Are you on a call with “tech support” from comantra, unifyinfocom,Â supportonclick, thenerdsupport, securesecurityinfotech, thesupportonline, go4isecure, thesparksupport, winpctech, compstep, ordinateurassist, advpccare, techisonline, techonsupport, fixonclick, Log4Rescue, PCTechnosupport, onlinepccare, teamviewer or pccare Â while reading this?
PLEASE TRY AND RECORD THE CALL, and whether you can or can’t record it, please try and get as much of the following information as you can:
- Do they know your name and address? Ask: “Who was it you wanted to speak to?”
- If so, are you in the phone book under that name and address?
- Are they using a particular name that’s only on your credit card?
- Have you recently contacted your broadband provider or telephone provider?
- And if so, which company was it?
- Is there any other computer based transaction, repair, purchase or enquiry you made online or instore recently, and can you remember where it was?
IMPORTANT: logmein123.com are not scammers, but their remote support system is being used by the scammers.
Thanks to Deborah for pointing out that http://www.actionfraud.org.uk/ would be a good place to tell about this scam, too.
Tell them you need to go to another phone if you need a moment to set up a mic.
Update: 1st November 2010:Â Kwetana has sent in these images revealing what happens.
Also, here’s a transcript from HappyMJ on the MoneySavingExpert thread about this scam.
More video! Big thanks to Ian Davidson for SIX Youtube Videos. Start with this one below – Ianis a great piss-taker, and winds them up nicely…
And to Andy Brocklehurst for stringing them along for over an hour!
Also to ComputerActive magazine for this 45 minute recording of someone attempting to scam them:
The Guardian technology editor Charles Arthur [twitter] has written a couple of pieces on this:
20th July 2010: Scott put his iPhone Phonejacker app to good use to bring us this bit of pure genius. It gets a bit quiet in the middle, but if you can’t wait, skip to 3m 50 seconds and feel the wrath!
Updated 20th Sept 2010 – more calls!
This one is definitely worth a listen just for the sheer amount of crap that “Steve Day” from “windows support services department” (Â http://unifyinfocom.com/ ) tells Luke Harvey (Â http://www.lukeharvey.co.uk/) , who recorded the call.
Interesting to note that the Unifyinfocom.com site shows
“Warning: Installation directory exists at: /home1/designhe/public_html/unifyinfocom/install. Please remove this directory for security reasons.Warning: I am able to write to the configuration file: /home1/designhe/public_html/unifyinfocom/includes/configure.php. This is a potential security risk – please set the right user permissions on this file.”
Good job they’re not doing tech support, eh?
1st December 2010: I got called and recorded it! Here’s the best bits boiled down. And it’s worth pointing out that Bonjour Service is an Apple service, and Tablet Driver is for my graphics tablet. They shouldn’t be crashing, but they’re definitely not viruses!
Here’s The Watchmaker with what happens if you piss them off (warning: sweary!)
Paul B, another great recording:
Graham Saunders with a long, good and comprehensive clip of what you’re in for (worth a listen)
18th Jan 2010 Here’s Sherri with a recording from her answering machine. I think this is a difference outfit, but it sounds scammy:
DO NOT let them take control of your computer, but please try and get as much info as you can.
HUGE thanks and respec to youtube userÂ striderzer0 for his great work in recording the call. See the four youtube videos below.
UPDATE: 13/01/2009 – Donal Macintyre covered this on ITV’s This Morning show. Watch it here.
Update: 04/12/2009 Made it into the news! Thanks to Malc for this one:Â http://news.bbc.co.uk/1/hi/world/europe/isle_of_man/8392303.stm and via Google News Alerts:Â http://www.buteman.co.uk/news/Rothesay-businessman-warns-of-computer.5883193.jp
Since I first reported on this on Jan 18th 2009, this one page has had over 24,000 views and 261 comments, and recently there’s been a huge surge in the amount of calls received. I’m getting two or 3 people leaving comments every day now, and over the last week, the page views have surged to close to 400 PER DAY and easily accounts for the most viewed page on my blog by far.
Which suggests that Comantra or Supportonclick or whoever they are calling themselves this week, are increasing their activity.
YOU CAN HELP!
Please, contact the media and/or help spread the word. It’ll only take 5 minutes.
If you are in the UK:
Tell a consumer programme about it:
or perhaps your local or national paper. Oddly, in the April the BBC said there “wasn’t any interest” in this story. Take a moment to prove there is!
Also, report it to: https://secure.consumerdirect.gov.uk/reportascam.aspx
The Register have an article about it:
Note: The Staffordshire Police have also issued a warning about this:
In the US:
Got an email on 31st July 2010 from Colin M. linking to the following forum post and saying:
I have contacted most of the Australian SCAM agencies and I have included an extract by Microsoft Australia. Â The 2nd last posting in this Forum item. Â The irony of my situation I have 3 phone lines and all included in the “do not call register” and the 3rd line is not even listed in the directories and is 10,000 numbers away from the other 2 phone numbers. Â It is not even given out.
I’m Colinm39 on this as well as your Forum.
I have just had my 4th phone call, Â this time a female but from “pconlinesupport” with the preamble that they have a report that my computer was corrupted etc..
As soon as I told them I was an IT Professional and in Security and chasing them they hung up immediately.
Anywhere in the world:
You can help people find news about the scam by stumbling or digging:
Or log the info at http://whocallsme.com/Phone-Number.aspx/01274900834
Even if you just post a link to my site on your blog, or in your favourite forum, it will help ensure that people looking for help, find it.
Other blogs referencing this:
http://hphosts.blogspot.com/2009/12/techonsupportcom-click4rescuecom.html – has some more info, as well as other ways of reporting the scam.
If you have found this post useful, please use the “share this” link below if you have a social networking account such as digg, delicious, facebook, stumbleupon etc. It will help others to find this.
And McCaffee Siteadvisor has many aggrieved reviewers of the Support OnClick scammers too!
So, possibly post there too – anything to warn people.
I got a call on the 16th of January with an “out of area” (ie: overseas, not “uk withheld”) caller ID.
He had a thick strong accent and started off by saying:
“Hello Mr Marshall, this is the Windows XP service provider – we have had a report from your computer that it is infected”. Well, that’s not my name, but one I use on forms where I think spam might result.
At this point, I started recording the call – the only problem is that the recording is illegible! I’m trying to clean it up so will post as soon as I do – check back later!
HELP! Does anyone know how to “clean up” bad recordings? Here’s a snippet of what I recorded – I still have the “original” file in audacity, and have tried changing sample rates. Is this recording lost forever?
I was also noting it down, and here’s what he told me to do:
Go to the start>run menu and type in
“p as in peter, r as in romeo, e as in echo, f as in foxtrot” – etc etc, to cut a long story short, he wanted me to type in
“prefetch virus” in the run prompt. As it happens, I know exactly what that would do – it simply opens the windows prefetch folder. The word “virus” is ignored
(For a bit more info on what this normal windows folder is, click here. As a rule, however, unless you know exactly what the result is going to be do not start following instructions random strangers tell you to do!)
“OK sir, can you please tell me how many files there are?”
I told him 30.
“Oh my gosh, this is a sign of very heavy infection. You must not touch these files. [about the only truthful part of the call]. Please now clear this box and type ‘temp’ and press enter”.
Again, “your computer has very heavy infection with so many files”. He then babbled some crap about how these file were your f-a-t32 system files and that “at any time these files could scratch your hard drive”. Riiiighhhht…..
Then came the money shot. “We will connect you now with an agent, please go toÂ www.logmein123.com”
As I had full armoury on (google toolbar, avg, running Chrome etc), so I decided to check it out. It redirected toÂ https://secure.logmeinrescue.com/Customer/Code.aspx
After some chitchat in which he confirmed my (incorrect, spamtrap) home address, he then said “I will now connect you to an agent – for this there is just a small one-time charge of Â£12″.
Before I let him take my details, I said I wanted to check what company it was. Again, he said it was “your Windows XP service provider” (whatever the hell that means).
To the answer “where are you based and what is your name”, bear in mind this man had a VERY thick/strong Indian accent and was calling from a scratchy overseas number.
“My name is Kevin Watts and we are based in Bradford”. Gold-dust! You couldn’t make it up! (Well, he obviously had).
I asked him to hold while I got my card. I put it on speakerphone and went down to make a cup of tea. I brewed up a nice cup of Yorkshire Tea, found a biscuit, did a bit of washing up, and went back upstairs. FIVE MINUTES later he was still going “Mr Marshall? Can you hear me?”. Nothing if not persistant! I then just decided to have a bit of fun and pretended he’d been put through to the UK police! Immediately, a supervisor (another strong Indian accent) came on the line sounding very surprised, and claimed that “Mr Marshall contacted us”!
So there you go – be warned. If I can get the audio up, I will. Â Please post a comment below if you’ve had this call