewer.
37:42 Their technician has remote control of the system and “checks” the computer out.
48:02 I give Peter a hard time for accidentally hanging up the phone on me.
57:05 I show them who I am, they hang up but stay connected to the computer.
58:35 They talk about what they think of me.
59:27 Start deleting files while they talk to me.
1:01:50 The load up a porn site and look around, then they hang up the phone while remaining logged onto my computer.
Viagra secure payment and private highest medicines viagra . Zithromax should used by to it was to infections zpak . Zithromax should used by to it was to infections.
This is crazy! I can’t believe they would call again! I still am not sure why they went to the porn site… I wonder if they did that to keep you from posting the video or just to give you the middle finger. If they were not trying to be malicious in that way I guess they might be trying to really get a virus or malware on your computer to say “See, we found one and cleaned it off… so pay us!” Keep up the great work Alan!
I never did contact any law enforcement since all of the contact was done via a remote service I would never have their actual IP. The only time I got their IP was when I gave them the link to a Hacked Gadgets article and I immediately saw them look at the article through my server IP logs. That was only one time though.
I did contact the two remote access software companies since they would have better IP logs and could also see what other areas (based on IP) they are targeting. They responded with the usual “we will look into it”.
In a global scale I think this whole issue is somehow sad.
These guys are actually only doing their job. Probably very badly paid job.
Being said this, I do not think they should go along with it. But I feel sorry for them sometimes.
instead of a web blocker could you not use your host firewall to block port 80 to the VM – that way no websites would work.
I did like their attempt at deleting the windows folder – but blimey dont they type slowly
These guys are just like the shady mechanic who splashes brake fluid under your car so they can warn you about it and tow it to their shop around the corner for service. Even though the guys on the phone are not the mastermind of the end to end scheme they are participating in something that they obviously know is wrong. I think over time they become complacent and might even think they are doing a good honest service for their customer even thought they are still just scammers.
[...] operacyjny i udawał, że nie ma pojęcia co się dzieje by nagrać zachowanie oszustów. Cała akcja trwa około godziny, w tym czasie rozmowę prowadzi kilka osób – ewidentny podział [...]
My cheeks: Hurt
My sides: Split
My gut: Busted
My knee: slapped. (NO ARROWS! >:()
I am crying and laughing, and all of my cubemates think I am completely BONKERS for laughing so hard and loud–thank ATHESIMO that it is Friday and nobody is in this early to hear me howling with laughter.
FORMATE!!! I am never calling it ‘fore-mat’ again. It will forever be “For-mate” until I get called out on it.
I am so close to calling these guys up and having the same level of fun with them, but I am afraid that I would give away the whole thing by laughing hard. Oh, I should just let them futz around with my Linux machine to see how badly they would bungle that…
What’s “Bob you are your wife……..” even supposed to mean?
And what’s a for-mate? A friend from a foreign country? I think it has to be some kind of friend…
The part from 57:00 on was very entertaining (Don’t have the time to watch the whole video) and especially their desperate attempts to delete system files really made laugh. Thanks for sharing this with us.
Btw: I wonder what they would do if you put the computer into kiosk mode…
Glad you got a laugh our of it. I had a computer support friend of mine over just after the 2nd video was made and we came up with a funny idea. Make a VM of a Linux install and put the Windows skin on it. Let them use Team Viewer to log in since it is compatible with Linux and let them play with what looks like Windows. http://lifehacker.com/5619064/w7-theme-for-ubuntu-brings-windows-7s-familiar-gui-to-linux
I just emailed them again. This was their response.
———————————————–
Hello Alan,
Thank you for your message.
Yes, we are aware of the problem. They use our free version of the software and skype to scam unsuspecting people. We block their IDs when we can, but it is difficult as they keep coming back. Please keep in mind that they have no connection to TeamViewer.
Thank you for the link. It was very interesting.
Have a great day and thanks again.
Haven’t laugh so hard and loud for a long time! What a persistent guy :>
The best part is when he tries to wipe up the system.
“Make a VM of a Linux install and put the Windows skin on it.”
There is also “tree” command on Linux, so they (he) wouldn’t get it for a while. Maybe they would try to use “formate” on this one too?
Well.. Who else is thinking about coding an fake event viewer for Linux now? Just imagine their reaction when there are no “errors” that could be sent to them…
Sadly, I don’t have the time at the moment. But maybe if they call you like two more times, I might actually do it
You can make some bogus aliases:
alias formate=’echo For-mateing the hard disk…’
It works even for existing commands. That’s for the text mode.
There’s also: regedit, notepad, and some other Windows tools as part of wine package, so it may even look convincing
Yes, scammers, true.
But living here in Central (Eastern) Europe, I may I understand their cultural situation better than you from the real heart of the western civilization.
You know I actually live few houses away from pockets of gipsies. We live along OK and sharing roads daily. They ARE different. They do think VERY differently about values of civilisations.
Have you seen the BBC program where they organize people from West to go to India and do their jobs? One particular episode came to my mind where an IT security guy (in US) was fired due to outsourcing his job to India. Then BBC (??? not really sure it was BBC) took this guy to the actual Indian company where he actually met the person who got his job. This Indian guy was receiving a fraction of his salary and lived with half dozens of his family members in one room. The US guy was not angry on the situation at the end of the show. He cried instead. Really enlightening program to see.
Scam, still true. I can just sense some deeper relations behind which somehow makes me sad and feel sorry for them.
Scam, still true, but they (India + China) are around 2,5 billions while we (western people) are maybe half of them.
Nothing personal and no offense here. Just letting you my understanding.
That sounds like a great show to watch. Here in Canada the BBC online content us usually blocked.
I guess it all depends on how you look at it. I wouldn’t blame someone who was stealing food to eat is the alternative was starving to death. But in this case they are tricking people out of their hard earned money. There have been news articles where senior citizens on fixed incomes were getting caught up in these sorts of scams. I think if we were able to see the organizer of this scam driving his Mercedes to his big house people would stop feeling sorry for the workers.
Well, I tried to dig down for the show, but no luck. It was a dubbed program on a local tv cahnnel, so no clue on the original title unfurtunately.
Yes, there might be (must be) some mastermind behind the scenes. I wouldn’t be surprised if the “head of scam” was some guy with a big Mercedes simply outsourcing the actual “job” to India as it anyway happens in IT. After all, this scam needs some firm knowledge on trading and commercial stuff to work.
You should have another VM ready (though I doubt they are dumb enough to call again!) and stick a batch file in C:\documents and settings\administrator\ called tree.bat that contains:
@echo off
echo Your warranty is valid for 12 more years.
Also, I would clear out the event viewer and sleep the VM so it has no time to make more errors. That would be fun to watch.
True, I never thought about that. If someone from the USA or Canada wanted to operate this scam with local people it would be shut down in no time but if all the calls were originating from a hard to prosecute country, law enforcement would lean towards educating the public instead of prosecution. You might be on to something there…
I love the real hustle, some of the lengths they go to are fantastic.
When you talked about their other names in Part 2, you forgot Online PC Doctors. In another video, the man that cold-calls people is the same person who called you. The registration number page hasn’t changed since the scam started.
Also, after a bit of investigation, I found out where their website is hosted from. The Global PC Protection site’s server is located somewhere in Scottsdale, Arizona. They didn’t tell anyone where their “offices” are located but you can easily find it. Just ping the site and look up the IP on whatismyipaddress.com or just go here: http://whatismyipaddress.com/ip/72.167.0.128
It gets better. I looked at it some more, and their whole scam is operated from THE BACK ROOM OF A HOUSE. Looking up the site points here – 13824 North 88th Place, Scottsdale, AZ 85260
December 8th, 2011
[...] Update (December 8, 2011): See part 3 where they made a fresh cold call. [...]
December 8th, 2011
This is crazy! I can’t believe they would call again! I still am not sure why they went to the porn site… I wonder if they did that to keep you from posting the video or just to give you the middle finger. If they were not trying to be malicious in that way I guess they might be trying to really get a virus or malware on your computer to say “See, we found one and cleaned it off… so pay us!” Keep up the great work Alan!
December 8th, 2011
Did you ever report them to the authorities? Firewall logs after the fact? I would love to see these guys get shut down.
December 8th, 2011
Hi JJ,
I never did contact any law enforcement since all of the contact was done via a remote service I would never have their actual IP. The only time I got their IP was when I gave them the link to a Hacked Gadgets article and I immediately saw them look at the article through my server IP logs. That was only one time though.
I did contact the two remote access software companies since they would have better IP logs and could also see what other areas (based on IP) they are targeting. They responded with the usual “we will look into it”.
December 8th, 2011
Hey Jeremy,
You got it, these guys are not very swift. I am thinking the porn site was a lame attempt to have the video not able to be posted on Youtube.
December 8th, 2011
In a global scale I think this whole issue is somehow sad.
These guys are actually only doing their job. Probably very badly paid job.
Being said this, I do not think they should go along with it. But I feel sorry for them sometimes.
December 8th, 2011
Be careful!
This People are very dangerous and have already hacked 127.0.0.1!
December 8th, 2011
“It look like a square with to line” -> EPIC LOL
December 8th, 2011
LOL “formate c :” XDDDDDDDDDDDDDDDDD
now THAT’s a noob
seriously, like they barely know english at all
December 8th, 2011
I think it is incredibly funny, how those guys see that te computer is named “xp-vm” and dont even think this could be a trap…
December 8th, 2011
Very nice Alan.
December 8th, 2011
awesome again!!!, but you keep forgetting to install the plugin on firefox so they can see your video,
December 9th, 2011
I would still recommend to install some web blocker. Some that would really not let browse anything.
December 9th, 2011
I mean into your WM of course.
December 9th, 2011
instead of a web blocker could you not use your host firewall to block port 80 to the VM – that way no websites would work.
I did like their attempt at deleting the windows folder – but blimey dont they type slowly
December 9th, 2011
How do these people call you anyway? To your Skype, land-line phone?
December 9th, 2011
Hi Akos,
These guys are just like the shady mechanic who splashes brake fluid under your car so they can warn you about it and tow it to their shop around the corner for service. Even though the guys on the phone are not the mastermind of the end to end scheme they are participating in something that they obviously know is wrong. I think over time they become complacent and might even think they are doing a good honest service for their customer even thought they are still just scammers.
December 9th, 2011
Hi R2k,
That is the local host IP right? I don’t follow you?
December 9th, 2011
Hi Mure,
They called me on my home number, this is because I am in their global database (also known as the white pages).
December 9th, 2011
Hi Alan,
right. 127.0.0.1 is the Adress of “localhost”
So, it is just a running gag for showing how brainless these guys are.
December 9th, 2011
[...] operacyjny i udawał, że nie ma pojęcia co się dzieje by nagrać zachowanie oszustów. Cała akcja trwa około godziny, w tym czasie rozmowę prowadzi kilka osób – ewidentny podział [...]
December 9th, 2011
My cheeks: Hurt
My sides: Split
My gut: Busted
My knee: slapped. (NO ARROWS! >:()
I am crying and laughing, and all of my cubemates think I am completely BONKERS for laughing so hard and loud–thank ATHESIMO that it is Friday and nobody is in this early to hear me howling with laughter.
FORMATE!!! I am never calling it ‘fore-mat’ again. It will forever be “For-mate” until I get called out on it.
I am so close to calling these guys up and having the same level of fun with them, but I am afraid that I would give away the whole thing by laughing hard. Oh, I should just let them futz around with my Linux machine to see how badly they would bungle that…
December 9th, 2011
What’s “Bob you are your wife……..” even supposed to mean?
And what’s a for-mate? A friend from a foreign country? I think it has to be some kind of friend…
The part from 57:00 on was very entertaining (Don’t have the time to watch the whole video) and especially their desperate attempts to delete system files really made laugh. Thanks for sharing this with us.
Btw: I wonder what they would do if you put the computer into kiosk mode…
December 9th, 2011
Hi R2K,
Got it.
December 9th, 2011
Hi Alexander,
Glad you got a laugh our of it. I had a computer support friend of mine over just after the 2nd video was made and we came up with a funny idea. Make a VM of a Linux install and put the Windows skin on it. Let them use Team Viewer to log in since it is compatible with Linux and let them play with what looks like Windows.
http://lifehacker.com/5619064/w7-theme-for-ubuntu-brings-windows-7s-familiar-gui-to-linux
December 9th, 2011
LOL Enable CC Transcribe audio, funniest thing ever…. I love these videos man, you are the best.
December 9th, 2011
Great video- i’m amazed Teamviewer haven’t blocked them as they’re blatently using the software for commercial use.
December 9th, 2011
Hi Chris,
I just emailed them again. This was their response.
———————————————–
Hello Alan,
Thank you for your message.
Yes, we are aware of the problem. They use our free version of the software and skype to scam unsuspecting people. We block their IDs when we can, but it is difficult as they keep coming back. Please keep in mind that they have no connection to TeamViewer.
Thank you for the link. It was very interesting.
Have a great day and thanks again.
Best regards
Ralph Hindo
———————–
TeamViewer Inc. – http://www.teamviewer.com
3001 North Rocky Point Drive East, Suite 200
Tampa, FL 33607
Phone 800-951-4573 – Fax 800-352-7610
December 9th, 2011
Haven’t laugh so hard and loud for a long time! What a persistent guy :>
The best part is when he tries to wipe up the system.
“Make a VM of a Linux install and put the Windows skin on it.”
There is also “tree” command on Linux, so they (he) wouldn’t get it for a while. Maybe they would try to use “formate” on this one too?
December 9th, 2011
Hey Argon,
Or a tree command could be made which displayed some fake files then prints that the warranty is still valid for 2 more years.
That would be funny!
But it probably wouldn’t even get that far since they would attempt to look for the event viewer and find nothing…
December 9th, 2011
Well.. Who else is thinking about coding an fake event viewer for Linux now? Just imagine their reaction when there are no “errors” that could be sent to them…
Sadly, I don’t have the time at the moment. But maybe if they call you like two more times, I might actually do it
December 9th, 2011
You can make some bogus aliases:
alias formate=’echo For-mateing the hard disk…’
It works even for existing commands. That’s for the text mode.
There’s also: regedit, notepad, and some other Windows tools as part of wine package, so it may even look convincing
December 9th, 2011
That is just to funny they called you back again!!
December 10th, 2011
Alan,
Yes, scammers, true.
But living here in Central (Eastern) Europe, I may I understand their cultural situation better than you from the real heart of the western civilization.
You know I actually live few houses away from pockets of gipsies. We live along OK and sharing roads daily. They ARE different. They do think VERY differently about values of civilisations.
Have you seen the BBC program where they organize people from West to go to India and do their jobs? One particular episode came to my mind where an IT security guy (in US) was fired due to outsourcing his job to India. Then BBC (??? not really sure it was BBC) took this guy to the actual Indian company where he actually met the person who got his job. This Indian guy was receiving a fraction of his salary and lived with half dozens of his family members in one room. The US guy was not angry on the situation at the end of the show. He cried instead. Really enlightening program to see.
Scam, still true. I can just sense some deeper relations behind which somehow makes me sad and feel sorry for them.
Scam, still true, but they (India + China) are around 2,5 billions while we (western people) are maybe half of them.
Nothing personal and no offense here. Just letting you my understanding.
December 10th, 2011
Hi Akos,
That sounds like a great show to watch. Here in Canada the BBC online content us usually blocked.
I guess it all depends on how you look at it. I wouldn’t blame someone who was stealing food to eat is the alternative was starving to death. But in this case they are tricking people out of their hard earned money. There have been news articles where senior citizens on fixed incomes were getting caught up in these sorts of scams. I think if we were able to see the organizer of this scam driving his Mercedes to his big house people would stop feeling sorry for the workers.
December 11th, 2011
Well, I tried to dig down for the show, but no luck. It was a dubbed program on a local tv cahnnel, so no clue on the original title unfurtunately.
Yes, there might be (must be) some mastermind behind the scenes. I wouldn’t be surprised if the “head of scam” was some guy with a big Mercedes simply outsourcing the actual “job” to India as it anyway happens in IT. After all, this scam needs some firm knowledge on trading and commercial stuff to work.
December 11th, 2011
Is “The Real Hustle” a well-known TV program out there anyway?
December 11th, 2011
You should have another VM ready (though I doubt they are dumb enough to call again!) and stick a batch file in C:\documents and settings\administrator\ called tree.bat that contains:
@echo off
echo Your warranty is valid for 12 more years.
Also, I would clear out the event viewer and sleep the VM so it has no time to make more errors. That would be fun to watch.
December 11th, 2011
Hi Akos,
True, I never thought about that. If someone from the USA or Canada wanted to operate this scam with local people it would be shut down in no time but if all the calls were originating from a hard to prosecute country, law enforcement would lean towards educating the public instead of prosecution. You might be on to something there…
I love the real hustle, some of the lengths they go to are fantastic.
December 11th, 2011
Hi Jeff,
That would be so funny.
December 12th, 2011
Hey Alan,
Thanks for coming on the PodNutz show with me! The show is up! Here is the link: http://www.podnutz.com/pnd333
January 16th, 2012
When you talked about their other names in Part 2, you forgot Online PC Doctors. In another video, the man that cold-calls people is the same person who called you. The registration number page hasn’t changed since the scam started.
January 16th, 2012
Also, after a bit of investigation, I found out where their website is hosted from. The Global PC Protection site’s server is located somewhere in Scottsdale, Arizona. They didn’t tell anyone where their “offices” are located but you can easily find it. Just ping the site and look up the IP on whatismyipaddress.com or just go here: http://whatismyipaddress.com/ip/72.167.0.128
January 16th, 2012
It gets better. I looked at it some more, and their whole scam is operated from THE BACK ROOM OF A HOUSE. Looking up the site points here – 13824 North 88th Place, Scottsdale, AZ 85260