Additional information about this scam: This seems to be a similar process to the banking/crypto impersonation scams I’ve been tracking here, not sure if it is actually the same criminal group. They are impersonating https://cricut.com/ , which seems to be some consumer-grade fabrication robotics device for arts & crafts stuff?
Anyway I complied with their phishing and got two callbacks from “Zacob” (or Jacob?) whose favorite color is black.
The phishing site does prompt you to download a Windows executable file. I am working on sifting through its text strings for any clues but would not recommend running it obviously.
Mike called from 609-710-4069 after the chat, above. His favorite color is black.
Edit: checked on 786-946-2540 today reached “Marcus” whose favorite color is “dark yellowish brown,” (burnt umber perhaps? does Marcus enjoy the fall foliage season?).
Answers a generic “Thanks for calling how may I help you,” so I suspect the call center runs many similar scams and relies on the victim to tell them which way he/she wants to be scammed.
Edit 2: 786-946-2540 “Kelvin Morrow” says this is “printer support.” Says he is “not here to talk about” his favorite color.
which guides the victim to the very cute error page here: Cricut Error
Phone number from the contact page: 786-866-5932 .
I called and reached Dan D-A-N, Howmahalpyou who said that his favorite color is black (and that Cricut is pronounced like the insect, cricket. Thanks Dan D-A-N!)
https://canňon.com/ , which uses a similar wordpress template. This may all be a coincidence – there are hundreds of domain names that point to that IP address, or it might not.
812-489-7230: Kelvin from Canon Support. He says his favorite color “depends” but that today, he is color blind. He says that he does not want to help me with my printer because we are not friends.
I think he sounds like he needs new friends so kindly call on his number to be his friend, thank you.
469-864-6329: Ryan from Canon printer support’s favorite color is blue.
Update 19 April: 812-489-7230 still active, just called me. Claims his name is “I don’t know, Canon?” Please call this poor man and help him to remember his name.
Number is still active, “Kathy Wood” (not the famous Wall Street hedge fund manager, I presume?) is still spamming Linkedin: LinkedIn Login, Sign in | LinkedIn
I just called the number, and the Technical Support Executive (assistant to the) who answered claimed to be from “Printer Tales.” But he would not say his name, and hung up. Sounded like a busy office environment in the background.
So I am quite certain that this is the long-running eglobalsoft solutions/AOI tech/Fegon Group/Tek-Wire/Windriver scam organization, as the cricut and printer scams all involve downloading the “WinDriver Tool” scareware.
866-542-9565 answering on a Sunday morning. Says “no this is not the printer support, this is uh like my personal number, do not call on here.” Says his name is “uh like uh.”
