Sunday, March 22, 2015

Do Not Call 844-708-2743

While reading the news online, my browser suddenly froze and a female voice came over my speaker telling me that my computer had been infected by a virus. I was given a phone number to call in order to have it cleaned-off.

I had multiple windows open on my browser and I couldn't close any of them. I couldn't switch from one window to another. I was essentially stuck on the window with the recording playing over and over, along with its accompanying pop-up.


The number I was told to call is 1-844-708-2743, which is a toll-free number. I Googled the number on my iPhone but didn't learn who actually owns it. However, I did find reports about it posted online.


I found reports posted on 800Notes and a very brief note from WhoCalledMe. Nothing else. It certainly didn't display as belonging to Microsoft.


I have McAfee, along with some other programs installed on my laptop and I run a scan using all the programs, in case something managed to slip through. If a virus or trojan managed to get past all of them, I was going to have some problems, if I didn't clean it out.


I found this post on 800Notes rather interesting

  • Slim0
    Slim replies to Mac
    DO NOT CALL THAT PHONE NUMBER!

    If you see the message ONLY with your browser,
    -- google "browser hijack", and try some of the solutions seen there.

    If you see the message pretty much all the time,
    -- download the anti-malware program from malwarebytes.com (or another legitimate site)
    -- run it
    --  Make sure you check the boxes that say "PUPs" (Potentially Unwanted Programs)

    If none of that works, you may have to visit your local computer repair shop, or restore your system from a backup created before you saw the "virus warning".

    DO NOT CALL THAT PHONE NUMBER!
I had previously heard of MalwareBytes, but never had installed it, since I thought McAfee and my other programs were enough to keep my laptop safe. However, a friend of mine who does computer repair told me that when a computer comes into their shop, they run several anti-virus programs on it, rather than just one. Pressing Alt+F4 to close all my windows and the browser at the same time - rather than turn my laptop power off (a.k.a. the hard shutdown) - I then opened the browser again and decided not to trust the pop-up and suspicious voice.

Figuring that More is Better Than Less, I went over to MalwareBytes and installed the free version.and let it run.

Sure enough, my laptop had about 20 items installed on it, including a couple of trojans. Since I use a web-based email and not the email program on my laptop, these hadn't been sent out to people I had emailed in the past. I have no idea how long the malware had been on my hard drive, but my laptop has been giving me problems for awhile.

I had the program clean off the malware and then rebooted. So far, everything seems okay.

If you don't have Malwarebytes installed on your computer, you should go get it now.

Using my browser's History, I was able to discover the web address that was displaying in my address bar when my browser got frozen and the voice and pop-up came on. It was from scan-direct.com which is *NOT* a Microsoft-owned website. I did a WhoIs search and unsurprisingly learned that it is an anonymously-registered site, hosted by the fine people at Cloudflare. The site was created on March 22, 2015 and is due to expire exactly one year later.

Anyone who sees that warning in their browser should not call that number. It's not Microsoft and is likely a bunch of scammers trying to hijack your computer.

Doing a further bit of research on these people, I discovered another phone number affiliated with them, which is 1-855-507-0661. 800Notes also had a report on this number, as did CheckWhoCalled. I tried calling this number from a pay phone and it is currently out of service.

Attempts to call the 844 number resulted in hearing a recorded message telling me all their operators were assisting other clients and for me to call back later. According to this webpage the number is registered to someone who lives on Princeton Street in Houston, Texas. The registrants' names are not listed.

I will continue to try calling that number until someone answers. I will update this blog post with my discoveries, if any.

Update: I got through after trying several times Sunday night. If the location where the phones are answered is really in Houston, it made more sense to wait until they were actually awake. 

The man who answered said that his name is "John Marshall", which was interesting for a guy whose accent sounded like he was from India, Pakistan or Bangladesh. I asked him for the name of his company and he said it's "Support Man Computer Services" and that they work with "thousands of companies" and whenever a computer system detects that it has been infected by a virus, the system automatically directs the user to call their company by default. 

If it were true, that is one helluva sweetheart deal for any company to have! 

Of course, it's not true and a Google search for "Support Man Computer Services" yielded no results whatsoever. There are countless computer support companies around the world and there is no reason for "thousands of companies" to all trust just this one. 

A more likely explanation is that some hacker planted a program in a website which would cause a browser to freeze and display a pop-up telling a user to call a phone number. Right?

Anyway, "John" asked me some questions about my security programs and operating system and I bullshitted my way through them. I was standing out in public on a pay phone and obviously didn't have my laptop with me. Even if I did, I wasn't going to take instructions from some guy I didn't even know, especially when it comes to my computer security. I ended the call by telling him that I'd call back (you keep a candle burning in the window for me, Johnny) and did some shopping. 

I called again about 8 hours later. John answered again, but this time claimed to be Windows Tech Support. I later filed a report with Microsoft about this. 

So, that's what I found out. There might be more to it, but I didn't have the time or inclination to indulge my curiosity any further. 

In short: this is a total scam. There is no reason to believe anything these people tell you. Their story doesn't hold up under even modest scrutiny. If you've seen the  pop-up after a browser freeze, just press Alt+F4 to close your browser and run Malwarebytes (get it if you don't have it already) and/or whatever anti-virus program you've got. 

Remember, do not call that number from your own phone. It would allow them to know your phone number and they could start harassing you in the future or sell your number to other scammers. 

You could file a report against them with the Federal Trade Commission, if you want. I do advise filing a report with Microsoft about this. Use this link



Duane Browning
Post a Comment