Hacked Gadgets corners Scammers called Global IT and Global PC Protection – Part 2

global_pc_protection_are_scammers_2
49



If you haven’t seen part 1 you should watch some of that video to get caught up.

This is part 2 of Hacked Gadgets following the techniques that computer scammers called Global PC Protection use. Part 1 was called Hacked Gadgets has fun with Computer Scammer called Global IT because at that point they were just calling themselves Global IT but through this investigation they revealed their main website. Their main website is www.globalpcprotection.com.

I have done some research and found out that this organization has been at it for quite a while. When there is enough awareness about their scam they change their name. Their last business name was Consult PC Experts  (www.consultpcexperts.com). If you have a look at the web site screen shots below you can still see lots of references to the old Consult PC Experts site. On a side note I was looking for site registration information for the old domain and guess what, the domain name expired 2 months ago and was never renewed. I wonder who could be the new owner of consultpcexperts.com. 🙂

To keep my equipment safe I have setup a VM (virtual machine), this VM has no way to interact with any of the computers on my network so they can mess around all they want in this sandbox and are not able to do any harm. The VM is just an image I had handy, it is a very old virgin install of Window XP which works fine but is old. What they should have immediately done is spot this and install the hundreds of Windows updates that this system needs. During their playing many pieces of software don’t install, I believe that this is because this is an old version of Windows XP (pre SP2).

I am using some test credit card numbers from a coding site, these credit card numbers would normally be used when testing credit card validation scripts. The numbers on the site are random valid numbers based on the Luhn formula.

At the beginning I was just going to have a short bit of fun with these jokers but they didn’t catch any of the blatant clues I left for them. I changed the DNS server setting to Open DNS, the first time they asked me for my credit card details they took me to a payment page on swreg.org which is a legitimate payment site. I configured Open DNS to block swreg.org, when blocked it would display their phone number as the technical assistance phone number and their company name in logo form. It wasn’t their real logo though as I didn’t know about their real website at that point. I thought as soon as they saw this they would have some choice words and that would be the end.

As it turned out they were not very swift and just kept the payment carrot laser focused as their main goal.

When they took me to another payment site I also entered that domain into Open DNS block list but it takes 10 or 15 minutes for a block to take effect so it worked for a long time before it also got blocked.

The names I have been given by the agents are: Sam, Jack Morris, David Smith, Alex Murphy, Jason, James Parker.
Their phone numbers are: 646-867-3751  ,   718-593-4198   ,   07 – 3040 – 0210
The service email address they use is: support@globalpcprotection.com


Update (December 8, 2011): See part 3 where they made a fresh cold call.


Video Timeline

  • 0:00:00 – 0:08:14  Introduction
  • 0:08:15 – 0:27:00  They log onto my computer and attempt to load the payment page which I have blocked.
  • 0:27:01 – 0:32:19  They attempt to load Google Chrome to load their payment page. Failed because of missing updates.
  • 0:40:10 – 0:59:00  They load a new payment page to attempt to get their payment.
  • 0:59:20 – 1:00:30   They say that they are having some problems with their main server and will fix the computer today and collect payment tomorrow!
  • 01:01:00 -  01:10:00  A system restore point is made, they clear some cache, turn off logging of their famous errors and warnings, run the disk cleanup utility, add some junk icons to the desktop, attempt to install antivirus but can’t since Windows needs updating. They install Registry Easy and clean the registry on my fresh VM.
  • 1:10:55 – 1:13:25  They return to the second payment website and now the Open DNS block has kicked in so it is also blocked. 🙂
  • 1:16:05 – 1:53:00  They try to fix cause of their payment sites being blocked.
  • 1:53:46 -  1:56:50  They load up their third payment site which isn’t blocked.
  • 2:04:30 – 2:05:30  Failed attempt to install another AV program.
  • 2:30:20 – 2:42:05  Poking around changing security settings. Taking another crack at installing AVG.
  • 2:46:10 – 2:47:00  They finally figured out how to remove the DNS entry that is doing the blocking. I wish I could have made the DNS change in my router but because of my digital TV service I need to keep it the way it is.
  • 2:50:00 – 3:07:50  They have me fill out the main payment form so they can get paid. When that fails they provide me with wire transfer instructions.
  • 3:11:30 – 3:13:10  More failed attempts at installing some AV software.
  • 3:19:09 – 3:24:48  They attempt to “Upgrade the computer to Windows 8” by installing a skin pack. If this worked it would make the XP installation look similar Windows 8. 🙂
  • 3:24:52 – 3:29:30  The skin pack did something that corrupted this old version of XP. It is now stuck in an endless boot loop. He calls me at 3:25:55 and obviously doesn’t know how to troubleshoot the state of my computer. He said he will call back but instead goes home.
  • 3:29:50 – 3:33:10  A new technician Jason calls back but doesn’t know about my looping boot issue. He just wants me to walk me through the payment procedure… He eventually just hangs up
  • 3:33:20 – 3:44:40  This is the funniest call ever, it’s after hours and it seems like there is just one drunk guy manning the phones. After he hangs up I get him again at 3:37:02
  • 3:44:41 – 4:42:00  Call after I have had my boot issue resolved (I copied a new copy of the VM file which takes about 1 minute). I fill out their payment form again. I pretend to call the bank to see why my card doesn’t work for online purchases, of course since this is the weekend the fake bank needs me to go to my branch when it opens on Monday.
  • 4:42:01 – 5:15:30  They go over a new support icon that has been installed and install a bunch of software again since my OS is virgin again. 🙂
  • 5:16:12 – 5:56:30  They call a few days later to get the payment now that I had a chance to see the bank. I just give them a hard time since they have already done the work. I poke holes in some of the claims they make. I make them explain some of the things like how I can get unlimited free movies, games and software as soon I renew the maintenance warranty.
  • 5:56:31 – 6:16:28  I finally show him the part 1 Hacked Gadgets article, at 6:01:45 I tell them that this is my site, his reaction is priceless.









You May Also Like

MIT Party Mode, Dorm Room Automation

Hacked Gadgets gets another cold call from Scammers called Global IT and Global PC Protection – Part 3

Soldering Iron Pen