Windows Microsoft Security Centre

colbags · 6 June 2024 10:47

Scam Number: 0845.095.0007

Scammer’s Website or Email:
Additional information about this scam:

samo11 · 6 June 2024 14:17

new fake alert
https://app7f21.z13.web.core.windows.net
1-844-694-8908

samo11 · 6 June 2024 15:40

got new 1
https://appjnn7ju1.z13.web.core.windows.net
1-866-789-0216

FIREFIGHTER619 · 6 June 2024 15:42

866-789-0216 David Thursday 6-6-24 11:42AM EST

OfclyGoodenough · 6 June 2024 16:49

800TollFreeNow, “this side Kevin” answered as “Suppoat for Microsoft” and wanted me to resolve a “network issue” by closing the popup and connecting to the Microsoft Technical Team" by running the “netstat” command in “Command Prompt web page”

I was then asked to download “ConnectWise” from srna.site (Code: 40bv33l). I faked the download not working, prompting “Kevin” to have me install UltraViewer (ID: 79185201/DESKTOP-UAJ0N11)
Once remotely connected, “Kevin” opened Windows Defender, ran the “netstat” command once more and opened Task Manager to falsely claim my security wasn’t working as my computer was infected with “csrss.exe (Client/Server Runtime Subsystem).”
“Kevin” then opened Event Viewer to falsely claim the issue was caused due to a lack of “firewall protection,” prompting him to install ConnectWise from srna.site and blank my screen with a fake software update before asking me to spend $150 on a "network engineer from Tata Consultancy Services"

image1021×759 7.49 KB
After a while, I was asked to log into my nonexistent bank account. I told “Kevin” my bank was strictly in-person only, prompting him to transfer the call to “this side is David from the senior department,” who wanted me to log into my nonexistent account anyways.
“David” then asked me to drive to my fake bank and withdraw all the funds from my account. I faked driving over there, but he still tried to log into my fake bank account, so I played him the Bhenchod Song. He responded by muting my virtual machine.

Callback Number: (201) 204-3024 (Magic Jack)

samo11 · 6 June 2024 16:51

another one
https://ncscdcdcdcdcdcd.z13.web.core.windows.net/Win01securityElnhelpline0042/index.html
1-888-387-3902

FIREFIGHTER619 · 6 June 2024 16:54

888-387-3902 Calvin Thursday 6-6-24 12:53PM EST

OfclyGoodenough · 6 June 2024 17:18

800TollFreeNow, “this side Nick Johnson” answered as “suppoat from Microsoft Corp.” and assigned me a “professional 2nd-level technician” by closing the popup through Task Manager and downloading UltraViewer (ID: 71179786/DESKTOP-8R8N40L) from helpme14.com (IP: 162.214.80.15 ).

The scammers also use AnyDesk and Zoho Support, dubbed “Technician 1” and “Technician 3” respectively.
Once remotely connected, “Nick” asked me to run the “netstat” command in the “Microsoft network scanning tool (Command Prompt)” to falsely claim that “hackers from Singapore and Hong Kong” used my network to install “RUNDLL32.EXE,” using false information on processlibrary.com to falsely claim it was a backdoor.

image377×175 4.94 KB
As I don’t do online banking, the scammer hung up on me.

samo11 · 6 June 2024 17:18

still active
1-844-694-8908
https://appjkll7kk4.z13.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-844-694-8908

samo11 · 6 June 2024 17:50

they are still active

samo11 · 6 June 2024 22:29

got new 1. f**K those scammers

1-833-444-0510

https://appjk9kk2.z13.web.core.windows.net/Mac0security-helpline07/index.html?ph0n=1-833-444-0510

T-REX · 7 June 2024 13:15

1-833-444-0510 still active

Behind_You · 7 June 2024 13:27

still active but line is busy

T-REX · 7 June 2024 13:36

i’m on the line with them.

8775149731

FIREFIGHTER619 · 7 June 2024 14:26

877-514-9731 Alex Friday 6-7-24 10:26AM EST

JusticeinTexas · 7 June 2024 14:44

Apple and Microsoft are interchangable software. Who knew?

samo11 · 7 June 2024 15:47

1-833-203-4855
https://appk6kl4.z13.web.core.windows.net/Win0security-helpline07/index.html

FIREFIGHTER619 · 7 June 2024 15:49

833-203-4855 Andy Friday 6-7-24 11:49AM EST

samo11 · 7 June 2024 15:50

1-432-235-0484

https://myavssoftware.shop/zbnzbcmxbcmbmn/zbxcbmxcnxcbnxm/shffbxcbvnbvnm/uwryeudhbncbxcnbm/nbxncbxhsbcbxmcbm/xnbcdhfgbcmbxmbxmn/zxnbfjbmbxcnbxmcmn/znxznxcxncbxnbxnb/

OfclyGoodenough · 7 June 2024 16:07

Suspected Telcoline, “Dan” initially wanted my phone number to verify my nonexistent subscription and file a “claim.” I presume his scripts were mixed up/

I was able to have him have me “connect to the secure server” by running UltraViewer (ID: 58811714/DESKTOP-AJCNNJI)
Once remotely connected to my virtual machine, “Dan” asked if I had an existing subscription with Microsoft before having me run the “netstat” command in the Command Prompt to falsely claim my IP address was compromised.
“Kevin” then ran the “dir/s” and “tree” commands before falsely claiming Chinese hackers made AN ILLEGAL SUBSCRIPTION TO CHILD PORNOGRAPHY FROM PORNHUB with the Clampi virus.

image1021×763 41.8 KB
I was then asked to check my email and nonexistent bank account. Since I don’t do online banking, he told me to have a good day, so I played him the Bhenchod Song.