Scammer (initial) UK phone number: +44-800-041-8050
Scammer (subsequent) UK phone number: +44-800-041-8053
Scammer US phone number: 1-855-913-9111
Scammer US Voicemail number: 1-844-702-4360
Scammer names used: Benjamin Greens, Shawn Duggan, Harris Horo and Mac Patel.
Scammer IP (from Wireshark): 40.100.138.2
Location: Maharashtra, Pune - India
Scammer ISP: Microsoft Corporation (India)
Scammer (UK) company name: Computo Solution LLP
(Company is a Limited Liability Partnership)
Scammer (UK) Company Number: OC423513
Scammer (UK) Company Address: Cariocca Business Park, 2 Sawley Road, Manchester, England, M40 8BB
Scammer (UK) Company Officers:
(1)
Mr Harish Kumar Dangi (with 75% ownership)
Correspondence address: 490 C Sector, 9, Udaipur, India, 313002
(2)
Ms Lalita Patel
Correspondence address: 490 C Sector, 9, Udaipur, India, 313002
Scammer UK Company Bank: Transferwise Limited
Scammer UK Bank Account Name: Computo Solution LLP
Scammer UK Company Bank Sort Code: 23-14-70
Scammer UK Company Bank Account Number: 33924724
Scam Modus Operandi (UK Campaign):
This scam fraud starts via a fake pop-up (possibly via Facebook Ads) informing the victim they have been hacked, to turn off the computer and to call 'Microsoft Support' on 0800 041 8050. There have been reports of malicious code in the pop-up, causing a computer to crash/hang.
When the Victim calls the Scammers claim to be Microsoft Technicians. They have used the directory tree command to simulate a 'security scan' and insert a bogus security message at the end. They have displayed normal PC stopped processes to the victim while falsely claiming this is evidence of damage and/or hacking.
At this point the user is typically offered 'Support Packages': 1 year for $ 169.99, 5 years for $ 299.99 or lifetime for $ 399.99. Payment typically via debit/credit cards.
The Scammers have used remote control tool Supremo, via tinyurl.com, to access, monitor and control victim PCs.
The Scammers have also used remote control tool GoToAssist Express via fastsupport.com to access, monitor and control victim PCs.
The Scammers have also used GoToAssist to download and install 'Remote Utilities - Host' (version 6 - a free application -https://www.remoteutilities.com/download/ ) .
The Scammers may also install the free application Adblock Plus as an extension to the victim's web browser from adblockplus.org
The Scammers have attempted to enable a 'black screen' function within the Remote Utilities app to mask their activities on the Victim's PC.
The Scammers routinely read the Victim's private emails when connected.
The victim will be typically given a Customer or Support 'ID' and emailed a 'Microsoft Service Agreement' for 'Advanced Firewall with DNS & Warranty on IP Address', despite no-such firewall being installed beyond enabling the built-in Firewall that is part of a Victim's Windows OS.
More information and a video to follow soon!