Trending Scams

 

This is an experimental section of the website that aims to inform you of scams making the rounds in our area, as reported by our staff and customers. If you find this section useful, please let us know.

 

June 2017 – Fake Virus removal, PC cleanup scam

An all too common scam these days … One day while browsing the web you are hit with a dire looking popup that claims your computer is infected with a virus or some other fictional malady. Scam authors are able to produce a semi-legitimate looking popup to your desktop by leveraging background html code embedded in an advertising frame, or through an external link on a site you visit. Javascript can be used to resize your browser window so that the fake error appears to be on your entire desktop, and the browser frame often tries to copy standard Windows visual themes. They are hoping to exploit your sense of alarm,  and conveniently provide a website address or phone number you are encouraged to visit in order to ‘remedy the issue’.

Of course legitimate providers like Microsoft, and any of the reputable Anti-Malware vendors will never use tactics like these to contact you. The 2nd stage of this scam usually involves the fake support agent talking you into running something on your computer that you’ve never heard of, in order to gain control of the machine, or trick you into making payments.
The number we were asked to call is (866) 315-1003.

Two of the more common vectors for this ruse are Teamviewer and GoToAssist. These are ‘desktop sharing’ applications that are often used by legitimate tech support to assist people remotely, however when you give a scammer remote control over your PC, they are not going be fixing any existing problems, only creating new ones for you.

 

team viewer launch                gotoassist launch

 

In the iteration we recently encountered and were able to investigate, the scammers trick was to get you to launch ‘hh‘ from a Windows runbox, supposedly confirming the virus-caused error, and then manually redirect you to a spammer controlled ‘GoToAssist’ session, where the scammers can then demonstrate another bunch of plausible looking errors by pulling irrelevant data from various system utilities that come with Windows.  You will then be taken to a credit card payment processor and asked to pay in advance for a ‘premium support’ contract.

This scam operates in the quasi-legal realm of offering a fictional service to remedy a fictional technical issue, however scammers with even fewer qualms about prosecution and legal jurisdictions will often install actual malware onto your system during the shared desktop session, in order to give themselves persistent administrative control over your computer.

 

July 2017 – IRS Lawsuit/Arrest scam

This scam appears to originate from the 409 (Texas) area code, but the caller ID may be spoofed. A recorded speaker threatens you with a pending IRS lawsuit and/or arrest. Of course the caller never identifies themselves, or who ‘you’, the supposed target of this lawsuit/warrant is, for that matter.
The number you’re being asked to call during our observed samples is either (409) 965-5767 or (409) 965-5763.

click here to hear an audio sample of this scam.

IRS Lawsuit Scam

 

January 2018 – Craigslist Vehicle transfer scams

Recently one of our techs found himself in need of some new wheels, and went looking on Craigslist in the Olympic Peninsula section for something local, and affordable, to drive. Perhaps the price and mileage were just a bit too good in this ad, but we all like to find a deal, it’s part of the online bargain hunting experience.

The apparent stock photos, and being asked to call a burner mobile number in Georgia, (770) 515-8478, set off some early red flags, so we set our tech up with a disposable one-time use mailbox for correspondence with the would-be scammers.

Magicians use a tactic called ‘misdirection’ to fool their audiences, scammers are often heavily invested in ‘redirection’, a tactic of bouncing you around, so that when their assets like numbers and mailboxes get burned by abuse reports, they can swap in a new one into that spot, and be back to scamming in short order.

Our Georgia number asks our tech to email ‘their mom’ at <michellesp222@gmail.com> to purchase the vehicle.

So he does. Our advice to avoiding Craigslist scams is to ask very specific questions right off the bat that a ‘remote agent’ or ‘sale by proxy’ will not be able to provide you satisfactory answers to.

The response back, is of course scripted, and answers neither of the questions posed. Scammers want to get you invested in their made-up back story, and avoid having to provide any kind of information to you that might be verifiable.

A nice prepared paragraph that answers all the questions … that nobody had asked. Now comes time for the scammer to really see if they can get their hooks into you, and use your excitement over the fictional ‘good buy’ to propose a very odd sort of car sale, with no in-person interactions, and an escrow service chosen by the scammer, of course.

The scammer continues to make requests, and ignore all requests made of them for tangible, verifiable information, like a contact number and the physical address of the vehicle. Notice that when confronted for the local location of the truck, the vehicle has magically teleported out of the timezone it was listed in. So our journey takes us from a burner number in Georgia, to Nebraska, through Alaska, to a disposable gmail account, and asks that we now await ‘an email from eBay’.

And if we were to continue traveling, we’re likely going to end up back to the scammers own web front operation. Know, of course, that Ebay does not personally message anyone with ‘details’ of a listing at a sellers’ request. What comes next is a phish. Stay tuned, and we’ll see if we can land the scaly fellow, while this scam in still in season.