criticalsystemerrors.info scam

Call from a customer today on an Apple mac who had a screen claiming to be from Microsoft Security Essentials saying that their computer was infected.

Looks like an advert on putlocker (a TV and film streaming site) brought up this junk.

http://criticalsystemerrors.info/crt/uk_seg2603/micr_essen1_5480/index.html
The domain is registered via a privacy protection service and the site is hosted at OVH in France.
The domain does seem to be associated with bhupendra.kalambe@googlemail.com
This e-mail address is also associated with a few domains:

mamotechnolabs.com – A web development company in India. [Whois]

dotphi.com – A web development company in India. [Whois]

http://www.preranatechnologies.net/ – An outsourcing support and web design company in, you guessed it, India! I will follow this thread on further down in “Additional 2” section.

criticalsystemerrors scamIt won’t let you close the web page and if you force quit Safari, Safari helpfully remembers the site you were on and loads it again on next launch.

It requests you call “0-800-088-5480” aka. 08000885480 or +448000885480.

I solved it by force quitting Safari and loading it and constantly pressing Escape to try and prevent the junk page from loading.

When called they want you to load teamviewer.
The remote control software seemed to use the IP 202.63.103.20 “s-20-103-63-202.southernonline.net” in Hyderabad, India

One other page referenced was fixmypc.help where they tried to take payment.
This site lists “1-866-921-7786” as their phone number (18669217786 / (866)9217786) and their postal address as:

2950 W Cypress Creek Rd,
Fort Lauderdale, FL 33309

Additional 2 Section:

A domain I came across earlier, preranatechnologies.net, seems to also link to “thekonqueror@gmail.com” which leads to even more dodgy establishments and support companies…

http://www.coderedtechsupport.com/contacts.html – A dodgy looking support company website listing their details as:

1200 Route 22 East
suite 2000
Bridgewater
NEW JERSEY
08807
United States of America
P: 1-888-241-5244

http://ihelpteq.com/ – A dodgy looking support company website listing their details as:

1-800-287-3613

10685-B Hazelhurst Dr. # 14975
Houston, TX 77043 USA

Update 27th June 2015:

I called these people today to see what would happen.

A domain, 121techhelp.com, cropped up that I’ve seen before too! These people probably also run the Yahoo support scam and are posting on the Yahoo forums to gain victims.

121techhelp.com
Registrant Name: Kamal K
Registrant State/Province: Delhi
Registrant Postal Code: 110034
Registrant Country: India
Registrant Phone: +91.9213987675
Registrant Email: globalcubes123@yahoo.com
Other references (IP) to gautam.bsw@gmail.com which I’ve also seen in that Yahoo scam!

If they call you back their caller ID is 02088982898 (aka. 020 8898 2898 or 0208 898 2898).

They give their phone number to call, after paying, as 02921680065 (aka. 029 2168 0065 or 0292 168 0065).

They create an icon on your computer called Global Cubes (www.globalcubes.com)

Domain registered by a privacy service but it does leak:
gautam@chariotinfotech.co.in

They also used the domain quickpcsol.com

Registrant Name: DEEPAK VERMA
Registrant Street: Plot No. 30, vardhman market plaza
Registrant State/Province: Delhi
Registrant Postal Code: 110034
Registrant Country: India
Registrant Phone: +91.9999634063
Registrant Email: deepak_accostings@hotmail.com
This domain has relations with gautam@chariotinfotech.co.in too.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

13 Responses to criticalsystemerrors.info scam

  1. Sian says:

    Hi. I just googled this and found your blog. I just had the same message. I guess I am safe just to delete the webpage and forget about it?

  2. Absolutely.. Close the page / end task on the browser and then continue as normal but try to avoid whatever website popped up that message as they are clearly not vetting their advertisers enough or got hacked.

  3. Sian says:

    Thanks….this was slightly convincing. I should of known better :) Great blog btw. Very helpful. I am always googling to check if things are scams, and finding this was very reassuring :)

  4. hannah says:

    Hi. This happened to me today. Ive tried force quitting and escape. Restarted… nothing it making it go away. I don’t know what else to do :(

  5. hannah says:

    P.s mine is on a mac

  6. All I can find is someone on the internet saying you type this into “Terminal”…
    defaults write com.apple.Safari NSQuitAlwaysKeepsWindows -bool false

  7. kereagh says:

    I called the number and I was on the phone for 30 mins but i never gave them my any details when they asked for me to buy the software. will I have been hacked they gave me a authentication password so they could go on my screen but nothing more, i have uninstalled hte software since, should I be worried? will they have reeped up a big p[hone bill costs? I have since downloaded virus software?

  8. As long as you have removed TeamViewer or whatever remote software they used you should be ok. None of these scams that I have seen so far have stolen details from the victims computer, they simply try to trick the user into paying for software or services they don’t need. I recommend downloading and installing Avast Free antivirus from the official avast website (don’t click an advert at the top of google! often adverts for unofficial sites which give you crap too).

  9. Stella Callow says:

    Same thing has come up on my laptop an lenova. What
    can I do to get rid of it?

  10. You can probably simply just start –> shutdown and turn off the computer.
    Or hold down the power button for about 20 seconds and then turn the laptop back on.
    When you go back into the internet make sure you DON’T click any option to “restore last browsing session” as this will just bring the fake advert back up again.

  11. Pingback: Fake Yahoo! Mail Support on their own forums! | thecomputerperson

  12. depicus says:

    March 2016 and they are still trying the scam with the same 0800 number !!!!

  13. Pingback: Musing of me - Depicus

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s