I managed to get these Scammers into my VM before the number stopped currently accepting calls. Here is some info:
Scammer Company: Revlight Solutions Pte. Ltd.
Scammer Web Site: https://revlitesolutions.com/
Scammer address (from website): 1 Irving Place #05-06 singapore 369546
Scammer Email: (from web site): [email protected]
Scammer name used: Rebecca White (Indian accent).
Scammer typical MO:
* Scammers fake-pop originating from http://159.65.52.130/virus-found/ch/ falsely tells victim their computer has been compromised by a virus and to call “Microsoft Support” on UK number: +44 20 3695 7532.
* Scammers claim to be "Microsoft Support".
* Scammers get victim to download and install FixMeit Client.exe from URL fixme.it (techline.com) to remotely access and control the victim's PC.
* Scammers run the tree command to display the victim's directory structure while falsely claiming it to be a "Security Scan" and type in a bogus security message at the end claiming the victim's computer is compromised by viruses and hackers.
* Scammers use the Event Viewer logs to display normal errors/warnings and stopped processes which they falsely claim are further evidence of viruses and "malwares" damaging the victim's PC.
* Scammers download and install a free application from advanced advancedidentityprotector.com/download-now-windows/ which they use to display saved web browser passwords !!!!!! The Scammers claim this is evidence that the victim's details have been compromised, but it is an actual (irresponsible) function of the application to display such data.
* Scammers use notepad to display what the victim will be charged for "fixing" their computer and removing the (non-existent) "viruses" that they found during the fake "Security Scan" (£ 186.53) and to install security software and support packages (1 year £ 199.99, 2 year £ 299.99 or 3 year £ 499.99).
* Scammers used peerexperts.com/appayment and Asiapay (HK) Limited - paydollar.com/b2c2/eng/payment/payForm.jsp to attempt to receive a credit/debit card payment to "Revlight Solutions Pte Ltd." with Merchant Reference Number: NYCSS4982149.
* When the first credit card payment was rejected the Scammers used alternative payment portal revlitesolutions.com/paynow/ and Red Dot Payment Pte. Ltd - connect.reddotpayment.com/merchant/cgi-bin-live to attempt to receive a credit/debit card payment to "Revlight Solutions Pte Ltd EC" with Merchant ID number: 0000022466 and Merchant Reference Number: NYCSS9335210.
I have video/audio and IP logs evidence of the fraud in action, if any enforcement authority or company abuse department wishes to take further action.
UPDATE: According to the Cyber Security Agency of Singapore the web site address on the https://revlitesolutions.com/ is fake. Investigations are ongoing. Watch this space!
