This scam is being answered by TourTech (tourtechinc.com) and payments are being processed via FirstData (a payment processor).
Another month another malvertising scam claiming that victim’s computers have the Zeus virus.
The message displayed reads:
Security Error Code 0x80070424
****Please Do Not Restart Your Computer ****
Microsoft Windows Detected ZEUS Virus and these Infections indicate that some Un-Authorised File Tampering has taken place on the computer which must be Diagnosed and Rectified to prevent loss of Personal Data.
Call Microsoft Technical support on 0800-090-3906 and share the Error Ticket: WBCKL457 with Support Agent to get it Diagnosed Free of Charge
PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT WOULD LEAD TO DATA LOSS AND OPERATING SYSTEM CRASH
CONTACT MICROSOFT TECHNICAL SUPPORT IMMEDIATELY TO RESOLVE THE ISSUE ON TOLL FREE – 0800-090-3906
for Technical Assistance
Terms and Conditions
All rights reserved.
Victims are asked to call the UK freephone number 0800-090-3906 (aka. 08000903906 / “0800 090 3906” / +448000903906).
The URL involved when I came across it was:
The domain is registered to:
Registrant Name: JANET FREEMAN
Registrant Street: Mysugar Building, Opposite Ravindra Kalakshetra, J C Road, J C Road
Registrant City: Bengaluru
Registrant State/Province: Karnataka
Registrant Postal Code: 560002
Registrant Country: IN
Registrant Phone: +91.8041325277
Registrant Email: email@example.com
The code on the page has code that relates to a scam run from
And also “www.gth-techies.com” which is another Apple based scam message giving a different telephone number:
This scam page claims..
YOUR Apple COMPUTER HAS BEEN LOCKED*
Your Computer is infected with an adware or malware causing you to see this popup.
This may happen due to obsolete virus protections.
To fix, please call Apple Support at 0808-143-3728 immediately. Please ensure you do not restart your computer to prevent data loss.
Possibility of Data & Identity theft, if not fixed immediately.
YOUR Apple COMPUTER HAS BEEN BLOCKED*
YOUR Apple COMPUTER HAS BEEN LOCKED !!
System has been infected due to unexpected error!
Please Contact Apple 0808-143-3728 Immediately!
to unblock your computer.
\Suspicious Activity Detected. Your Browser might have been hijacked or hacked.
Private and Financial Data is at RISK:
. Your credit card details and banking information
. Your e-mail passwords and other account passwords
. Your Facebook, Skype, AIM, ICQ and other chat logs
. Your private & family photos and other sensitive files
. Your webcam could be accessed remotely by stalkers
IMMEDIATELY CALL Apple SUPPORT AT 0808-143-3728
MORE ABOUT THIS INFECTION:
Seeing these pop-up’s means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk.
It’s strongly advised that you call the number above and get your computer inspected before you continue using your internet, especially for Shopping or Banking.
Call immediately for assistance.
Contact Apple Support At (0808-143-3728 )
Victims for this scam are asked to call 0808-143-3728 (aka. 08081433728 / +448081433728 / “0808 143 3728”).
This domain is registered to another rediffmail user:
Registrant Name: Jermine Atkinson
Registrant Street: Plot No. 11, Shivashri, Burudgaon Road, Near Hotel Vaibhav, Maliwada
Registrant City: Ahmednagar
Registrant State/Province: Maharashtra
Registrant Postal Code: 414001
Registrant Country: IN
Registrant Phone: +91.2412322268
Registrant Email: firstname.lastname@example.org
Another domain associated with the same scam or web developers is:pfrecloudcompuroorwkjowj4323032fjiasfetafwfad.psp-voism.com/pfrecloudcompuroorwkjowj4323032fjiasfetaf
Which is also registered at another rediffmail address:
Registrant Name: Teoric Parker
Registrant Street: WZ-54 Naraina Village, Naraina
Registrant City: NEW DELHI
Registrant State/Province: Delhi
Registrant Postal Code: 110028
Registrant Country: IN
Registrant Phone: +91.8285040300
Registrant Email: email@example.com
The IP the original domain points to (22.214.171.124), hosted at GoDaddy, is also associated with the following scammy domains:
As a side note I believe that these scammers use and buy very controlled advertising runs. For example I think this company is only buying adverts Monday to Friday and probably only during their office hours or quiet hours (if they have a legitimate business running out of the same support center).