Tech Scammer with a Fake Website

Scams
1

Called “MS Tech Support” +18552060488

I’ve played stupid and let them remote access my VM. One of them got mad at me for saying " ok ok" a lot lol.

This is their scam site below:

http://globaltekservices.net/

which they use for their victims to enter their payment information.

2

What tactics did they use? They are most certainly not Microsoft, or Microsoft partnered.

3

@R34P3R#4166 They used something different other than their traditional CMD scam. They had their own software which is their own CMD, but more convincing to their victims . He entered his fake employee id and commenced the “scan”. After the scan, it turned red saying I had no firewall and my security threat is high. Afterwards, he entered another id and the scan failed multiple times telling me that hackers are preventing him from doing another scan. He then went into the prefetch files and told me that rundll32.exe files are hacker files and did a google search of " rundll32.exe virus" (first link) to show me that they are attackers. He asked if I wanted to resolve this issue, but there would be a service charge. I said yes and he showed me their scam site. To make it sound convincing, he showed these stickers at the bottom of the site to assure me that they are certified and are a legitimate company.

4

@scraps210#4167 Do you have the program? Or a link to where they downloaded it?

5

@R34P3R#4168 They transferred the program into my VM via the remote access software.

6

@R34P3R#4168 I tried to check on my VM too see if they had left it there but it seems like they took it out.

7

Im gonna ring them in a second see what they do if I can try and grab that cmd ill upload it here

8

Hello!

New to this site here ?

Did my first call to a scammer to record him today. Well, it was fn awesome ..! ?
Typical scammer check on my virtual machine, like tree command and eventviewer and so on.
I managed to hold him for 35 minutes via FireRTC.
I am gonna upload a video on YouTube to share with you guys later.

He had me go to https://lstamerica.com/payment.php to pay 1000$ (!!!!) and that's when I busted him, he then hung up on me.

They were using GoToAssist using ID: 388697825
PLS REPORT: https://www.fastsupport.com/abuse/report/388697825

Tree command, LOL:
---> 20:43:26: IN WINDOW "C:\Windows\system32\cmd.exe - tree" John Silver TYPED:
[Enter]
spyware detected [Enter]
netwoksecurity expied [Enter]
sytem acked [Enter]

Gonna go and check for more info, like IP and so on.

  • - John Silver

    • 9

    @JohnSilver#4266 Looking forward to seeing that video! Nice!

    10

    Gotta grab that PDF for anylasis.

    Finished:

    Some Nonsense post about contract - Album on Imgur

    11

    @scraps210#4269

    Just uploaded a video here:
    https://www.youtube.com/watch?v=odjrILVSlWw

    ?

    12

    Maybe