Tech support scammer tries to sell free software

AmericaGeeks is your typical tech support scam company, but with an extra warming glow of attitude, greed, and complete all-around rudeness. Most scams will gladly take your money by buttering up the victim while simultaneously scaring them into thinking that they are in a dangerous situation with their computer or device. They then swoop in to heroically “help” them.

AmericaGeeks instead jumps straight to the point of rude behavior and scare tactics to scam their victims. They do an amazing job of dehumanizing and belittling the user, all while scamming them out of their money. This trait was what made AmericaGeeks shine through the rest.

AmericaGeeks Tech Support has a campaign sending out browser lockers, like the one above. They are posing as Microsoft, sending out warnings to users stating that their computer is infected and they need to contact them immediately. I called them at 877-658-9988, this was the number that was listed on the pop-up. I used a computer that was clean of any infections and allowed them access.

Below is the connect screen they used.

Obviously uncomfortable not knowing which of his company’s pop-ups resulted in the call, the tech wandered about for 10 to 15 minutes, at one point trying to log in to my router using default credentials.

The tech then ran a diagnostic and told me the computer was infected and that I had no security. What is interesting is the tool, ToolWiz, seems to be a rather legit application that is like Ccleaner, and is completely free for anyone to use. This scam is using ToolWiz to mislead users with its results, which are below:

According to the tech, I had 196 infections on my system, but he would fix them for free with the purchase of antivirus software. He suggested that I purchase either Webroot or Norton. As you can see below, he wanted to overcharge me for the cost of the software to make money. It is also important to note that I did not have “196 infections.” The tool simply found 196 Temporary Files, Registry Keys, and other benign objects to remove. When I confronted him about the price, he was flustered and made up some excuse that I was paying a higher price because I was getting antivirus, anti-malware, anti-Trojan, and anti-spyware, and they were all separate (which they are not).

 

Buyer beware: educate yourself, ask a friend, and never call any number that pops up on your screen claiming that your system is infected. Below are all the indicators we could find associated with this particular scam.

Primary indicators

  • geekshelp1.me
  • geekstechllc.us
  • geekstechnicalsupport.com
  • geekstechnicalsupport.co
  • geekstechllc.com

Using the same phone number

  • 162.144.3.137/pls_multifunction.php
  • pc-geeks.us/computer-support

*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by William Tsing. Read the original post at: https://blog.malwarebytes.com/cybercrime/2017/12/tech-support-scammer-tries-to-get-into-your-router-sell-free-software/