A new twist on an old scam

Video Statistics and Information

Video

Captions Word Cloud

Captions

a few days ago I got an email from a billing department for something I didn't order the item in question was a Microsoft Surface pro and its price was three thousand seven hundred and ninety nine dollars the email had no company name no links and just one phone number it looks gammy so I give the number a call critical alert for launch hi yeah I've got an email here about a laptop I didn't order can you help with that yeah six three eight seven four zero two three seven oh I give them the wrong order number because I didn't think this would really matter take it he's an auto phone micro what do you wanna know about the tally so not surprisingly even though I miss coded the order number he seemed to realize that it was about a Microsoft Surface pro I have not placed an order for a surface pro and I don't know why I've got the email here so I'm just gonna look into it take account information completely sure it wasn't long before this scammer get back to me okay that's good thanks so where's the scam you're wondering well I prepared the VM just in case so there's one things the species is walking suspicious he was spending a suitable amount of time looking up his non-existent order system for something suspicious you confirm me your first and last name yeah Dave Reynolds r ey n o LDS a fake name wouldn't matter either a minute are you calling from a wat in Ohio he'd obviously been looking up mine area code no I'm in Toledo Ohio but sir the thing is the right now is showing you that the order was placed on Rotten Ohio and your identity has been used for this order mom tell oh then you have a Windows 10 computer yeah I think it's 10 yeah so I think that someone is connected to the computer I have Casa de or that's not a problem but being a technician is my request you to just say the network status of your computer oh right I'm not good with computers what why do i how do I check the computer right give me a second here sure yeah I've got the computer runnin here okay look at the left bottom of the keyboard do you see the Windows key the key with folder to the boxes on it so as you've probably guessed this was all a ruse just to run a standard tech support scam he gets me to roll net start to show foreign connections then event fear to show errors and warnings and finally he gets me to download go to assist so they can gain Ramon access to my PC he then tells me why I would have got such an email okay yeah this IP address was getting used from Ghana South Africa I didn't want to tell them that Ghana and South Africa were two different countries and those people were connected to your antenna then they were making some fraud purchase over the Internet all right yeah but with hard to get my credit card for laughter or sir whether they are connected to your IP address IP address does how if you have using your banking and other things has well over into everything and they can get it okay and that's not the only thing they were also trying to upload a forward mind through this part of the script all he was trying to get me to do was to buy what he called a SonicWALL firewall for nine hundred and thirty three dollars I use a tool called Wireshark to lie me to inspect what so the traffic is coming into an idea of this virtual computer and as usual the scammer is located in India but when I looked at the exact location of this IP address on usually it comes from a region called Jammu and a schmear it's the first time I've seen scammers operate from this location but I also have the ability whenever scammers connect to my PC to reverse this connection I'm often able to download some other files I can't reveal exactly how I do this but I will present you some of the files that I find on their pcs one of the first documents I find was a company registration document here you can see that the company is called comstor Technologies Private Limited and it did indeed seem to come from the right region the document indicated that the director was called saying Ahmad and his office was located in Raj Mike in the city of Srinagar in the region of Jammu and Kashmir I also find a business card with a cellphone number on the top right more about that number in just a moment I also find a bank statement which contained an alternative address for this company in South Delhi it also showed that four people were being paid a salary and that some cash deposits from Srinagar were also being added if this is a typical month this company employed just four people and they made a modest amount of money each month I also find images of pop-up campaigns they were aimed at Windows 7 and Windows 10 users and the results saw a blue screen of death screen something indicative of other scams I also find the personal data of many people in the United States and Canada who seem to be victims of a pop-up scam there was a further spreadsheet with at least 2,000 names on it I also observed this team sending out email reminders from Ms billing services about a subscription reminder they seemed to be pretending to be Microsoft I also watched this group process some of their payments from victims through PayPal a very recent and pending transaction belonged to one of their victims named William from Canada because it was such a recent transaction I had the ability to refund this victim so I wasted no time and clicking that refund button I also note to the victim to explain why he'd got the refund and that looked like it was a complete success so I tried to see if I could refund any of the others unfortunately whenever I tried this and some of the other victim names there weren't enough funds and PayPal to cover the refund so instead I've just reported this account to PayPal and hope that they can take action on the basis of this video I also find evidence that they were using multiple company names here's an invoice from 2017 under the name of protech solutions there are also checks from US victims Mira to prime process LLC but a more recent company name is MS info solutions and on the top left the name of profess Alam this name would crop up time and again on one of their computers and in fact professes identity details were on the PC and other documents seemed indicate that prevents was the director of this company there are also a few photographs of a virtual office called Agarwal tower in Delhi the scammers laptop also contained photographs inside these virtual offices I've had to blur the faces because I can't be a hundred percent sure that these are the scammers but given that at least one of them had a MacBook it's pretty likely to be these guys so now that I had the identities of some of the key players it was time to phone them and confront them about the scam hello hello yes speaking yes hello no this is the thing right nine hundred and thirty three dollars right I've got a few questions for you mark okay do you think you could be truthful with me here because I'm very concerned about this whole business I am answering you I'm they're going to you hundred questions right so why did you give me a fake name what kind of big name you got well mark Roger and Allen Walker or fake names sorry it sounds like you've given me a fake name pick me mop what sir mark Roger is this fake name name sir right so what is your real name my name is Tom and I've long from actually a blonde from China Japan that's the reason we have here our alias name I'm connected to Japan am i you know I hear I'm working United States okay whereabouts in the United States whereabouts California right it's only we are telling you we have even to all that services so what company are you what's the company name its impositions and we provide support for Microsoft products and the antiwar does well like not on Kaspersky McAfee you can directly do one thing if you have any dubs you can directly call the Microsoft number and after that you doing the our company name info solution and then the transfer this call to us directly but you're not in few solutions are you your comm store technologies your comb store technologies aren't you okay immediately said that so am I speaking to professore Siam oh dear so there you go again so you're still lying to me like why you're lying because you're trying to defraud me and you've de frauded lots of people already you didn't know okay so yesterday when you spoke to Frank you tried to rip him off and George all of those people you have already ripped off you see the thing is I was able to trace your IP address and guess where it led to Siam you've gone very quiet yeah guess where I find your IP yeah sorry guess were your IP address points to I don't know no okay he hung up on me but I decided to try the mobile number that I saw in that calling card [Music] notice how the recipient initially answers in English hello hi Siam its Orson here how you doing I just got a few more hello and you can hear me okay yeah you can hear me fine so I've got a few more questions if you don't mind English no English oh yes you do same I've got a few more questions just a bit your company and I'm considering getting the Srinagar police involved you better start speaking English very quickly yes you do so I spoke to you just a minute ago and if you don't speak English then I'm going straight to the police so knowing you do have English you to have English I mean a minute ago you couldn't hear me no you can't strangely enough nice try but just a few minutes theater I got yet another call from that company hello listen to the panic in the background yeah Who am I talking to is this progress yeah okay so you called me back obviously did you get my voicemail when when did I call you I don't know just a few minutes ago anyway I'm gonna take this matter to the police from now on okay my next step is going to the Srinagar Police I'm being to say for yourself what what I feel I can understand that you can't understand what I'm going to the police means why are you because you have been you've been committing fraud and you've ripped off lots of people in the USA and Canada okay but I know I know your home address outside Basti and Srinagar I know your office attracts you don't give a damn okay well I'll also I will be publishing all of your details on the internet as well so keep a lookout I had no problem at all you go ahead you're not guilty ok we'll we'll we'll just see all gladly not at all ok can I name some of your victims I will leave some of your victims and not kiss Richard Richard L Mary okay do these names mean anything to you father all the people that you've ripped off over the last number of months they will be getting their money back do you want to give them their money back well oh not at all okay well you know what the bullshit you are speaking about would you go ahead what do you want to do okay well I'm just looking at Sam's bank statement here and it looks like the comstor company that he is set up seems to be paying him pretty well every note you don't care okay and go to the plea what the time company no problem and srinagar is there any prisons around there any close by I don't know what the bullshit you are spinning out I'm just allowing you whatever you want to do you want to go to please you want to register I think go ahead because I knew I'm not guilty you know you think you're not guilty okay that's fine I have plenty of evidence which shows otherwise I don't think I knew I'm not you know you're not okay so why then did you lie to me and say that I needed a sonic firewall for $900 when I didn't yes of cold eyes the security you need to put it at for us security for you what is the problem in it because I don't need it and you lied to me we don't tell the product if you want it we don't want it who is forcing you to get it yeah but you didn't install anything and you lied to me yeah anyway not interested Nora all go ahead please okay fair enough so I leave this video with some files that were discovered on these scammers computers I intend to pass all of these to the Srinagar police you

Info

Channel: Jim Browning

Views: 759,123

Rating: 4.9748802 out of 5

Keywords: scam, computer scam, fake invoice, srinigar, kashmir, comstoretechnologies, comstore technologies, microsoft scam, locating scammers

Id: UG-KjCSt14k

Channel Id: undefined

Length: 17min 3sec (1023 seconds)

Published: Sun Jun 23 2019

Reddit Comments

Mark why did you give me a fake name? What is your real name?

My name is Tom.

hahaha

👍︎︎ 1004 👤︎︎ u/ShustOne 📅︎︎ Jun 24 2019 🗫︎ replies

I really enjoyed how he got all the info of the scammers, very entertaining.

👍︎︎ 858 👤︎︎ u/MBXfilms 📅︎︎ Jun 23 2019 🗫︎ replies

This is what happens when Liam Neeson becomes an Ethical Hacker.

👍︎︎ 118 👤︎︎ u/gregorysimpson 📅︎︎ Jun 24 2019 🗫︎ replies

This guy must bust the biggest justice nut after that last phone call. Just fucking empty the balls when the guys saying "go ahead go ahead I'm not guilty go ahead" and just knows hes fucked.

👍︎︎ 498 👤︎︎ u/PM_BUTT_PICS 📅︎︎ Jun 24 2019 🗫︎ replies

How did he get all that info?

👍︎︎ 193 👤︎︎ u/Kpkimmel 📅︎︎ Jun 24 2019 🗫︎ replies

I love these kinds of videos. Unfortunate to think that in India he probably won’t get in trouble for it though. As long as he knows the right people to pay off

👍︎︎ 517 👤︎︎ u/PM_UR_UGLY_SWEATERS 📅︎︎ Jun 24 2019 🗫︎ replies

I don't have much confidence that the police would have acted on that information.

👍︎︎ 45 👤︎︎ u/[deleted] 📅︎︎ Jun 24 2019 🗫︎ replies

I’m not familiar with the laws in India. Would any of this evidence be admissible in court? It was essentially taken by a vigilante without a warrant.

On another note it’s disappointing to know that this practice is lucrative enough for people to build small businesses defrauding people over the internet.

👍︎︎ 117 👤︎︎ u/theangrybuddah1 📅︎︎ Jun 24 2019 🗫︎ replies

Where’s the infosec crowd?

Someone wanna throw out some ideas of how the man was able to get what sounds like a reverse shell during their remote connection?

👍︎︎ 36 👤︎︎ u/GreenCoatBlackShoes 📅︎︎ Jun 24 2019 🗫︎ replies