I thought I’d post this to name and shame as I’ve gathered a lot of information on this group of scammers. I’ve posted a video about them here: https://youtu.be/uLh8nMGLDYs, but this is additional information about the organisation.
I've not been able to find the real company name, but it has something to do with "CMB".
Over the past year (2017-2018), they've only used 3 numbers on their popups on the UK, but they also target Australia. The numbers on their popups include:
08000517350
08000291870
08000969754
They go by the name "HaloTeck.net" and use the following payment gateways. If you are a victim, you can call one of these numbers to get speaking to one of the scammers:
SevenMonies UK: 0808 1891 349
Haloteck UK: 0800 090 3911
Haloteck AUS: 1800 958 216
Eastern Merchants UK: 0800 014 8572
Their "password" to use these numbers as if you are a customer is "MSP 777"
Their names include:
Admin: Rizwan Khan, Sunil
Customer care: Brij Kishor, Ching
Sales: Nimmi S Kumar, Meenakshi
They use aliases including "Mary Alfonso" and "Rose Carter".
The MAC addresses of their PCs are:
IP address NetBIOS Name MAC address
--------------------------------------------------------------
@drwat#59976 Eastern Merchants seem to be a payment gateway who allow tech scammers to use their services. Unusually, they try to warn marks before they allow payment details to be collected. I see the scammers make the “warning” pages very small (Crtl -) and only enlarge the payment pages when the payment itself needs to be entered.
could this be helpful? since they're registered in singapore, the authorities over there don't look too kindly on scams.
can use the indian MCA website to check company names and ownership/director information:
http://www.mca.gov.in/mcafoportal/checkCompanyName.do
but yeah, it is super tough to get follow-through from authorities in india.
"We do not condone these practices [tech support scams] in our gateway as we consider them unethical."
Then where do I report abuse, pray tell?
"The actual sale is made by http://globalsmsp.com/"
Think I found their site. They don't claim any sort of physical address.
REGISTRAR: GoDaddy https://supportcenter.godaddy.com/AbuseReport
HOST: 203.221.1.106 Wavenet Pty Ltd [email protected]
http://easternunionscompany.org/En
Claims to be located in Mexico, but their main phone is a US (+1) number.
"Avenida Florencia 57 Despacho 103, Oficina 15, Delegación Cuauhtémoc, 6600, México" Google Maps is telling me that this addy doesn't exist, but "Despacho 103" is the name of a print shop located in Mexico City.
The domain has only been registered since this May, despite claiming "years of experience."
REGISTRAR: GoDaddy https://supportcenter.godaddy.com/AbuseReport
HOST: 205.144.171.126 WebWeb.com [email protected]
http://easternunions.com/en
This one claims the same Mexico addy as the above, but with a different US phone number. Their other MX addy, "Calle Calatrava 5107 Ciudad Obregón, 85098 Sonora, México" is a random residential addy.
Same registrar/host as above
The IP 43.230.105.92 points to ISP Realtel Network Services Pvt Ltd , New Delhi.
I find Nimmi S Kumar in west Delhi (Rohini locality). I have the email of this person (and facebook profile) but I am not yet absolutely sure if that person is the same as this scammer female.
However, it doesn't take much to get their centre shut down. I changed my (fake) phone number around 10 times and continually phoned them and asked for Rizwan Khan (the boss guy). At first they blocked my number, but I changed ID and even used their own number seen on their popup. Eventually, they've blocked all inbound calls.
Victory. (Until tomorrow at least)
P.S. The numbers which currently appear on their popups are: 08000291871 and 08000291877 (as of 12/11/2018)
I had big SOCKS plans for these, I “had” one of them for weeks. One night I rang a new number which must have went to the same office, used my same acting and scenario and he must have clicked on and informed his colleague. The escaped back into a hole.
