The “push come to shove” on this scam happened two days ago, but it really started one week earlier.
On the 25th of September, I received a friend request on Facebook from a woman I know. Because I hadn’t heard from her is so long, I did not realize she was ALREADY in my friend list. So, thinking nothing of it, I accepted the request. About an hour later, the woman whose Facebook account had been hacked messaged that it was indeed a scam and not to approve the request; alas, too late for me. Facebook had removed the account, but a PUP had been downloaded to my computer.
What is a PUP? The definition:
A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.
What this PUP did was cause a survey to pop up when I accessed my Etsy account on-line the next time I used my computer after the Facebook scam, but I never identified one with the other; why would I? The survey clearly stated it was being run by and for Etsy. I don’t sell on Etsy anymore, but I occasionally need something I can only find there. However, I haven’t been there for maybe a year, so it was plausible in my mind that Etsy would do this. After I filled out the survey, I was offered a free gift for the cost of shipping only. I said to myself, sure! Fuck. Now the scammers have my credit card number…or maybe not. I might have used PayPal. Can’t remember.
On the 2nd of October my laptop suddenly displayed the Blue Screen of Death, a term which is so prevalent in use that it has its own acronym, BSOD. I have never had or seen a BSOD. It was a blue screen, so it must be a BSOD. The one I got looked like this and it looked real to me (people who really know say it’s the wrong color blue and the wrong font…this is way beyond my pay grade!):
There is a phone number provided for technical support assistance, which directly follows a Microsoft website URL. Who do you think that phone number will get you? Microsoft?
I rebooted and the BSOD appeared again…and again…and again…and again. I could not access the internet, I could not enter Safe Mode, I could not do anything. I tried various ways to get at least a little information before I became tired and frustrated. That phone number was looking pretty good. So I called.
In hind sight, I realize that the person who answered the phone did not offer the name of the company, he just said his name…garbled very badly by his heavily East Indian accent. But aren’t we all used to dealing with indecipherable language barriers of customer service centers since they starting outsourcing to the Far East? I thought nothing of it and tried to understand what he was saying. This took all my concentration, and that aggravation made me agree to things I wouldn’t do in a calm, rational state of mind, because of course the first thing I understand is that he needs remote access to see what is wrong.
I have worked with Microsoft in the past, as well as Dell, and they have both used software to take remote control of my computer to fix stuff. So I know this is a real, if not normal, technique and, yes, he gets remote access to my computer. After researching this type of scam, I realize now how easy it is for scammers to run scripts on your remotely controlled computer that display things that aren’t real, like my computer is infected with the Koobface worm. And about six foreign IPs are accessing my computer RIGHT NOW! Aggravation turns into FREAKING OUT.
Now, the guy at the number I called says his company can’t fix the problem because it’s in my NETWORK, not my internet network, but my computer network, about which I know nothing. He tells me I need a special virus removal company to do it and he can get someone on the line right away. Which he does.
The new guy calls me and assures me he’s going to fix everything…all my data is safe…for $399.99…and that it would cost about $500 to have a local company do it. In the meantime, the first guy has not relinquished remote control and the second guy just steps in and screens start flying. The second guy calls me on the phone again and tells me everything is fixed, then hands me over to his manager to arrange payment.
Now I’m calmed down and the weirdness of this whole situation is starting to dawn on me. The manager, who still has remote control of my computer, writes these elaborate instructions for payment and saves it as a .txt file:
Geek Base LLC
3524 SILVERSIDE ROAD SUITE 35B
TOLL FREE NUMBER : 1-800-929-7218
Billing No:- 302-319-4872
Email : firstname.lastname@example.org
Amount : $399.99
1. Write the check under the name of GEEKBASE LLC
2. Put the check in a regular envelop
3. Paste the printed label on the envelop and write the fedex account number i.e. 216019890 on the envelop
4. Hand over the envelop to the fedex guy.
He even uses my computer to go to FedEx and schedule the pickup.
When I finally have control of my computer again, I am more than a little suspicious. I immediately start researching “Geek Base” and see they have a BBB rating of “F” and are cited in many on-line scams. I research BSOD scams and I start feeling very sick. The scammers now have all my personal and financial data, have probably left another PUP to pop up another BSOD so I come back to them again under the “warranty,” and I am so fucked.
I had immediately re-started my anti-virus program (despite their assurances that I wouldn’t need it because I was now being routed through their SECURE NETWORK) and see that it quarantined FOUR items right before the fake BSOD; two PUPs and two Trojan Downloaders. I immediately start in-depth scans using my anti-virus provider (ESET), Malwarebytes and SUPERantispy software. A total of 1,671 “threats” were found…and eliminated. I then ran IObit Uninstaller and uninstalled anything I didn’t recognize. I set my personal network firewall in ESET to “interactive” so that I have to approve and set up a rule for EVERY outgoing and incoming communication. Then I went from site to site revising ALL my passwords and added a master password.
Then I called the billing number and informed the man who answered that I wasn’t going to pay them anything for the scam. He was really nonchalant, saying that was fine, he had 4,000,000 customers who knew he was legit, and he would cancel the pickup. He tried to guilt me by saying a scammer would have gotten the money up front, would I have paid Microsoft that much to fix the problem, etc. Asshole.
I didn’t get to bed until 2 a.m., where I spent the night worrying about this major SNAFU.
Today I looked at my credit card statement and saw the charge for the “free” gift. I called my USAA’s credit card fraud department and told the story in agonizing detail. She assured me that this happens to smarter people. She reverted the charge from the fake survey (although I did, in fact, actually receive the “gift”) because that part of the scam is to charge the card each month for a “subscription” they will say I agreed to, and the card was cancelled.
So now I know:
- Etsy does not use on-line surveys, all their surveys are emailed.
- Nothing is ever free on-line.
- Real blue screens of death do not contain telephone numbers.
- Scammers KNOW that we KNOW that scammers always get their money up front, so now they get their money afterward, and when they don’t get it, they’re not concerned because they know enough people will send in those fucking checks in good faith.
- Scammers use FedEx to get your check because mailing it in the USPS is mail fraud.
- They used every terror tactic in the book on me (read this blog for more).
Make sure this DOES NOT HAPPEN to you!
I need a drink. Maybe two. Hell, make that three! Because I know this is not over yet. I will be watching and worrying for months to come.