FixOnClick: Phone scam to get into your PC!

Submitted by Chris on 26 April 2010 - 1:09pm

I've just had the most amazing phone call from the "Maintenance Department of Windows", a polite fellow in an Indian call centre claiming to be from 'local' support team FixOnClick.

Do NOT trust FixOnClick and do NOT given them any information or follow their advice. Hang up on them right away.

The opener to the conversation was notification that my computer has "several error messages" and has been noted by the "Windows R and D team" as having become infested with malware. I was told to open the Windows Event Viewer (given step-by-step instructions) and asked whether any error or warning messages appeared under the Application log.

In common with most Windows installations, there is a spattering of error messages, most relating to an inability to download an update when my internet connection was down, or failure to run something relying on a service I had manually stopped -- certainly nothing to be alarmed about, and nothing to affect the day-to-day operation of my PC.

I told my friendly caller that there were about a dozen error and warning messages, and his response, "Oh My God, that's really not good" was obviously designed to put the frighteners on a technically incompetent user, which I had led him to believe that I am.

I was given a web address to visit -- fixonclick123 dot com -- and taken through the steps to download a piece of software that would give their "support technician" access to my PC.

I went so far as to download the application but, needless to say, did not run it. That's much further than I would advise anybody else to go, so heed the warning and don't be taken in by these charlatans!

Technorati Tags:Technorati Tags:
Your rating: None Average: 4.3 (4 votes)

Comments

by Jason (not verified) - 21/07/2010 - 6:32pm

Scam

I typed logmein in suspicion but the page and company seemed legit,there should be more warning to people.I had to type logmein scam before i got what i suspected.

by Chris - 04/08/2010 - 5:32pm

Clever choice of name!

Hi Jason, apologies for the late reply... the trouble is these people trade on names they know are likely to be trusted and, as you found, logmein is in itself not a problem -- it's what remote access software ends up getting used for.

Likewise, they say they work "for Windows"... makes no sense to you or me perhaps, but there will be many people for whom this doesn't immediately ring alarm bells.

by Dudley (not verified) - 24/05/2010 - 6:54pm

What do I do now???

Hi,
My wife got called today but she cannot remember the name of the company who called..... she didn't actually pay any money but they went through the same steps more or less and now the desktop looks different and i'm a bit worried they maybe put something on my PC or made a copy of private files.
Is this the sort of thing you can fix and how much would it cost?
I live near Doncaster.
Thanks!

by Chris - 24/05/2010 - 7:21pm

Worth getting help

Hi Dudley

Sorry to hear of your problem -- I do think it's worth getting your PC checked out, but it would make more sense (and I'm assuming this is your home PC, not business) to find a local computer support company who could come and take a look.

On the bright side, having rearranged or different desktop icons isn't necessarily an indication that something is seriously amiss; I've heard of PC technicians actually making changes like this to give the impression that more has taken place than actually has!

However, it is quite possible, I'm afraid to say, that both the scenarios you mention could have taken place. Depending on how long your PC was switched on (and connected to the internet) after the software was installed, files may or may not have been taken, and it is also possible that 'malware' of some sort could have been installed.

The first and most important step, I would say, is to take the machine offline -- you could disconnect it from the internet (just unplug the network cable or USB cable connecting it to your broadband box) but better still just leave it switched off until somebody has had a look at it, as it may be easier to ascertain what has happened if you do not use it in the meantime.

I don't know Doncaster at all so I'm sorry I'm not in a position to recommend anybody, but a Google search for "Doncaster PC support" brings up a feast of choices, some with a drop-off and collect service, others that will visit you at your home.

I'm also not going to suggest how much you're going to have to pay, but it will be worth getting a couple of quotes and asking whether you will be billed by the hour or one-off -- perhaps even on a no-fix, no-fee basis.

Sorry not to have more practical and immediate advice, but I hope this is useful.

Good luck!

by Dudley (not verified) - 24/05/2010 - 7:40pm

I was afraid you would say

I was afraid you would say that!!
Thanks anyway, I'll call somebody in the morning. I have a laptop as well (thats how I'm talking to you now) but just a bit worried about what they might have got their hands on????
By the way my wife says the computer was only on for about half an hour before I got home so hopefully not too much damage.
Thanks for your time
Dud
PS. Why do I have to post my comment twice?!?

by Valk (not verified) - 27/04/2010 - 12:37pm

Fixonclick

Same scenario a day or so ago, although with a pleasant sounding Indian lady calling.
She told me I had a number of errors on my windows computer that indicated that my computer may have been infected with a windows virus.
Interesting, I replied, as I didn't use windows, only Linux? so I didn't know what scam they were running but I wanted no part of it.

Second call of the type in about a month so, take care out there as it is becoming a jungle.

by propellorhead (not verified) - 29/04/2010 - 2:25pm

same!

Same happened to me. I run Linux? but that didn't seem to worry the person who called me, in fact I don't think they even understood that until they'd spent ten minutes trying to tell me how to open the event viewer!
Next time I'll string them along a bit, could be fun ;)

by Chris - 26/04/2010 - 10:54pm

Very busy people!

An afternoon loosely pondering this bizarre call led my curiosity to get the better of me, and after a quick search, I found lots of sites and literally hundreds of posts discussing this and similar scams.

The modust operandi appears to be something along the same lines as my own experience, i.e.:

  1. A call from 'Windows Support', ostensibly an English (or American, Australian, etc. depending on where the phone subscriber is located) lady or gentleman, with an improbably traditional name like 'Tom', 'Steve' or 'Michael' but an accent indicating a more exotic location than the stated 'Bradford' (or wherever) like Bangalore or Calcutta*.
  2. The subscriber is asked whether (s)he has a computer and whether he has experienced 'slow loading of files' or 'decreased performance', and is told that messages have been received indicating that the computer in question is suffering from heavy spyware or virus infestation.
  3. The caller, usually knowing the subscriber's name -- so where did these many thousands of names come from and how did they end up in the hands of these miscreants? -- gives instructions on using Windows' 'run' command to load something like 'evtvwr' (Event Viewer) or 'prefetch'.
  4. The subscriber is asked to read what's on the screen and, inevitably, it's bad news that needs immediate fixing.
  5. The caller directs the subscriber to a website to download a piece of software for remote support. This could be gotomypc or similar, and is actually a genuine, secure and trustworthy piece of software in the right hands, but...
  6. ... the subscriber is given a number to type in which, when the downloaded software is run, gives the mystery caller direct access to the computer, with full and explicit permission of the owner.
  7. What happens next is anybody's guess. With full access to files, programs and every piece of data on your computer, it may be identity theft or spyware installation that is going on, for all you'd know.
  8. A charge, either one-off or covering n-years support, is made, upwards of US$100 and reaching nearer GB£300 in some cases.

This is really quite a threat to innocent, non-technical, users of the internet. Though most are now net-savvy enough to understand the risks of downloads, and in any case will usually have anti-virus software, firewall and so on protecting from these more obvious problems, but when somebody uses social engineering to get you to give them unfettered access to your computer, you sidestep your own security and leave yourself at their mercy.

This information needs to be spread far and quickly. I've already learned of two individuals I know personally having been on the receiving end of the same scam, so for every geek that encounters what is obviously suspect, how many everyday users are being taken in?

Please tweet, repost this information or tell your own story here or on your blog site or Facebook.

*The company to whom the domain name is registered is called Directi Internet Solutions PVT and is located in India. It is associated with several other online scams and has traded under many other names, including Belator LLC.

by Anonymous (not verified) - 02/06/2010 - 9:57am

they just did it to me!

i just had this call, & they had our account name and everything!. They're now using a website called Logmein123.com as if that isn't suspicious enough, I asked for the technician's name & where he was calling from & he just froze, obviously that does not happen if they are legit!

by Tony (not verified) - 28/07/2010 - 3:23pm

Me too

Sydney Aus here, I have had about 10 phone calls from these people over the last month or so. The last one I just hung up on when they started.

First they told me that my ISP gave them my details, (which I doubted) but I let then go on a little bit before hanging up. I immediately contacted my ISP who said they didn't give out my details and that most ISPs know about this current scam. I suggest they might want to send out a email to their clients but nothing has happened.

The next time it happened I could hear someone in the background telling someone it would cost about 29.95 I assume US to download their software to get rid of the virus.

But the most fun I had was when they called me - started their speel. I waited then said:-

'I am sorry but this is the tenth call I had from your company. I have informed my Telephone company and the police. They stated they would be tracing the phone calls and contact the local police to take action...Expect a visit from your local police.'

all of a sudden they hung up - what a shame.

Yes they were Indian (the field I work in you develop an ear for the accents if you know what I mean).

by Chris - 04/08/2010 - 5:36pm

Have you had calls since?

I have to confess -- having been very patient for the first three calls -- to being a little... erm... abrupt the fourth time, expecting that they'd write me off their list and not hassle me again, but sure enough a week or so later there was a similar voice, with a similar story.

Good idea getting in touch with your ISP... all very well them being aware of the scam, but a whole lot better if they could help your average user stay informed.

Sorry for the late reply by the way, I've been on holiday and left this off my 'things to do while away' list!

by Chris - 10/06/2010 - 1:08pm

They're normally more 'prepared'

I had another, very similar call a few days ago, and this time managed to record the conversation... I'll get it transcripted and posted onto YouTube -- I did ask where the guy was calling from: "Are you in India?" to which came the reply, "no sir, I am in South-East Asia." "Not India then?" "No sir, South-East Asia".

After wasting ten minutes of the caller's time, I was put onto his 'senior supervisor', whose name was "Mark". The original caller had been called "Matt". It's as likely that they were Matt and Mark as Laurel and Hardy!

by admin - 26/04/2010 - 6:03pm

Not the only one!

Looks like these jokers have been spotted at work more than once -- interesting article here: http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam