I’m going to have to, at the moment, refer to these people as sigma12.
The only non-generic information on the advert is the Amazon AWS bucket “sigma12”.
Update: So far the best link I can find is techbuzz.us ! See the link further down in the article to do with domain registrants. Also related is 4pc4.com.
Update April 2016: Even better link and a site that publishes the same telephone number is smaarthub.co.uk
Kishore Kumar Valecha
When I try to call the number at the moment I’m greeted with a recording saying that nobody can take my call and it then hangs up on me. This means I’m unable to research them further at the moment.
**You should give this message an immediate follow up**
Warning : British Telecommunications Plc Customer – Your system has critical securityvulnerabilities. Call 0-800-520-2022 now for IMMEDIATE assistance.
WARNING: Your system has critical security vulnerabilities.
Attention British Telecommunications Plc customer: Your personal emails, bank and other personal passwords, as well as credit card information are at risk! Multiple high risk infections detected, call Windows Certified Tech Support right away: 0-800-520-2022 (Toll-FREE, High priority Call Line)
The message orders the victim to call 0-800-520-2022 (aka. 08005202022, +448005202022, 00448005202022 or 0800 520 2022).
One thing that is given away is a Google Analytics publisher code (“UA-47488025”) which is also associated with:
- An Amazon AWS “bucket” named polio92 which has previously been asking victims to call a USA number of 1-800-990-183 (aka. 800990183, 0011800990183 or 1800990183).
- An Amazon AWS “bucket” named aust-02 running another “you have a virus” scam page.
- A Linode hosted page on 22.214.171.124 under the url “Server-Alert-Important-Update/uk01” with a fake “you have a virus” blue screen warning. The wording of which is below (sadly, missing the phone number victims were asked to call).
BSOD : DllRegisterServer failed with the error code 0x80040201
Windows Defender Error Code: Ox80073afc
0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS Error Code 0x800705b4 when Starting Windows Defender
Window’s Defender Time Out Error code 0x800705b4.
Error code 0x800705b4 when trying to open windows defender
WINDOWS HEALTH IS CRITICAL -Please Visit Your Nearest Windows Serv[truncated]. OR Contact Help Desk:
Windows Detected Potential Threat On Your Computer.
Windows Security Essential wasn’t able to block virus. Windows detected potential threats that might compromise your privacy or damage your computer.
Error Code: 0x8024402c, windows couldn’t install the definition updates.
More Information & Support Please Contact Now;
- claimyourcoupon.in – A page which has now gone and just forwards visitors to Google. Registered using the following details:
Registrant Name:Mike Smith
Registrant Street1:1609 Lundpura
Registrant Street2:Choot Nagar Near Pissu Marg
Registrant Postal Code:576104
- alertwindows.com – A previous scam warning page. Now just a holding page. Domain registered via a privacy service.
- freerecharge99.com – A website that seems to claim you get a free mobile phone top-up (recharge). The domain is registered with the following details:
Registrant Name: hitesh katara
Registrant Street: camp
Registrant City: malegaon
Registrant State/Province: Maharashtra
Registrant Postal Code: 423105
Registrant Country: IN
Registrant Phone: +91.8237643629
Registrant Email: email@example.com
- 1-844854-5518.com – A still active fake virus warning page / website asking victims to call 1-844-854-5518 (aka. 18448545518, 001-844-854-5518, 0018448545518, 844-854-5518 or 8448545518). The domain is registered using the information below:
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 226016
Registrant Country: IN
Registrant Phone: +91.8588832625
Registrant Email: firstname.lastname@example.org
- giftcardz.in – A page that seems to have been associated with some WhatsApp spam in the past sending text similar to “WhatsApp and Amazon are together giving out $100 Amazon Gift Certificate to first 18,000 lucky people . Visit ?? -> http://www.giftcardz.in <- ?? to redeem your voucher. Hurry up!”. These pages then just seem to push the victim to install Apps on their phones, possibly paytm and snapdeal. to drive visitors to their site. The domain is registered using the information below:
Registrant Street1:Parathe wali gali
Registrant City:New delhi
Registrant Postal Code:110006
The email@example.com email address is the best lead so far. It seems to be associated with a lot of domains like “errorfound.biz” and other very scammy looking domains. I will return to this later in the article.
- GiftFlipK.com – Another domain associated with the gift card app installation scam and the same Google Analytics publisher code.
firstname.lastname@example.org is also associated with:
- superrewards.in – now no longer responding
- spin.asia – now no longer responding
- scantoday.biz – now expired
- errorfound.biz – now expired
- importantscan.biz – now expired
- onlinescanner.biz – now expired
- scanforerror.biz – now expired
- scanresult.biz – now expired
- computersecuritycheck.biz – now expired
- outhost.biz – now expired
- essentialscan.biz – now expired
- securityscan.biz – now expired
- winscan.biz – now expired
- amazon-cadeau.net – still registered but DNS is set, by registrar, as suspended domain.
- whatsappgiftcard.com – active but no longer hosting a website
- whatsappcallinginvite.com – active but no longer hosting a website
- techbuzz.us – The closest link I can find so far to a tech support company. These people list their contact details as:
1 LETCHER RD
OAKLANDS PARK SA 5046, AUSTRALIA
+61 08-7100-1499 (aka. (08)-7100-1499, 0871001499, 610871001499, 00610871001499)
- 4pc4.com – Seems to be a tech support remote access tool page that had been associated with the above domains via the DNS records on 2014-03