Not all tech scammers are in India!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

One of my favorite youtubers.. but I've always wondered how he pulls this off? Once the scammer is connected to his computer, he's somehow able to make a "reverse" connection back into the scammer's computer... HOW?

👍︎︎ 3 👤︎︎ u/nullvalue1 📅︎︎ Feb 14 2020 🗫︎ replies

Captions

i get a lot of comments on my channel asking why are all scammers from india and the simple truth is they're not i've logged all my interactions with scammers over the last two years and i've got a bit of a pattern even if i can't get reverse access to the scammer their ip address usually is a fair indication of which country they're from and in over 60 cases that i've recorded around 5 of them won't be from india so in this video you're going to see two examples of where the scammers aren't from india critical alert and the first example is in the french language have a listen to this voila and if you've seen any tech support scams before all of this will seem very familiar the scam always follows a very set script and you'll probably recognize some of the key parts of this scam claim and now you can see the reason why this victim has phoned the scammer they run pop-ups in the french language which looks just like the ones you'll typically see in english normally these calls will route to india but here we're going to a different country like most scamming organizations they will install two types of remote access software on their victim's computer this group are using connectwise control and any desk in fact the victim of this scam is running two different types of antivirus software which is keeping her computer free of viruses but of course this won't suit the narrative of our scammer applications [Music] of course this victim's anti-virus software is functioning correctly it's just that the page that she can see behind all these processes is just a bit of javascript and isn't a virus as claimed our scammer follows the standard script and moves on to the stopped services next line seems to happen in pretty much every tech support scam all these services should be stopped and of course the victim isn't going to know this and of course no tech support scam would be complete without running up the event viewer voila don't and by running through these lies they can convince their victim to buy some unnecessary software and services for example for example so where exactly were these french-speaking scammers i was able to trace their connection to tunisia they were operating out of the capital tunis and all of their scams were targeting people in france tunisia is french-speaking so it was only natural to target a country with plenty of prospective victims just like their counterparts in india they had bought french numbers which would divert to their call center in tunisia exactly the same scam just run in a different language the only other example in the past two years where i find the scammers weren't based in india was from this one similar to the re-image pop-ups this particular one claimed that my version of windows was damaged and obsolete even though it's the most recent windows 10 and that all my file systems were going to be deleted within minutes the fake virus pop-up claimed that i had three pieces of malware or fishing and that my system damage was 28 whatever that means this is another example of a malicious and at very least misleading advert there's nothing wrong with my computer at all and this type of pop-up cannot possibly detect any viruses because it runs entirely within a browser and has no access to the computer's file systems i had a quick look at the source code for this pop-up and it just proved that the entire thing was fake i accidentally left this tab open something that i'd have to make up quick excuses for when i contacted the scammers if you are unfortunate enough to believe the message on the pop-up then you'll end up downloading something called one safe pc cleaner malware bytes identifies one safe pc cleaner as a potentially unwanted program something which is miss sold and misdiagnoses your computer when i ran the software again it misdiagnosed my pc and of course wanted a payment for the full version so i called the support number to see what they would say welcome to technical support i've of course technical support names police and how can i help you hi my name is brandon um i've downloaded one safe pc cleaner and it's identified a lot of files that i need to remove but i i can't i can't remove them without um i don't want like a license number or something yeah and so that's the reason why you purchased the license for the one cpc cleaner to use all the features in such a case in order to get the detail about this license could you please tell me if you have the order id for purchase no way i've just downloaded it i haven't ordered it you just downloaded it right yes that's right yeah uh-huh did you make a purchase from the license no i haven't i've just tried to fix the problem i've hit fix now and it's asking for a license number okay but you know in order to use um the application itself you need to use the license you need to get a license for it at this stage i couldn't quite figure out where the scammer was from he didn't sound indian but i couldn't place his accent either and he latched on to my statement where i mentioned the word virus this is the cue that he needed by the way let's throw back again to the statement that you made earlier on you talked about um getting pop up right and pop up told you that your computer might be infected that's what it said right that's that's right yeah yeah it was give a light beep noise and that said um i understand um that was the day before used to had a client with similar um case in such a case what i can do in order to answer since we're already on the call we can establish a secure connection between the computer so i can carry out um system diagnostics or chunk up okay yeah yeah that's okay that's fine so here we go he wanted remote access so of course i let him have that and wondered would he run the tech support scam let's see he got me to run support.me or log me in rescue and from that i can easily obtain his ip address all right so it says right so now the last window will come up on your screen okay it indicates here that um the permission has been grounded so we can proceed can you not see the mouse pointing move on oh yes that i did is to indicate to you that we connected successfully don't have a mind it says you to revoke to end the session you may click on the right button okay oh yeah okay yes i see all right so before we begin let's run the scan okay it saves you that you have um the malwarebytes unto malware when was the last time you run the full antivirus game uh i i couldn't tell you i'm not not great with computers someone else put all of this on for me i i know very little i'm afraid no worries let's check if it's activated or not okay when i look at the traffic on wireshark it indicates that the traffic is coming from ukraine specifically it's the town of ivana frankiest i let the agent point out obvious things like i should be running the antivirus regularly but eventually he notices the pop-up so in this case let's start the system checkup right you mentioned delirion okay here it is yeah oh yes that's that was it yeah it's it's something about you don't update windows right i i don't know what you mean so it's easy microsoft defined that you didn't update windows let's see now i know he's trying to scam me any competent technician would point out that this pop-up is a scam it's very likely that of and quest commission these pop-ups in order to get people to buy their software but it's safe your device is up to date right okay and last checked with some today 13 which means you have the computer to update automatically that's very good which means this is wrong okay right okay yeah uh so it's wrong isn't it information right no but it says your windows system is damaged yes that's what i was worried about um right and then it appointed me to download some repair stuff and you were looking into the sauce oops i'd been giving him the impression that i was a naive computer user so i was gonna have to think fast on my feet i i don't know what i clicked there to be honest i was trying to click away from it i don't know what all that is right click on it or you click on control i control is inspect let me show you all right i don't know what i was trying to get rid of it to be honest so i don't know no worries so this is it uh oh right okay right i was wondering what all that meant yeah no it's fine all right whenever you want to view a page sauce just simply hold on come on i have no idea what i was doing so yeah this is it right so he's at ample opportunity to point out that the message was completely fake even looking at the source code would have told him this but he obviously knows exactly what's going on all right so here is the system checkup by the way how old is the computer system uh about a year and a half or something for two years one year you're the only one who uses it right and it's at this point that he starts to run the tech support scam he says that the system reliability monitor and the event viewer all indicate that my computer has got a problem he's lying so the um in order to do so the ascension itself can be transferred to the support department so it can be um taken care of by a professional expert standard fiber microsoft although it's understood taking that time out we understand that the computer is out of warranty so in order to have the technician to work on the computer system the computer has to be under warranty okay and predictably i meant to fill out a form for work that doesn't need done he asked me to fill this out on supportnex.com this isn't his company's website but it's where they process their payments and when you see a transaction successfully just let me know and when he's connected to my computer i make the reverse connection to him i want to see what's going on at his end and exactly who this guy is and once i was able to see his desktop it was pretty obvious which company it was that was trying to scam me they were called zoom support zoom support our ukrainian tech support agency the map on their website indicated that these offices were round about the area that i saw the traffic coming from in the wireshark trace it looks like a van quest who are the authors of the onesafe software have outsourced their tech support to ukraine and it looks like zoom support will be making some money on every sale that they make hence the scam but something interesting also appeared on my keylogger i have this running on the virtual machine so i can gather a bit more information about who's using my computer while he was waiting for the payment to process someone was logging in to their facebook page they correctly used an email address and a password and the email address seemed to indicate that this person was called alexander and sure enough when i looked on facebook for this name i could see the picture of someone who i think was trying to access my computer it also claimed that he worked for zoom support and the location was ivano frankfust i'm pretty sure this is the guy who calls himself bliss so this video should demonstrate that it's not just indian people who are involved with scams french language speakers get scammed from places like tunisia and morocco but in reality a pop-up scam can happen from anywhere in the world youtube's policies mean that i quite often have to blur some of these videos but i do make the unblurred versions available to my patrons you can see the link to my patron channel here and catch me on twitter at jim browning11 thank you once again for viewing my channel you

Info

Channel: Jim Browning

Views: 1,963,864

Rating: 4.9554076 out of 5

Keywords:

Id: wFtcEiZ290o

Channel Id: undefined

Length: 14min 53sec (893 seconds)

Published: Tue Feb 11 2020