sigma12 0800 520 2022 tech support scammers

I’m going to have to, at the moment, refer to these people as sigma12.
The only non-generic information on the advert is the Amazon AWS bucket “sigma12”.

Update: So far the best link I can find is ! See the link further down in the article to do with domain registrants. Also related is

Update April 2016: Even better link and a site that publishes the same telephone number is

Kishore Kumar Valecha
Paschim Vihar
New Delhi

When I try to call the number at the moment I’m greeted with a recording saying that nobody can take my call and it then hangs up on me. This means I’m unable to research them further at the moment.

0800 520 2022 scam tech support amazonaws sigma12.png

**You should give this message an immediate follow up**

Warning : British Telecommunications Plc Customer – Your system has critical securityvulnerabilities. Call 0-800-520-2022 now for IMMEDIATE assistance.


WARNING: Your system has critical security vulnerabilities.
Attention British Telecommunications Plc customer: Your personal emails, bank and other personal passwords, as well as credit card information are at risk! Multiple high risk infections detected, call Windows Certified Tech Support right away: 0-800-520-2022 (Toll-FREE, High priority Call Line)

The message orders the victim to call 0-800-520-2022 (aka. 08005202022, +448005202022, 00448005202022 or 0800 520 2022).

One thing that is given away is a Google Analytics publisher code (“UA-47488025”) which is also associated with:

  • An Amazon AWS “bucket” named polio92 which has previously been asking victims to call a USA number of 1-800-990-183 (aka. 800990183, 0011800990183 or 1800990183).
  • An Amazon AWS “bucket” named aust-02 running another “you have a virus” scam page.
  • A Linode hosted page on under the url “Server-Alert-Important-Update/uk01” with a fake “you have a virus” blue screen warning. The wording of which is below (sadly, missing the phone number victims were asked to call).

BSOD : DllRegisterServer failed with the error code 0x80040201

Windows Defender Error Code: Ox80073afc
0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS Error Code 0x800705b4 when Starting Windows Defender
Window’s Defender Time Out Error code 0x800705b4.
Error code 0x800705b4 when trying to open windows defender

WINDOWS HEALTH IS CRITICAL -Please Visit Your Nearest Windows Serv[truncated]. OR Contact Help Desk:

Windows Detected Potential Threat On Your Computer.

Windows Security Essential wasn’t able to block virus. Windows detected potential threats that might compromise your privacy or damage your computer.

Error Code: 0x8024402c, windows couldn’t install the definition updates.

More Information & Support Please Contact Now;

  • – A page which has now gone and just forwards visitors to Google. Registered using the following details:

Registrant Name:Mike Smith
Registrant Street1:1609 Lundpura
Registrant Street2:Choot Nagar Near Pissu Marg
Registrant City:Pissuda
Registrant State/Province:Karnataka
Registrant Postal Code:576104
Registrant Country:IN
Registrant Phone:+91.9819003331

  • – A previous scam warning page. Now just a holding page. Domain registered via a privacy service.
  • – A website that seems to claim you get a free mobile phone top-up (recharge). The domain is registered with the following details:

Registrant Name: hitesh katara
Registrant Street: camp
Registrant City: malegaon
Registrant State/Province: Maharashtra
Registrant Postal Code: 423105
Registrant Country: IN
Registrant Phone: +91.8237643629
Registrant Email:

  • – A still active fake virus warning page / website asking victims to call 1-844-854-5518 (aka. 18448545518, 001-844-854-5518, 0018448545518, 844-854-5518 or 8448545518). The domain is registered using the information below:

Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 226016
Registrant Country: IN
Registrant Phone: +91.8588832625
Registrant Email:

  • – A page that seems to have been associated with some WhatsApp spam in the past sending text similar to “WhatsApp and Amazon are together giving out $100 Amazon Gift Certificate to first 18,000 lucky people . Visit ?? -> <- ?? to redeem your voucher. Hurry up!”. These pages then just seem to push the victim to install Apps on their phones, possibly paytm and snapdeal. to drive visitors to their site. The domain is registered using the information below:

Registrant ID:WIQ_34500270
Registrant Name:Loda
Registrant Street1:Parathe wali gali
Registrant City:New delhi
Registrant State/Province:Other
Registrant Postal Code:110006
Registrant Country:IN
Registrant Phone:+91.9811392281

The email address is the best lead so far. It seems to be associated with a lot of domains like “” and other very scammy looking domains. I will return to this later in the article.

  • – Another domain associated with the gift card app installation scam and the same Google Analytics publisher code. is also associated with:

  • – now no longer responding
  • – now no longer responding
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – now expired
  • – still registered but DNS is set, by registrar, as suspended domain.
  • – active but no longer hosting a website
  • – active but no longer hosting a website
  • – The closest link I can find so far to a tech support company. These people list their contact details as:

+61 08-7100-1499 (aka. (08)-7100-1499, 0871001499, 610871001499, 00610871001499)

  • – Seems to be a tech support remote access tool page that had been associated with the above domains via the DNS records on 2014-03
This entry was posted in Uncategorized. Bookmark the permalink.

1 Response to sigma12 0800 520 2022 tech support scammers

  1. Steve says:

    I have been getting calls lately that show up from a Maryland number for an obvious tech support scam so I decided to play along and waste his time. The caller had me open event viewer to look at all the errors “Microsoft” had been receiving from my computer. They then directed me to go to which like you said is a remote access tool page. Anyway, I can definitely confirm they are still trying tech support scams.

Comment on this topic

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s