Remote computer access scams- Beware | Techvedic

One of the customers had a problem with a new HP wireless printer that they bought. That story aside, As theywent to HP for support and was redirected to Remote computer  tech support.  which initially claimed to be certified support for HP. The tech offered to fix his computer remotely. The customer agreed, and this is where all the trouble started...

Step One: They take your money

The tech offered my customer “Unlimited One Year Support Access @ $199.99” which claims the following...

"This plan protects your digital investment (computer, software, peripheral, router, etc.), irrespective of brand make or model and warranty status, against hardware and software issues. The featured services include: Setup and installation of computer, peripheral and router, Repair and maintenance of computer, peripheral and router, Software and driver diagnostic update and upgrade, PC health-check-up and removal of viruses and malware, Optimization of computer and resources, All in all, this has been designed to meet all your technical needs at one-flat-rate."

My customer agreed to all of this and  happily charged his bank card before they continued.

Step Two: They take control of your computer

Giving initial instructions to my customer, the tech installed remote access software. This software starts on every boot of the machine, and once you're connected to the internet, it grants  Remote computer support people unlimited remote access to all of the information in your computer. A while after the  software was installed the customer could no longer browse the internet, however file transfers and remote access were still working, and this is how the techs left his computer configured!

The customer called them on the phone again, and the techs promised that they would call him back about this, but they never did. The customer called them back to try and resolve the situation, but they wouldn't, so in turn the customer had to contact his bank and have the fraudulent charge removed, and his account numbers and bank cards changed, etc. The customer called me at Techvedic  and I told him to leave the computer off.

initial inspection

After the system was powered up software was loaded on boot-up and immediately connected to the internet after the WiFi connected to the customer's router. Once connected, the software immediately activated the connection for remote techs to log into the computer, without any ability to approve/disapprove their access or to monitor what they were up to in the background. I immediately hit the Quit button but some related processes were still running in the background which I had to ast the customer to manually terminate. After termination, I was able to successfully remove the remote software from the computer, however I still could not browse the internet, so I had to dig deeper

Step Three: Redirecting all internet traffic

Upon deeper investigation I discovered that the remote software had force-installed DNS redirects into customer's computer, which redirected all of his internet traffic through two manually-programmed DNS servers at IPs 216.146.35.240 and 216.146.36.240. I back-traced these servers to Dynamic Network Services in Manchester NH. Manually removing the set DNS servers was not enough, I had to perform more scans to remove the forced-DNS settings from being automatically re-added to Windows' Hosts file!

To top this off, further investigation revealed to me that also reprogrammed the  customer's WiFi router, manually setting the DNS servers in the router to the above IP addresses, and they did this in customer's DSL modem as well! Being that the DNS redirect was programmed in three places it was impossible for the  customer to totally remove the redirects with the usual scanning methods, so in turn I  had to request the customer to manually reset both the router and the modem to factory defaults and reprogram them from scratch with new passwords, etc!

Finishing up with success!

 explained to the customer that said DNS redirects and remote software allowed  Remote access to everything in his computer whenever it was on, but disallowed him access to the internet so that he could not find any resolution to these issues. After Remote access software was removed the customer was  able to once again surf freely on the web.

So request you all " Beware Remote computer access scams "

Issued in the interest of customers safety. 

Techvedic tech support 

Microsoft-tech-support-scam | Techvedic

Techvedic  alerts all users  to Microsoft tech support scam

Techvedic  is alerting consumers to a phone scam in which the caller claims to be from Microsoft. The caller offers to solve a consumer’s computer problems or sell him or her a software license, all in an effort to gain remote control access to the consumer’s computer.

Recently, several consumers called Techvedic to report they received a phone call from a “Microsoft employee” who told her he had recognized a virus on her computer.

From almost the instant one such phone conversation started, the consumer realized the call was not made with good intentions.

The man identified himself as being from Microsoft tech support and said he had identified that my computer had a virus the consumer said. The scammer then directed the consumer to go to her computer and proceeded to give directions to ‘get rid of the virus.’

Thankfully the consumer works with computers on a daily basis, realized almost immediately that the directions being given were the same steps she follows when her IT department needs full, remote access to her computer. The consumer did not allow the caller to proceed any further.

According to Microsoft, once these scammers have access to the computer they can install malicious software, steal personal information, take control of the computer remotely or direct consumers to fraudulent websites where they are asked to enter their credit card information.

Microsoft’s Online Safety and Security Centre states that neither Microsoft nor its partners make unsolicited phone calls.

Here are some of the organizations that cybercriminals claim to be from:

· Windows Help-desk

· Windows Service Center

· Microsoft Tech Support

· Microsoft Support

· Windows Technical Department Support Group

·Microsoft Research and Development Team (Microsoft R & D Team)

Techvedic advises consumers follow these tips to protect themselves from scammers attempting to access their computer:

· Go through your service provider directly. If you are concerned your computer may be exposed to viruses or other security threats, contact your service provider directly. Some providers offer free tools that can help detect and remove viruses.

· Install virus detection. To help protect your computer from viruses make sure you have virus detection software installed on your computer. This software can also help identify if a virus appears on your computer.

· Don’t trust cold calls. Never give out personal information, over the phone, to someone you don’t know. If the caller claims there is a security threat to your computer, hang up and call your computer company directly.

 · Find a computer repair company you can trust. 

For more please contact Techvedic support directly - http://www.techvedic.co.uk/
CALL 0800 635 0716   |    

Tech Support Scams | Techvedic

You may be familiar with cold calls where someone pretending to be from Microsoft is telling you that your computer is infected and needs to be repaired ASAP.

In most cases, if you said you were running a Mac instead of Windows, the scammers would hang up and move on to the next victim.

This might change soon.

We came across a company called Speak Support that advertised its Mac technical support on Bing:

Their website states that they have an “elite band of tech support experts” and that “Apple Consultants are online” waiting for your call:

We decided to pick up the phone to see what level of service they did provide:

As is the case with most online support, the technician requested that we install TeamViewer so he could remotely connect to our Mac and perform the health check:

He then said he was going to check if we had antivirus protection installed on our Mac. We were kind of surprised when he pulled the Terminal and started typing a…ping command to a website called protection.com:

According to Wikipedia the ping utility is “used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.”

The ping command has absolutely nothing to do with a computer being protected with an antivirus. So why use it?

Simple. By ‘pinging’ a website conveniently named protection.com and returning something that looks like an error message (Request timeout for icmp_seq 0), it drives the point of “you don’t have any protection on your Mac, you are in trouble!”

The website protection.com does actually exist though, so why does it look like it’s down? One explanation for the failed response is that the admins may have disallowed the ping request. It’s not uncommon for web servers to do so because it is a known attack vector (denial of service with ping of death, ICMP flood or ICMP packet magnification).

To clear things up, I did call protection.com and confirmed that they are not involved with this tech support company.

You can’t seriously call yourselves ‘experts’ or ‘elite’ if you are going to use these kinds of dirty tricks. However, most people have no clue what a ping command is and they might simply believe what the technician did was accurate.

A little more information about Speak Support

While their website states that they are located in the US, they are most certainly based in India as you can see in the registrant records for both speaksupport.com and 121usa.com:

Speak Support’s billing process is a bit strange. “Technical Support Payment” is priced at $1.00 per item for which they added a quantity of 200:

When confronted, the individuals vehemently denied doing anything wrong and even came up with all sorts of ‘good reasons’ to back up the legitimacy of the pingcommand.

You can watch the full interaction with Speak Support in this video we recorded (for quality-assurance purposes, as they say).

It’s quite possible the next time cold call scammers phone you up, they’ll already have a script made for Mac users as well, just in case.

Speak Support is currently working on tech support for your Android phone and tablet, so it looks like they’re going to have all platforms covered soon.

While remote tech support has its place, there are way too many companies that abuse it. For this reason, we have decided to create a resource page with all the information you need to make a decision before going ahead and giving your credit card information away.

This includes all the common techniques used by scammers to ‘force’ a sale when there aren’t any issues to be found. If you recognize any technique from the list that was performed on your computer, you should seriously think twice before going ahead.

If you were already scammed, feel free to use our “Getting help” section to know what to do next.

As always, feel free to share your own experiences with us. We do appreciate your comments and feedback.

Avoid tech support phone scams | Techvedic

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

• Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
• Take control of your computer remotely and adjust settings to leave your computer vulnerable.
• Request credit card information so they can bill you for phony services.
• Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.

Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:

• Windows Helpdesk
• Windows Service Center
• Microsoft Tech Support
• Microsoft Support
• Windows Technical Department Support Group
• Microsoft Research and Development Team (Microsoft R & D Team)

How to protect yourself from telephone tech support scams

If someone claiming to be from Microsoft tech support calls you:

• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the "service." If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
• Take the caller's information down and immediately report it to your local authorities.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

Change your computer's password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.

Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.

Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)

Will Microsoft ever call me?

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.