PC Support Scam hits close to home

A good friend of mine was scammed yesterday.  Fortunately, she didn’t allow it to go far enough to give them any money, but they did have some access to her computer.  Someone cold-called her and explained that he is calling everyone using Windows, and said her computer may be infected with viruses.  She asked several more questions, thinking it was someone from Microsoft Windows at first, then eventually found out it was a company called “PC MARV”, a computer support company.  The person identified himself as “Kevin” , and they offered to help her by walking her through executing a few commands which would show her that she has infections, then, as a further step, he gave her a code and had her go to a website, which turned out to be a LogMeIn remote support site, where they took control of her computer to “assist” her in fixing her “problems”.  She was reluctant, but did feel her computer might be infected with something, since it’s been slow lately, and acting erratic, with some things not working right, so she let them look at it after realizing they had taken control of her computer.  (YIKES! ** red flag **)

“Kevin” did several things on her computer to show her the infections.  He brought up dozens of “WARNING!” messages from Windows 7’s event viewer (this is actually nothing unusual, and these occur all the time in the logs–you’ll get them even for even the slightest things, like a website that isn’t accessible) and told her these were all infections that needed to be cleaned up and removed.  He ended up scaring her quite a bit about this, which, I’m sure, was his intention.  The last thing he did was bring up a Command Prompt, enter a command to display hundreds of processes running on her computer, and then he scrolled to the bottom of the page and show her this:
She said it was at the bottom of the page instantly and didn’t appear letter-by-letter as if typed.  I explained to her that the C:\> prompt is just that–a PROMPT.  After that is typed text, and the message “software protection expired..” was pasted into the line by the tech.  He probably copied it from his computer and just pasted it into the command line window.  I explained to her that this text didn’t come from any application or system alert, they just typed the text in to convince her she was infected.   ** another red flag **
She said her neighbor, who is very knowledgeable avbout computers, came over at that point, and she gave the phone to him.  He talked to them, or listened to them a little, then explained that he doesn’t know who they are, and he’s hanging up, then hung up the phone.
I gathered as much information from her as I could at that point.  The person she talked to was “Kevin”, and the tech who remoted to her was “Donnie Adams”, she said.  The company was “PC MARV”, and they gave her their phone number.  “Kevin” had a foreign accent, probably Indian.  I googled “PC MARV” and there definitely is a website which advertises the phone # she had for them.  Based on the details on the site, it sounded like a real PC Tech company that does remote support.  It was well after normal business hours, but I figured I’d call them anyway, and see what happens.  I called and immediately got a live human ( ** yet another red flag **)!
I asked if they had called a friend of mine, <first name omitted>, today, and remoted to her computer to help her.  They said they were having a hard time understanding me every time I asked them a direct question, like “Does your company make it a habit of cold calling people to tell them their computer is infected?” or “How did you get her phone number?”  They asked who we spoke to earlier today when they called.  I said “His name was Kevin”, and the guy said, “ah, yes, Kevin Smith, I’ll get him…” and there’s some muffled rustling and background talking, then “Kevin Smith” comes on the line and explains that they “remoted to our computer, because we are infected with viruses and they need to be cleaned out and removed.”  I asked again, “But how did you get her phone number?”  Then, suddenly he was having a hard time understanding me again.  Go figure.
After being handed back to the guy who answered my call, he asked who remoted to my computer.  I said it was “Donnie Adams”.  So there’s more muffled noise, then I’m talking to Donnie Adams, who basically repeats the same things the other two guys said about her having a virus and they need to clean up her computer.  I told him “Don’t worry about it, we’ll take care of it from here, DON’T CALL HER AGAIN.”  He started arguing again about not understanding (of course) and I hung up on him at that point.
So, it seems this company, which has a full website for their PC tech services, is most likely India-based, or from somewhere outside the US, I’m sure, and routinely calls people, scamming and scaring them into support contracts or supposed one-time fees for their PC cleanup services.  I’m sure they are able to make a lot of money off of people using these techniques.  Pretty much every Windows computer is always going to have “infections” and “vulnerabilities” at any given point in time, that’s just the nature of the beast.  Whether it’s just a bad link that redirects you to an infected website, or a piece of spyware that gathers your browsing preferences, they’re all considered “infections” and “vulnerabilities”.  Her antivirus is always up-to-date, and she scans for malware regularly.  She’s fine.  But I guess, since “technically”, she is “infected”, they can get away with claiming that, but they should absolutely NOT be allowed to continue preying on innocent people like this, with these totally deceptive scare tactics!  What if they had frightened her to the point of having a heart attack??  They don’t know the state of health of the people they’re calling!  Something should definitely be done about them, this just isn’t right.
A quick check of the domain showed the small block of details in this posting (click on it to see it full-sized).   My hunch was correct, it’s based in India… She should have asked if they provide any ON-SITE support!
The big block of details at the end of this posting are the supposed paid services they provide, as listed on their website… Wow, for $50 they’ll basically do nothing for you… How nice of them.  The other big text image shown in this article is the domain registration information for pcmarv.com, found in the public WHOIS database… if it’s even accurate.
Finally, here’s a posting on Microsoft Answers regarding someone else’s experience with the same scammers.  And then there’s this YouTube video from Symantec, when they actually had someone pose as an unsuspecting user who called the scammers for help with her computer.
As a final side note, I’m sure the names they used were fake… Kevin Smith is an American screenwriter, actor, film producer, and director, as well as a popular comic book writer, author, comedian/raconteur, and internet radio personality best recognized by viewers as Silent Bob–though the first and last name is very popular…in the US.  “Donnie Adams” aka Don Adams was an American actor, comedian and director famous for his sitcom “Get Smart” in the late 60’s. –but, again, another popular first and last name in our country… But, then again, if they had identified themselves as “Apu”, “Amir” or “Ahmad”, I’m sure it would raise another red flag more quickly.  I also think, just maybe, as I supposedly spoke to three different people at “PC Marv” who sounded very much alike, maybe I was talking to the same person all three times… I know it sounds a bit far-fetched, but now I’m wondering… If I called them back and asked to speak to “Kevin Johnson” , who remoted to my PC today, would they put Kevin Johnson on the phone?  Since this never happened, and Kevin Johnson is a name I made up, what are the odds that he magically works at PC Marv??

Author: Jim

2 thoughts on “PC Support Scam hits close to home

  1. What gets me, is how they can take the everyday occurrences–like when something crashes and you “Send Error Report” and you send it instead of closing it–which everyone with Windows has done at one time or another–and use that in their social engineering, saying they get those messages and they’re calling in response to this. A lot of users who aren’t tech-savvy are going to lean toward believing them, and falling further into their trap.

    Most of all, I hate how these people are making legitimate techs such as myself, who rely on this same type of tech work to support themselves, look like total scammers. Our potential customers no longer trust us or believe our analyses.

    It obviously must be very difficult to prosecute them, being in another country, since Microsoft and Symantec are fully aware of their existence, yet they’re still in business. But, as Symantec mentioned in their video, they crop up like dandelions in a meadow–cut one down, and ten more pop up in it’s place.

Leave a Reply