Menu
Reply
Highlighted
  • 6
  • 0
  • 0
mrpras
Tuning in
569 Views
Message 1 of 13
Flag for a moderator

Teamviewer scam phonecall

Hey just wanted to report a scam attempt. They called my Dad, asked him to connect a PC - luckily I was there so we used one of mine - I'm a computer techie so saw through it fairly quickly.

They asked to run perfmon (nothing to do with internet, but makes you think they're clever and technical). Then they ask you to teamviewer - which Virgin never do apparently.

Then they asked me to open a CMD prompt and did a directory view (Again, to look technical) and at the end, it comes up with a fake message saying my Router needs an "upgrad".

Now we sussed them and started quizzing them and asking why they are doing this. In the end we told him to send an engineer if they want to sort out our problem.

Then an hour or two later I noticed a car sitting with two Indians in it - outside my house (street was empty) with the car lights on, both on their phones. Seemed suss to me so I unplugged the Router and watched through the Window as they tried to reconnect.

I then reconnect the router, changed the admin password and it seemed like the router reset and "updated" several times. This made me think maybe it's people working as Engineers at virgin who are running this scam. We live fairly close to a Virgin hub (we're in Newcastle), of course it might be total coincidence but was very odd and I watched them try to reconnect to a WiFi after I disconnected etc (I have good vision)..

I took the Number plate of the car, if Virgin want any details I can send them through - including the +1 (US) phone number they called from.

Lucky I was there, my dad had no idea it was a scam until later on. I can't imagine how many people wouldn't know the signs - so I hope this helps some people to avoid problems. I should have used the teamviewer connection to format their hard drive lol


IMG_01071.jpg

0 Kudos

Helpful Answers
  • 3.49K
  • 199
  • 974
Sololobo
Wise owl
993 Views
Message 4 of 13
Flag for a moderator
Helpful Answer

Re: Teamviewer scam phonecall


mrpras wrote:

True enough, I thought maybe VM would want to chase this as it's their customers being shizzled. The appearance of the car outside with the two guys trying to log into our router shows that it is probably connected to VM employees. I suppose it's maybe better to report it to the police.


You could try reporting the attempted fraud here: http://www.actionfraud.police.uk/




It's What I Do.
I Drink and I
Remember Things.

All Replies
  • 1.69K
  • 63
  • 268
shanematthews
Knows their stuff
529 Views
Message 2 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

Sadly it won't make any difference, the vast majority of customers never see this forum, there isn't anything VM can actually do about this either, won't take long for this to end up buried in the forum either so even less people will see it, yes it sucks but the only way to prevent it is to educate people, and that takes a long time and a lot of effort

  • 6
  • 0
  • 0
mrpras
Tuning in
526 Views
Message 3 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

True enough, I thought maybe VM would want to chase this as it's their customers being shizzled. The appearance of the car outside with the two guys trying to log into our router shows that it is probably connected to VM employees. I suppose it's maybe better to report it to the police.

0 Kudos
  • 3.49K
  • 199
  • 974
Sololobo
Wise owl
994 Views
Message 4 of 13
Flag for a moderator
Helpful Answer

Re: Teamviewer scam phonecall


mrpras wrote:

True enough, I thought maybe VM would want to chase this as it's their customers being shizzled. The appearance of the car outside with the two guys trying to log into our router shows that it is probably connected to VM employees. I suppose it's maybe better to report it to the police.


You could try reporting the attempted fraud here: http://www.actionfraud.police.uk/




It's What I Do.
I Drink and I
Remember Things.
  • 1.69K
  • 63
  • 268
shanematthews
Knows their stuff
500 Views
Message 5 of 13
Flag for a moderator

Re: Teamviewer scam phonecall


mrpras wrote:

True enough, I thought maybe VM would want to chase this as it's their customers being shizzled. The appearance of the car outside with the two guys trying to log into our router shows that it is probably connected to VM employees. I suppose it's maybe better to report it to the police.


What evidence do you have that these things are connected, its not like the router logs show failed access attempts, the indian tech support scam is a fairly old one and you can find a number of youtube videos where people waste the scammers time

0 Kudos
  • 6
  • 0
  • 0
mrpras
Tuning in
479 Views
Message 6 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

I don't have evidence other than if that registration turns out to be a local VM engineer for example then it would show a link. I was suspicious because the street was empty and these two guys sat right outside our house for 1 hour or so, on their phones - and clearly reacted when I turned the router off, or on for example. Also the router was oddly going through resets and updates that I wasn't initiating (one or two can happen but over and over was odd.

I'm not sure why you're so sure the Router doesn't show failed access attempts, but thanks for the tip - I went and checked my router status logs - here they are. It mentions a failed s/w upgrade, the router reset itself several times while those guys were outside (with green lights and also white. Since the people on the phone had also access to the Router (my dad gave them the admin password for it) - I'm just trying to be cautious.

We don't all have the luxury of thorough knowledge of VM's routers and potential scamming practices so please forgive my ignorance on the subject. I realise it could be total coincidence but the street was totally empty and it really is very odd that some indian guys are sitting directly outside the house with the car on - just sitting there for an hour before leaving.

This is everything that was in the log - whatever it is, it's perfectly coinciding with their visit (time-wise). Again, could be coincidence but I'm fairly confident those guys had some connection to the scam. But hey, luckily for me I don't have to prove it and I'm not a private detective. 

Anyway, the admin and wifi passwords are changed now - so it's finished. My computer has been scanned for activity and luckily we stopped our bank accounts getting cleaned or whatever they were planning. Thanks for your input.

2017-08-04 16:32:30.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:32:31.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:32:47.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:32:54.0067070100DBC-ACK not received;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:01.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:03.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:33.0067070100DBC-ACK not received;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:41.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:43.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:33:55.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:34:01.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:34:07.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:34:41.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:34:49.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:34:50.0082000200No Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:35:11.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:36:21.0069010200SW Download INIT - Via Config file
2017-08-04 16:36:27.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
2017-08-04 16:42:07.0069010800SW upgrade Failed after download - SW File corruption
2017-08-04 16:42:16.0084020200Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
0 Kudos
  • 1.69K
  • 63
  • 268
shanematthews
Knows their stuff
455 Views
Message 7 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

The upgrade errors are normal, mines shows it, just means the file it downloaded from the CMTS wasn't valid and failed to be installed, can happen for any number of reasons, now, its not going to be VM staff, they have no need to scam you they get paid to install it, you can't install a VM firmware update via the admin page anyway so the tinfoil is a bit un-needed, even with the admin password to the hub they still need the wifi password to even try to connect and anything they can change via that page can be undone with a simple factory reset on the hub anyway, if anything they will have just been scanning the local area for VM named SSID's and then using any of the public lists of names and phone numbers to try and perform the standard scam of trying to bill you for tech support you don't actually need

0 Kudos
  • 6
  • 0
  • 0
mrpras
Tuning in
450 Views
Message 8 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

I assumed they would have the wifi password (it was the default). Still, good to know that it probably wasn't what I thought. Thanks for the info! Although, having just been a potential victim of a scam it's hardly "tinfoil" to be suspicious.

0 Kudos
  • 2.49K
  • 195
  • 769
Dave_cq
Problem sorter
434 Views
Message 9 of 13
Flag for a moderator

Re: Teamviewer scam phonecall


mrpras wrote:

I don't have evidence other than if that registration turns out to be a local VM engineer for example then it would show a link. I was suspicious because the street was empty and these two guys sat right outside our house for 1 hour or so, on their phones - and clearly reacted when I turned the router off, or on for example. 

 

Does your dad have a Hub3?  If so it may be broadcasting a VM public WiFi hotspot which the Indian gentlemen were making perfectly legitimate use of.  They would react when you turned the hub off because the hotspot would disappear too.

 

 

********** SuperHub 2ac - Asus rt-ac68u Router - 70Mbit Service ***********

Electron
0 Kudos
  • 6
  • 0
  • 0
mrpras
Tuning in
414 Views
Message 10 of 13
Flag for a moderator

Re: Teamviewer scam phonecall

Thanks for your input, I had the same thought but the public Guest wifi was disabled.

0 Kudos