This evening while trying to investigate a website that was referring traffic to my blog I came across another fake virus warning page asking people to call… “0800 058 8296” aka +448000588296 or 08000588296.
The page was hosted at https://storage.googleapis.com/highriskalertforsecurityandsafteyofsystembreach/windows/error-windows-porn-virus-uk-error.html
Browser Blocked for Security Reasons.
Microsoft has detected that a porn virus has infected your system and trying to steal pictures, data and social networking passwords. This is a serious hacking issue. Rectify it immediately. ERROR CODE: SMEERR09007QD1 Tell this error code to the customer service.
This may happen due to obsolete network protections.
To fix, please call Windows© Support at 0800 058 8296 (Toll Free) immediately.
Consequently we are performing additional security checks to verify the source of the attack and have halted all your system resources in order to prevent any additional damage to your system and information
Please ensure you do not restart your computer to prevent data loss. This is a This is a System Generated waming.Do not Ignore,it will cause Permanent Damage to the System
There are problems on your computer that have not been reported to Microsoft. Some of these problems might have solutions available.
Set up backup Your files are not being backed up.
Immediate Support Required: 0800 058 8296
The web page content seems to have been used in a previous scam hosted on caution-network-error.net/iMac/iMac.htm (now down but the domain is still active and registered with the same company and privacy service as a company below).
I called them. The usual lies of “you don’t have a virus but you have a 3rd party attack” and showing me eventvwr and claiming I had 187 bad things.
The logmein they used was under the company name “Triumph Solution”.
I expect this is the same company as triumphsolution.com who are an indian web and software development company.
The number that the lady on the phone told me to call back on was “0-800-014-8983” or more commonly formatted as “0800 014 8983” in the UK or 08000148983 / +448000148983
Domain ID: 1931356295_DOMAIN_COM-VRSN
Updated Date: 2015-07-22T02:26:04Z
Creation Date: 2015-05-22T10:04:31Z
Registrar Registration Expiration Date: 2016-05-22T10:04:31Z
Registrar: BigRock Solutions Ltd
Registrant Name: triumphsolution
Registrant Street: chinchwad pune
Registrant City: pune
Registrant State/Province: Other
Registrant Postal Code: 411033
Registrant Country: IN
Registrant Phone: +91.7588811414
Registrant Email: firstname.lastname@example.org
Name Server: ns1.cp-2.webhostbox.net
Name Server: ns2.cp-2.webhostbox.net
When it got to the payment stage for the security “fix” that “was the only way to resolve my problem” and I couldn’t “just buy another computer” to get rid of the scam message the following website was used:
Which seems to be a company “Apical Online” or “Live Technologies Inc” who do support services.
This domain is protected by a whois privacy service.
The order confirmation email came from
This email address seems to be associated with “Himanshu Bhandari” who is alumani of Veda Vyasa D.A.V Public School.
The gmail address was also associated with a now-expired domain: supportmexx.com also registered via the same domain and whois privacy company as apicalonline.com
supportmexx.com is listed by the BBB in the USA as “Instant Support Help LLC” of “19C Trolley Square, Wilmington, DE 19806” and has two complaints against them. One of which describes a call that was very similar to my experience. The phone number the BBB have on record is (877) 865-9340.
Another domain associated with the gmail address is icustomerservice.net, also expired, which at one point was spamming the internet claiming that they did Verizon, AT&T and Comcast support services.
Other domains associated with the gmail address are
-instantsupporthelp.com *The name listed above in the BBB records.
All of which have since expired.