It was a Thursday morning and the first presenter of the day opened up the studios and turned on the computers and everything seemed OK. One computer that runs 24 hours a day crashed in the morning and was rebooted and a message filled the screen.
Your information has been ransomed.
Your data has been encrypted and you cannot recover it unless you pay a ransom.
Phone XXXXX-XXXXX for instructions.
You will pay the ransom in Bitcoins and the longer you leave it before calling the higher the cost will be.
If you don’t know how to pay in Bitcoins or where to buy Bitcoins go to the following website for instructions.
This message was only on one PC and the others seemed fine. That seemed strange – was it real or just a fake message from a scammer trying to get a fast payment before people realised it was a hoax.
In this case it wasn’t a hoax, there had been such an attack.
The presenter reported the problem and was given the advice to remove the network cables from all PCs. (the Internet connection remained on so the station could broadcast)
He started his Live show and everything seemed fine but then the music tracks he had scheduled started to report as missing.
The IT experts arrived and systematically assessed the state of every PC and server and it was clear that while some encryption had taken place and hence those files were unusable, almost everything was intact despite the attackers warning. Only a few PCs had been attacked and the rest were untouched.
However, one PC had been ruined by the criminals – everything had been encrypted.
Several other PCs had encryption processes still running after the Internet connections were pulled and these were stopped.
The Managing Director made the decision not to pay, even if it meant taking losses, on principle. Also, the incident was reported to the Police.
The next step was to determine how the attack had taken place.
This is where the website https://id-ransomware.malwarehunterteam.com proved very useful as you can upload an encrypted file and it identifies which ransomware variant was used by the attackers.
It was identified and unfortunately is one where there are no decryption keys available on the Internet as there are for some variants.
The variant of the ransomware also gave a clue that the attack was likely through the firewall rather than by email or other means.
A scan of the relevant firewall showed that the FTP and RDP ports were open. The criminal’s means of attack was via the RDP port and the remote control software installed on several PCs. This made sense as it explained why they could only get to a few computers and not the rest – only the ones with remote control access installed.
Now the experts knew how the criminals got into the systems, it was easy to block on the server and the broadband firewall and delete the remote control software.
Now the bad guys could no longer access the systems, it was safe to start purging the encrypted data and restore from backup.
While that continued, checks on the server logs showed the bad guys had tried to guess the FTP password but gave up quickly. However they had run a programme to throw a dictionary at the server login in an attempt to get the password. Tens of thousands of attempts failed. This shows the benefit of having a strong password (i.e. unguessable).
1. Comprehensive regular backups are absolutely essential, including off site backups
2. Any connections to the Internet must be well protected
3. Only run systems and services through an external firewall if essential and ensure these are well protected
4. Ensure all security patches are installed ASAP
5. Take regular security audits
6. Be prepared for such an attack and plan for how to deal with the aftermath
Remember that IT security is not a one-off event, it is an ongoing process – so keep your security processes up to date and test them.
For an introduction to ransomware, look at https://fightback.ninja/ransomware-what-is-it-2/
Do Share this post on social media – click on the icons at the bottom of the article.
Most people who suffer from fraud want the money back, justice for the perpetrators and then to forget about it.
But for some, it turns into a desire to stop these fraudsters committing further crimes and a need to do something.
Buster Jack Buster is a group of people who are fighting back and in 2017 they celebrated having shut down 1,000 bank accounts belonging to scammers.
The classic hoax involves under-priced vehicles advertised by a seller who then - for what seems a very plausible reason - says the vehicle cannot be viewed before purchase. The seller promises the money will be secured in an escrow or other holding account until the buyer is satisfied with the purchase.
What happens, of course, is that the money is simply taken and the vehicle doesn’t even belong to the criminals.
The group specialise in car fraud - fake listings for any type of cars, vans etc. and specifically they look for ones that are very under-priced. Once they find such listings, a little checking on the Internet can often locate the true owner’s advert which has been copied by the scammer. The real listing will show the correct value of the vehicle.
Having found the scam listings, members of the group pose as buyers, engaging in lengthy email correspondence to gain the scammer’s confidence. If successful they will be sent the bank details in order to transfer the cash. Then they take the evidence to the relevant bank.
“We are outconning the conmen. There is the thrill of the chase but also the feeling that you are doing some good and making it harder for these fraudsters to operate, harder to steal other people’s money,” says “Jack Buster”, unofficial leader of the group. Along with his fellow bank busters he wants his identity withheld for fear of reprisals by the criminal gangs they thwart.
The group post warnings on social media in a bid to make eBay users aware of the scams – particularly the importance of not sending a money transfer for a vehicle or item that the buyer has not physically seen.
“It started with just me and has slowly grown. Some people who lost money to this gang, who I believe are mostly Romanian, have joined the group to stop it happening to others,” says Buster. Over time they have developed good contacts at most of the banks’ fraud departments and we are getting around four to five bank accounts closed each day.
Buster says that when the group started, most of the fake eBay listings concerned camper vans and other vehicles. The gang members can post up to 500 listings a day on eBay.co.uk alone but have recently branched out into cheaper items including bicycles, printers and even sewing machines.
The fraudsters insist on being paid by bank transfer and will come up with all sorts of excuses why there is a delay in delivering the item. The seller often promises the money will be secured in an escrow or other holding account until the buyer is satisfied with the purchase. They are very good at what they do and sadly people fall for it. It nets them millions of pounds a year.
Buster claims the gangs fly people into the UK from Eastern Europe to open bank accounts that will then be used to move on the stolen funds. “Fixers collect them at Luton airport and then drive them to the town in which they will open the account. They are given fake utility bills to go with their own or a cloned ID card and taken to the branch in question. It is all too easy. Does the bank check the applicant really lives at that address – or is with the utility company? No, they just open them an account,” he says.
Be very careful buying or selling vehicles on the Internet and watch for suspicious behaviour.
You can contact Jack Buster on the Facebook group Buster Jack Buster
f you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
The UK's biggest ever cyber scammers stole £113m by calling victims pretending to be from their bank.
Feezan Choudhary (the ringleader) grew so rich from this scam that he bought a property portfolio in Pakistan, Dubai and Scotland, went on £100,000 shopping trips at Harrods, bought £45,000 Rolex watches and enjoyed luxury holidays in the Middle East where he was pictured strolling in the desert with a tiger.
He posed as a hot-shot music producer and property developer and owned a fleet of flash cars including a Bentley, Rolls-Royce, Lamborghini and two Porsches.
The Burnley-born criminal fleeced over 750 British firms to fund his millionaire playboy lifestyle. Raking in £3million a month by cold-calling bank customers, he ruined hundreds of lives and put small businesses on the brink of bankruptcy – leaving one victim so distraught that she committed suicide.
He was jailed for 11 years along with members of his 19-strong gang.
Southwark Crown Court heard how Amy and Emma Daramola, two sisters who worked as Lloyds customer services assistants, were paid £250 for each bank statement they could hand over.
Choudhary phoned businesses claiming to be from their bank, saying security on the accounts had been compromised. He told them their accounts had been hacked and were duped into giving their internet banking passwords over the phone. The trick enabled the criminals to steal £2.2million in minutes from one solicitors’ firm alone.
Using sophisticated software, the bank accounts were drained while his accomplices jammed the firm’s phone lines to stop them alerting their bank to the massive losses.
Stolen funds were moved to his bank account and then distributed across a number of accounts.
The cash was moved through transfer exchanges from London to Pakistan and elsewhere.
Legitimate bank phone numbers provided by corrupt bank staff were used to confuse victims
The gang used sophisticated methods including the use of ‘burner’ mobile phones, ditched every 24 hours.
Scotland Yard believes at least 750 businesses were affected between January 2013 and October 2015, but there could be countless others. Choudhary targeted customers from Lloyds, Santander, Barclays and Royal Bank of Scotland.
One solicitors' firm in Liverpool was said to have lost more than £500,000 while another law firm in Anglesey lost £670,000. A company in Gloucestershire lost more than £2million in less than two and a half hours.
When the racket was finally smashed, Choudhary fled to France where he was arrested using a false passport trying to board a plane to Pakistan.
Nearly £70million was laundered through bureaux de change in London and sent to Dubai and Pakistan. Only £47million has been recovered.
Jailing him, Judge Peter Testar said the scam was allowing cash to flow like ‘coins from a fruit machine’. He added: ‘This was a complex, clever, persistent and pitiless fraud. The damage to the people running these businesses was potentially devastating.
A couple who run a farm in the Scottish Borders were conned out of more than £10,000 just weeks after they started using telephone and internet banking.
The farmer's wife, who asked not to be named, told the Edinburgh Evening News: 'I believed entirely that I was speaking to legitimate bank staff. They knew who we banked with and their local knowledge took us in completely.
'We no longer trust people and are reluctant to speak on the phone. It's been a very lonely experience and we feel bitter.'
The Judge called the gang 'clever, persistent and pitiless' and described Choudhary as a 'very strong personality' who is 'persuasive and authoritative to the point of bullying'.
Detective Chief Inspector Andrew Gould, who led the investigation, said: ‘It is the biggest fraud of this kind we have seen in the country.
Emma Daramola, 23, was given a two-year suspended sentence for conspiracy to commit fraud by abuse of position for her role as an insider at Lloyds. Her sister, Amy Daramola, 24, received the same sentence
For money laundering and conspiracy to launder money, most of the gang were jailed, including:-
· His brother Nouman, 22 – the gang’s accountant – was given three-and-a-half years.
· Abdul Iqbal, 23, of Edinburgh, was sentenced to 21 months
· Syed Ali Amish, 24, of Luton, was sentenced to 32 months
· Bilal Ahmed, 27, from Ilford, and Bushra Shabab, 30, from Slough. They were sentenced to three years and four months, and two years in prison respectively.
· Naveen Devalapally from London was sentenced to six-and-a-half years in prison.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
I am an educated professional with an upper level income. My scams occurred not with an outsider but a partner.... yep, first with my ex-husband who was a Doctor of Veterinary Medicine then to a boyfriend who was a Police Officer. Two professions that were "trustworthy professions" I was blinded by the scammers that they were. My point is to trust your gut no matter who the person is. If it feels wrong.... chances are it is wrong.
My point is to trust your gut no matter who the person is. If it feels wrong.... chances are it is wrong.
I had met my first husband as a client with the many rescue dogs I had.
Started a whirlwind romance (not knowing he wasn't divorced yet) and eventually marrying him. We built a very successful practice together and when it came down to whose name everything went in, he convinced me to put it all in his corporation name stating I was not allowed because I was not a doctor..... meanwhile he stockpiled and hid money from me.
He asked me to sign so many papers regarding corporate taxes etc and I trusted him. He was my husband. Our accountant was our friend. Long story short, eventually I caught him embezzling our life savings and planning on running away to an island without me.
Once I discovered this, I let the courts take over. How could a spouse do this to me. We were married.......
When I met my second husband, he was a charming police officer who stated he had made lots of money working for an additional company outside his police job.
He lived in a beautiful expensive home. He was a veteran of the police force for over 23 years and appeared to be well respected. I had made quite a bit of money after my divorce in real estate investments and lived in a nice home. I began to develop a relationship with him and felt very comfortable with him. He was a respected police officer. A law enforcing professional of 23 years.
He had asked to borrow money because he had gotten into a cash flow problem but had a real estate deal worth a million dollars. He presented me with a contract, I showed it to a real estate agent friend of mine and she said it was a legitimate contract. I felt comfortable knowing he paid $200,000.00 for the property and was reselling it to a Physician in the area who was very well known and very financially set.
He had a contract on the land for over a million dollars. He said to write him a check for the paper trail and write in the memo that it was a personal loan to him so I had evidence that it was a loan not a gift. Long story short, the contract fell apart but eventually sold for less but still doubled his money.
The police officer boyfriend basically said he was never going to pay me back and good luck trying to collect because he knew every judge in the county etc.
I sued him and he filed for bankruptcy after blowing every dollar he had made on the land deal. I trusted both my doctor husband and boyfriend police officer. Just because someone appears to be financially set or has a certain title, please research and follow your gut instincts or it could be financially fatal.
Con artists and scammers come in all professions and backgrounds. Do not be naive - trust your gut!
I am 52 and considered to be of the baby boomer generation. We were raised in a world without the internet, taught to respect our elders and certain professions were considered very trustworthy. Examples are doctors, teachers, police officers etc.... we were raised that these are people we could trust no matter what and for the most part this was absolutely true.
Generally, the geriatric or elderly community were the ones that were scammed by door to door salespersons or telephone scammers. Today people believe the less educated, the lower income, elderly community are the ones prone to scammers. This is absolutely not true according to The Better Business Bureau.
People today believe what they read on the internet, they impulse shop, they receive emails and phone calls about tax issues or debt collectors and we fall for it believing oh if its on the internet, it must be true.
I have written a book called The Preah Secrets and it deals with my veterinary husband and how I discovered his heist and how I followed my gut to eventually discover his intentions of deceit. I prepared and eventually sought justice for myself. I hope the book inspires others to follow their instincts and remember, scams can happen to anyone by anyone.
Go to http://kbbeaumaaks.com/index.php for further insight and to buy the book.
Diane arrived home and there was an unexpected package that had been left in the porch.
She took it in but didn’t open it. Then the next day a second parcel arrived. On opening both parcels she found some children’s clothes and shoes from Next.
She hadn’t ordered anything from Next and didn’t want children’s clothes or shoes. But the biggest problem was inside the package was a contract to sign confirming her credit account at Next and that £600 had been spent on it and she now owed £669 including interest.
Clearly someone had opened an account in her name, maxed out the credit limit and presumably the remaining items had been delivered to the thief. Why the thief’s first two parcels had been sent to Diane’s home was a mystery.
Diane should have called the Police to report this crime but she ignored it as she was busy.
Three days later another package was delivered to her home. This time is seemed to be a mobile phone and checking the courier website showed it had come from SKY TV. Diane did not have SKY TV and had not ordered a phone.
This woke her up – she was now determined to deal with this problem.
She asked her son Norman to contact Sky and deal with it.
Norman tried his best but the data protection laws mean that companies can only deal with the person who owns an account, not with a relative or friend. Norman did ascertain that the account in Diane’s name had been opened a few weeks previously and was marked “Closed – Do Not Re-open”.
Diane did eventually make the time to phone Sky and it seems the fraudster had ordered a top of the range IPhone worth over £700 and had paid £28 but when SKY did their credit check that it failed so they marked the item do not send. They couldn’t explain why it was actually sent but it seems the scammers didn’t know it had been sent out.
If the scammers had known, then the next likely part of the scam is for one of them to either turn up at the door pretending to be a courier asked to pick up the phone or they would arrange for a courier to pick up the phone to be returned, but actually to go to the scammers.
In this case, SKY agreed to send a reply paid box for the phone and it arrived and the phone was packed off safely after checking the delivery address was SKY TV not someone’s house.
Diane took advice and contacted her bank and credit card supplier to warn them of identity theft using her details.
She also contacted CIFAS (see blog post for more details https://fightback.ninja/cifas-registration-protects-against-identity-theft/ ) to register for protection against people opening accounts in her name.
In the following weeks there were no more incidents, so probably the fraudsters have moved on to other victims. However, the fraudsters still have Diane’s details so she has to remain vigilant against any further attempts to hijack her identity.
Do Share this post on social media –click on the icons at the bottom of the article.
Kim was bored one day and received a phishing scam message on LinkedIn and decided to play it through and see what happens.
This is what happened and it shows the preparation involved in some scams.
Thanks for accepting my connection in Linkedin and i will formally introduce myself to you. I am Mrs Sarah Catherine LEGG, Non-executive Director at the Hang Seng Bank Plc. I am contacting you concerning an abandoned sum of $22,500,000.00 USD. In June 2003, A customer called Richard Kim a foreign contractor with Royal Dutch Plc came to our bank for business discussions and investment, As the officer in charge of his transaction then, I encouraged him to consider various growth of funds with prime ratings. Then he invested Nineteen Million Five Hundred Thousand United State Dollars only. Based on my advice, we were able to spin the initial deposit with profit and interest to 22.5 million U.S Dollars. Unfortunately, my client died in a car crash and he died without leaving a Will.
Our dear client died with no known or identifiable family member. After failing to receive viable claims and at the expiration of ten years the funds will revert to the ownership of the Hong Kong Government.
Now, I am prepared to give the necessary details to you as the closest surviving relation of our deceased customer (Richard Kim). I am also proposing that after a successful execution of the business deal, the funds will be shared in the ratio 40/60. You will get 40% and I will be entitled to 60% as the initiator of the deal. You know that I must have done my home work already before contacting you. I will tidy up the legal aspect with the assistance of a lawyer who will prepare all the documents that will be needed to transfer the money from Hong Kong to your country. If you give me positive signals, I will initiate this process towards a conclusion. I wish to inform you that should you not contact me via official channels because our calls are being monitored at the bank
Mrs Sarah Catherine LEGG
Kim replied : It’s an interesting deal. Please explain more details of the deal.
The scammer then provided more detailed information about how the transaction would take place.
Kim replied : Thanks for your intriguing proposal in advance. I think this is a fantastic deal ever I have. It’s like a Hollywood movie story and much better than lottery.
Kim forwarded the documents as instructed and an apparent date of birth, address etc. etc. as requested.
She received a reply from “Lloyds”
On behalf of myself and the bank, accept our deepest condolences. We have received a formal approval from the deceased personal account officer verifying you as the legal next of kin. We have initiated the process of
funds transfer as stated in your application. We are ready to release the reference account to you as the legal next of kin of Engr. Richard Kim. The reference account has quite a huge closing balance with a high interests gained over a period of time. It was initially difficult locating the account because it has not been operated for a while but this account remains valid.
Our policy requires you provide the following documents stated below to enable us assist you wire the funds to your designated bank account which will take 24 hours for the funds to reflect.
The required documents are:
1: Police Report of Mr. Richard Kim
2: Sworn Affidavit of truth and claims
3: Death certificate of Mr. Richard Kim
4: Power of Attorney/Administration Letter
Upon receipt of these documents, we will then legally transfer amount & account’s backup file to you. Expecting your quick response to serve you better.
Yours in service,
Mr. James Walter
Head of accounts (GLD)
Kim replied to scammer (role of sarah):
Please send me those documents that Walter listed.
Then she got a reply about a lawyer named HAMMED KAZIM .
Kim replied to scammer(role of Hammed Kazim):
My relative died in untimely, I am the only his next of kin.
I’m contacting you for the release of legal documents as below.
(list of documents)
Please let me know the cost of this process, I hope you to work on it very speedy.
The scammer (role of Hammed Kazim) replied:
Find below our Retainer Agreement, we should be able to get you all 4 documents within two working days to enable you secure the release of your unclaimed proceeds in Lloyds Bank.
HAMMED KAZIM LAW FIRM
Then they mentioned a barrister from the same law from who could represent him in court to process the legal documents from the high court of law.
Then comes the first mention of money. They want £3,450, with a down payment of £700, to cover legal fees.
At this point Kim switches to the offensive and tells them that as they retained the legal firm it’s their duty to pay the retainer fee of £700.
Emails fly back and forwards and eventually the scammer gives up as it is clear she won’t get any money from Kim.
There is a lot of detail involved in this scam with numerous template letters, multiple characters involved, various companies etc. The scammers have honed the process and clearly understand the process of building confidence in the victim (and greed) to the point where the victim willingly hands over a lot of money.
These scams rely on the victim’s greed – don’t be caught out.
Original story at https://okebari.wordpress.com
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
Moved by the heart-breaking tale of a woman who lost more than £12,000 in a fake romance online, Daily Post Reporter Amelia Shaw decided to see how easy it was for the con artists to find their prey
This woman (the victim of the scam) was still grieving the sudden loss of her beloved husband, had fallen in love with a man she thought was a senior ranking member of the United States Army. Over the course of six months, the scammer convinced the woman to send him more than £12,000 by telling her he needed money for his son’s medical bills.
It set Amelia thinking - how easy is it for these scammers to find vulnerable women online, and how easy would it be for her to pose as one?
It took around 20 minutes to create a fake persona - 60 year old Audrey Davies on Facebook. Just a few clicks and her character was live. The fake story is that Audrey is from London, her husband passed away three years ago, and she recently retired having sold her very successful laundry business. That was all the information there was to see.
For scammers, Amelia was the perfect victim - single, grieving the loss of her husband and sitting on millions.
It took just two days for someone claiming to be ‘Harley Peters’ to find Amelia.
He struck up a conversation with Amelia on August 23 and told Amelia he was a 58 year old Veterinary Doctor from Brooklyn, New York and was currently working in Malaysia looking after chickens with bird flu. The picture he claimed was on himself was almost certainly taken from someone who had no idea their image was being used. And photographs he sent claiming to show the places in which he was working were easily traceable as being stock images when Amelia put them through a reverse image search on Google.
It took just two hours for him to start asking Amelia personal questions - what did you do with the money from selling your business? Do you have a big house and car?
He told Amelia he was a very jealous person and he didn’t want Amelia talking to any other men online.
Amelia contacted Vic Grout, a computing professor at Wrexham Glyndŵr University who had been researching scammers, to see if he could shed more light on why these scammers do what they do.
He told Amelia that the problem was largely psychological and not technological - technology was just the vehicle used by the scammers.
“They are certainly very clever and skilled,” Vic said, “they target vulnerable people and manipulate them when they are at their weakest. They use emotional blackmail and time constraints to put their victims under pressure.”
Amelia witnessed this first hand just two days after Harley began speaking to her.
He sent Amelia a picture of a bloodied and bandaged hand and told Amelia he was in hospital. He’d been attacked by Indian gangsters who stole his phone and wallet when he was on his way to the cash point to withdraw money to send to China for the medication for his poultry.
He no longer had his ATM card so could not pay for his medical bills - he needed her help.
He asked Amelia to send £3,765 immediately so that he could get out of the hospital and come to London.
Just 48 hours in and he was already asking Amelia for money - unbelievable. Of course it was accompanied by his promise of love and marriage, but only if Amelia got the funds to him quickly.
He begged Amelia - “please darling, please help me, my dear Audrey” - and sent Amelia pictures of his fake children, saying they wanted Amelia to be their “new mummy”.
Within days, he was sending all sorts of bank account details under different names, claiming they were the details of the nurses looking after him.
He told Amelia if he didn’t have his money by Friday he would be sent to prison.
It was time to come clean - Amelia told him she was a journalist investigating online romance scams, and just as quickly as he appeared, Harley was gone.
Sadly, Harley Peters wasn’t the only person who saw Amelia as fair game. Another man appeared, named Jones Paull who also claimed to be in the US Army. The problem with scammers using the identities of US Army officers is so great that the Army CID have issued a warning to Facebook users.
Whether the law will ever catch up with ‘Harley Peters’ is unknown, but Amelia does know that at least for a brief time she stopped him preying on someone who may have believed his lies.
Do not put your trust in people you don’t actually know – many are genuine of course but some are practised liars who will tell you whatever you need to hear in order to get money from you.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
A French security blogger named Ivan Kwiatkowski was incensed when scammers tried to scam his parents, by pretending to be Microsoft, helping them sort out virus problems.
A few days ago, I received a panicked call from my parents who had somehow managed to land on a web page claiming they had been infected by a virus called Zeus and needed to call a support line for help.
Ivan decided he would give them a call. A lady named Patricia answered. Ivan told her that he was a businessman and that time was of the essence. Patricia guided Ivan through the steps needed to download remote-assistance software and take control of the PC.
She then blatantly typed in information and tried to make it look as if the computer was displaying the message. It said "1452 virus found”.
After a lot of messing about, she reached the conclusion that the computer had been infected and needed to be cleaned up. She encourages Ivan to buy package software - either ANTI SPY or ANTI TROJAN, for $189.90.
"Look! In the terminal! 1452 viruses found!
Ivan agrees to buy the software and says he’ll buy it in Paris. End of conversation.
Ivan assumed that Patricia must have been a trainee scammer. He waited half an hour or so and called again. This time Dileep answered and went through the whole procedure again.
Dileep seemed much more familiar with his script, and he added some nice details such as showing Ivan that the machine has a lot of stopped services which is "totally not normal". [Oh yes it is!]
Dileep then tells Ivan he has cleaned out the viruses without charge but he recommends that Ivan purchase a Tech Protection subscription (safety from viruses) for €299.99.
Ivan agreed to purchase this package and found a test credit card number.
For obvious reasons, the payment was rejected and Ivan and Dileep tried again four or five times. In the end, Ivan suggested using a second credit card and give him another random yet valid number. Dileep makes Ivan repeat both payment details at least ten times and Ivan play dumb. Dileep calls his superior in the hopes of figuring out why the payment isn't going through.
Now as part of his job, Ivan was working on j.locky ransomware and had a copy on another PC. J.Locky is a nasty pieces of software - once it infects a machine, it encrypts all of the data then demands a payment to provide the encryption unlock key.
The remote-assistance client Ivan had installed at the request of the scammers has a feature allowing him to send files to the operator. He uploaded photos of the credit card complete with J.Locky infection and tells Dileep what he’s done so that Dileep can enter the numbers himself.
Dileep said nothing for a short while, and then admits nothing seems to be happening.
Ivan struggled not to burst out laughing as he knew that the J. Locky infection would be busy encrypting the scammers data files and would then demand a ransom to release them. Couldn’t happen to a more deserving guy.
Eventually, Dileep gives up, suggesting that Ivan contacts his bank
We don’t all have the technical expertise that Ivan has, but you can still keep the scammers occupied and the more of their time you waste – the fewer people they can scam.
The US government set up a sting operation to gather evidence against a company called PCCare247 which was defrauding people.
This is a variant on the classic windows support engineer scam.
A cold caller tells you your PC has a virus, says he can prove it then offers to fix it for several hundred dollars (or equivalent in the local currency).
This variant is that PCCare247 advertised heavily that they help people sort out PC issues, but when someone called, then PCCare247 would find faults that didn’t exist and charge a lot of money to rectify the non-existent problems.
Agent Sheryl Novick contacted PCCare247. They are based in India but had built a lucrative business advertising over the Internet to Americans, encouraging them to call for technical support.
“I saw some sort of pop-up and I don’t know if there’s a problem,” she told a PCCare247 tech named Yakeen. He offered to check the “management part” of her computer for possible problems. All he needed to run his test was total control of Novick's Windows computer.
She agreed, downloading and installing a remote access tool. Then Yakeen took control of Novick’s computer and opened a program called Event Viewer.
Event Viewer always shows lots of errors but they are trivial and should be ignored.
Yakeen showed Novick a series of bright red warning messages in her Event Viewer logs.
“It has 30 errors,” he told her.
“Your computer is hacked by someone,” he said. “They are using your name and your ID, your computer to do some cyber fraud and cyber terrorism.”
This was a brazen lie; forensic examination would later conclude that the single connection displayed was in fact the remote access tool that Yakeen was using at that moment to control Novick’s machine.
To complete his examination, Yakeen then told Novick that he would scan her computer for viruses. To do so, he ran a command called “tree.” Filenames immediately filled the screen, scrolling away in a blur as hundreds of new names took their place. When the list stopped moving, the command prompt read:
C:\509 virus found
The situation sounded bad—unless you knew that the tree command used by Yakeen has nothing to do with viruses. It merely lists all files within a directory and Yakeen had simply typed the 509 virus found message hoping that Novick would believe it to be output from the “virus scanner.”
Yakeen promised that he could “remove all the hackers, remove all the errors and 509 virus from the computer and recover all the data?”
All Novick needed was $400.
After some negotiation, Novick agreed to a smaller charge and provided her credit card.
What Yakeen didn’t know was that Novick was actually a Federal Trade Commission (FTC) investigator and she had recorded the entire encounter, which had been conducted using a clean PC located within an FTC lab.
After the call, the FTC sent Civil Investigative Demands—requests for information—to just about every US company that had done any sort of business with PCCare247: banks, credit card processors, domain registrars, telephone companies, Facebook, Google, and Microsoft. In October 2012, agency lawyers had assembled their case into a 15-page complaint against PCCare247 and its owner, Vikas Agrawal .
“The Defendants operate a massive scheme that tricks consumers into spending approximately $139-$360 to fix non-existent problems with their computers,” the complaint alleged.
Those fees added up to serious revenue for PCCare247. In just one year, $4 million had been deposited in the two main PCCare247 bank accounts—and that was just from US residents.
The company used this cash to build more business, spending more than $1 million on Google adverts.
But PCCare247 went further, taking out ads on search terms like “mcafee phone number usa,” “norton customer service,” and “dell number for help.” The ads themselves said things like “McAfee Support - Call +1-855-…]” and pointed to domains like mcafee-support.pccare247.com. As numerous complaints attest, less savvy computer users searching the Internet for specific tech support phone numbers would see PCCare247’s number near the top of their screens and assume that this was an official line.
It wasn’t difficult for the FTC to obtain a temporary restraining order against PCCare247, an order that made it all but impossible to do business in the US. Most of the company’s cash had already been transferred to Indian banks, but the TRO did shut down the company’s domain name, local phone numbers, and credit card processing. New money would not be flowing.
The FTC litigation has effectively shut down the PCCare247 business,” the company complained to the federal judge overseeing its case. It admitted to “some improper conduct” but attributed this only to “some overzealous sales personnel who crossed the line” and said that “they will be dismissed or retrained.”
One less scam operator – at least in America.