Wednesday, August 8, 2012

Cold call scammed again – but this time, it’s local

Wednesday, August 8, 2012

It happened again. After 6pm, unlisted number, foreign accent. I’ve heard this before. And again before that. And again before that too. And again a bunch of other times where I either didn’t record it, came on a bit strong or, uh, tried to teach them some new words they may not have heard before.

I’ve also interviewed the man behind one of the original scams (it has undoubtedly been copied by other scammers) and petitioned LogMeIn to stem the spread of the scam (also had a very nice chat with them – but to no avail). In short, I’ve given this some thought before.

But there was something very, very different about tonight’s call; the scammers were (allegedly) only a few k’s away from me. They also left a Sydney phone number (which I verify at the end of the video) and they knew my surname when they called. Oh – and another unusual trait – they were polite. Even when confronted, Austin (yes, as in The Spy Who Shagged Me) kept it cool so bully for you, Mr. Powers.

Here’s what happened:

A few footnotes:

  1. Apologies to Dutch viewers for butchering their language. I did actually spend a couple of years living in Holland but 20 years on and the Dutch is, well, rusty.
  2. The virtual machine I fired up was a special one I was keeping on hand for the next time they called. I configured it in Dutch to see how they handled it when they got remote control.
  3. Camtasia wasn’t real happy when I ran out of disk space and whilst it partially recovered, it sped the audio up triple time (which I fixed) and lost the video from the 16 and a bit minute mark onwards (which I couldn’t fix).
  4. In case you didn’t watch to the end, I called the local number that was left with me and got through to a receptionist. Hopefully this will be sufficient to pursue them further.
  5. They also gave me a local address and as I said earlier, it’s very close to me indeed. I may need to take a PC in for some in-person support.
  6. For the sake of search engines, the phone number left was (02) 8005 4980.

This now opens up multiple avenues of recourse, assuming of course these guys really are local. To start with, there’s the Do Not Call Register which I am listed on and (local) companies abusing this face fines of up to $250,000. If they truly are local, they’ll get a follow-up very soon.

I’ll also get back to my contact at LogMeIn who was great to talk to last time although unfortunately was not able to actually implement anything. Still, they need to know this is still a problem.

Then there are the local authorities. In the past I’ve had positive dialogue with the Australian Federal Police and they too were clearly frustrated at the inability to deal with scams originating from overseas. Again, if these guys truly are local, hopefully they’ll be receiving a knock on the door soon.

Ideally, I would have kept the session going (I ended up disconnecting the network on the virtual machine) and caught them in the act of “fixing” the machine. Still, there’s more than enough evidence in there of misleading, deceptive and fraudulent activity that assuming they are local, action can be taken. Stay tuned.

Update, 9 August: Given Austin from “Help for Windows” had kindly given me a local address only a few km from home (about the 40 minute mark in the video), I thought I’d go by and say g’day. The address is 106/283 Alfred St in North Sydney and it looks just like this:

Outside 106/283 Alfred St in North Sydney

Inside, the directory skips right over number 106:

Directory showing no suite 106 listed

Upstairs on the first floor there’s no corporate signage like the other units in the building (this normally appears above the number in the blank space):

Suite 106 with no signage

The letterbox also appears to be somewhat neglected:

Overflowing letterbox at 106

I even stood outside the door just after 09:00 and called the number they answered on last night but to no avail (direct to voicemail). At the time of writing (about 18:00 local), they’re answering again so it may just be a night time operation. The other important thing is that it doesn’t sound like it’s connecting overseas, it sounds like a normal local call.

A little Googling around and it seems that the premises where previously occupied by Mobilion, telcoms consultants who’ve since moved next door. It was also once occupied by Champion United computer repairs, but they’re also next door now. Then the place was up for lease a couple of years back too.

Then there’s that phone number – (02) 8005 4980 – and a quick search shows the scammers have been using this since at least October last year, also under the name “Help for Windows”. It also pops up on the Reverse Australia website so clearly they’ve gotten enough people offside to get many comments across different sites.

The other place that phone number popped up on was the website for Hyper-Tech PC Solutions, a freebie website built on Weebly. It seems that Hyper-Tech offers “Computer Support professionals handling tirelessly and efficiently Online Computer Repairs for Desktops, Laptops, Networks, Printers” – sound familiar? For the tech-savvy readers, take a look at the source of the registration page, in particular line 56 onwards :)

So what now? It all depends on whether they truly are local but certainly there seems to be enough information here for several local authorities to take notice so I’ll package all this up and send it in the appropriate directions imminently. Hopefully this time we’ll see some action.

Update, 14 August: All the information above has now gone off to AusCERT and the Australian Do Not Call Register. Let's see what comes of it.

Tags:

comments powered by Disqus

Leaving comments is awesome, please do. All I ask is that you be nice and if in doubt, read Comments on troyhunt.com for guidance.